Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 15-02-2017 02 Uruchomiony przez oem2 (27-02-2017 12:36:40) Run:1 Uruchomiony z C:\Users\oem2\Downloads Załadowane profile: oem2 (Dostępne profile: oem2) Tryb startu: Safe Mode (minimal) ============================================== fixlist - zawartość: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-02-16] () [Brak podpisu cyfrowego] <==== UWAGA S2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-16] () R2 MaohaWifiSvr; C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe [168992 2016-11-26] (深圳市猫哈网络科技发展有限公司) R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [597208 2017-02-14] () R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-02-16] (WinMount International Inc) R1 MaohaWifiNetPro; C:\Program Files (x86)\Maoha\MaohaAP\MaoHaWiFiNet64.sys [1030496 2016-11-26] () S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA S3 PCDSRVC{9D5F6500-B9473007-06020200}_0; \??\c:\pcdoctor_depot_tools\pcdr\pcdsrvc_x64.pkms [X] ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-16] () Task: {0BD5E646-A1C0-44A0-918F-7BAB81AF61AC} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-14] (UCWeb Inc) <==== UWAGA Task: {35B25727-64E1-4C9A-8FAE-E215BAD1244C} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-16] (UC Web Inc.) <==== UWAGA Task: {BE9B6F53-1C10-4B66-B8DC-D06DADBBBDF7} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\oem2\AppData\Roaming\Adobe\Manager.exe [2017-02-16] () Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA GroupPolicy: Ograniczenia - Chrome <======= UWAGA WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA ShortcutWithArgument: C:\Users\oem2\Desktop\Osoba 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\oem2\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\oem2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\oem2\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\oem2\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\oem2\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\oem2\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ FirewallRules: [{E552ADB6-A876-4068-A7E5-0E9B612C06F5}] => (Allow) C:\Users\oem2\AppData\Local\Temp\is-O4GBJ.tmp\download\MiniThunderPlatform.exe FirewallRules: [{011B0C5F-5FC5-4746-BA50-365619B76B1C}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{121ECCD0-2462-4375-BD86-CF82D608CAE5}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{7D451836-7630-4E71-B5B7-7FF7E6AFB91A}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{B4795632-88D2-4A54-A5E0-EAF14983B2F7}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444] AlternateDataStreams: C:\Windows\system32\drivers:x64 [371912] AlternateDataStreams: C:\Windows\system32\drivers:x86 [1213218] Folder: C:\Users\oem2\AppData\Roaming\Adobe Folder: C:\Users\Public\Documents\AdobeGC C:\autoexec.bat C:\Program Files\żěŃą C:\Program Files (x86)\Maoha C:\Program Files (x86)\PubHotspot C:\Program Files (x86)\Rewity C:\Program Files (x86)\UCBrowser C:\ProgramData\service.exe C:\ProgramData\IObit C:\ProgramData\ProductData C:\ProgramData\Thunder Network C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\oem2\AppData\Local\Himergh C:\Users\oem2\AppData\Local\svchost C:\Users\oem2\AppData\Local\UCBrowser C:\Users\oem2\AppData\LocalLow\IObit C:\Users\oem2\AppData\Roaming\Adobe\Manager.exe C:\Users\oem2\AppData\Roaming\IObit C:\Users\oem2\AppData\Roaming\KuaiZip C:\Users\oem2\AppData\Roaming\Softlink C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器 (2).lnk C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器.lnk C:\Users\oem2\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk C:\Users\oem2\Desktop\MaohaWiFi.lnk C:\Users\oem2\Desktop\żěŃą.lnk C:\Users\oem2\Downloads\*-dp*.exe C:\Users\oem2\Downloads\SpyHunter-Installer.exe C:\Users\Public\Thunder Network C:\Users\Public\Documents\AdobeGC C:\Windows\IObit C:\Windows\system32\Drivers\KuaiZipDrive.sys EmptyTemp: ***************** Procesy zostały pomyślnie zamknięte. C:\Windows\explorer.exe => Nie można zamknąć procesu HKLM\System\CurrentControlSet\Services\GoogleChromeUpService => klucz pomyślnie usunięto GoogleChromeUpService => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\KuaizipUpdateChecker => klucz pomyślnie usunięto KuaizipUpdateChecker => serwis pomyślnie usunięto MaohaWifiSvr => serwis nie znaleziono. HKLM\System\CurrentControlSet\Services\UCBrowserSvc => klucz pomyślnie usunięto UCBrowserSvc => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\KuaiZipDrive => klucz pomyślnie usunięto KuaiZipDrive => serwis pomyślnie usunięto MaohaWifiNetPro => serwis nie znaleziono. HKLM\System\CurrentControlSet\Services\ucdrv => klucz pomyślnie usunięto ucdrv => serwis pomyślnie usunięto HKLM\System\CurrentControlSet\Services\PCDSRVC{9D5F6500-B9473007-06020200}_0 => klucz pomyślnie usunięto PCDSRVC{9D5F6500-B9473007-06020200}_0 => serwis pomyślnie usunięto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => klucz pomyślnie usunięto HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BD5E646-A1C0-44A0-918F-7BAB81AF61AC} => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. C:\Windows\System32\Tasks\UCBrowserUpdaterCore => nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35B25727-64E1-4C9A-8FAE-E215BAD1244C} => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. C:\Windows\System32\Tasks\UCBrowserSecureUpdater => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE9B6F53-1C10-4B66-B8DC-D06DADBBBDF7} => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9B6F53-1C10-4B66-B8DC-D06DADBBBDF7} => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\Manager => pomyślnie przeniesiono HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager => niepowodzenie przy usuwaniu klucz. Odmowa dostępu. C:\Windows\Tasks\UCBrowserUpdaterCore.job => nie znaleziono. C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA => pomyślnie usunięto C:\Users\oem2\Desktop\Osoba 1 - Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\oem2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Skrót - argument pomyślnie usunięto. C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Skrót - argument pomyślnie usunięto. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. C:\Users\Public\Desktop\Google Chrome.lnk => Skrót - argument pomyślnie usunięto. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E552ADB6-A876-4068-A7E5-0E9B612C06F5} => Wartość pomyślnie usunięto HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{011B0C5F-5FC5-4746-BA50-365619B76B1C} => Wartość pomyślnie usunięto HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{121ECCD0-2462-4375-BD86-CF82D608CAE5} => Wartość pomyślnie usunięto HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D451836-7630-4E71-B5B7-7FF7E6AFB91A} => Wartość pomyślnie usunięto HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4795632-88D2-4A54-A5E0-EAF14983B2F7} => Wartość nie znaleziono. HKLM\SOFTWARE\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\MozillaPlugins => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\Mozilla => klucz pomyślnie usunięto HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => klucz pomyślnie usunięto C:\Windows\system32\drivers => ":ucdrv-x64.sys" ADS pomyślnie usunięto. C:\Windows\system32\drivers => ":x64" ADS pomyślnie usunięto. C:\Windows\system32\drivers => ":x86" ADS pomyślnie usunięto. ========================= Folder: C:\Users\oem2\AppData\Roaming\Adobe ======================== 2017-02-16 10:46 - 2017-02-16 10:46 - 0073216 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Manager.exe 2016-09-26 13:14 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat 2016-09-26 13:14 - 2016-10-03 12:51 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC 2016-10-03 12:51 - 2016-12-15 12:53 - 0000036 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav 2016-10-03 12:51 - 2016-12-15 12:53 - 0000054 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Collab 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Forms 2016-09-26 13:15 - 2017-02-16 10:50 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\JSCache 2016-10-03 12:51 - 2016-10-03 12:51 - 0000022 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData 2017-02-16 10:50 - 2017-02-16 10:50 - 0000024 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings 2016-09-26 13:16 - 2016-11-23 12:40 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Preferences 2016-11-23 12:40 - 2016-11-24 15:10 - 0000144 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Preferences\WebCaptr.prefs 2016-09-26 13:15 - 2016-10-03 12:51 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security 2016-09-26 13:15 - 2016-09-26 13:15 - 0007901 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata 2016-10-03 12:51 - 2016-10-03 12:51 - 0000579 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security\security-policy.acrodata 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache 2016-09-26 13:15 - 2017-02-16 10:08 - 0000637 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl 2016-09-26 13:15 - 2017-02-16 10:08 - 0000425 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\Sequences 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\UICustomization 2016-09-26 13:15 - 2016-09-27 10:43 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\UserPrefs 2016-09-26 13:15 - 2017-02-16 10:08 - 0001703 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\UserPrefs\UserPrefs_Acrobat.txt 2016-09-27 10:43 - 2017-02-16 10:08 - 0004165 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\DC\UserPrefs\ValidPrefValue_Acrobat.txt 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Preferences 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Preferences\Cache 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\Settings 2017-01-13 09:16 - 2017-01-13 09:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PCD 2017-01-13 09:16 - 2017-01-13 09:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PCD\cache 2017-01-13 09:16 - 2017-01-13 09:16 - 0000112 ____H () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PCD\cache\A379E8BEB34D 2017-01-13 09:16 - 2017-01-13 09:16 - 0000040 ____H () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PCD\cache\E16099B5699B 2016-09-26 13:14 - 2016-09-26 13:14 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF 2016-09-26 13:14 - 2016-09-26 13:14 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller 2016-09-26 13:14 - 2016-09-26 13:14 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller\Data 2016-09-26 13:14 - 2015-03-17 00:34 - 0000994 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller\Data\epilogue.ps 2016-09-26 13:14 - 2015-03-17 00:34 - 0001025 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller\Data\prologue.ps 2016-09-26 13:14 - 2016-09-26 13:14 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller\Startup 2016-09-26 13:14 - 2015-03-17 00:34 - 0001698 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Distiller\Startup\example.ps 2016-09-26 13:14 - 2016-09-26 13:14 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Adobe PDF\Settings 2016-09-26 13:00 - 2016-09-26 13:00 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CCX Welcome 2016-09-26 13:00 - 2017-02-16 11:29 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CCX Welcome\data 2017-02-16 11:29 - 2017-02-16 11:29 - 0000198 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CCX Welcome\data\map.json 2016-09-26 13:00 - 2017-02-16 11:29 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CCX Welcome\stock 2017-02-16 11:29 - 2017-02-16 11:29 - 0000208 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CCX Welcome\stock\map.json 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Color 2016-09-26 13:00 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync 2016-09-26 13:15 - 2017-01-12 11:29 - 0017408 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\8399788c12c8c515edc5ce5baf251f07.db 2016-09-26 13:15 - 2017-02-16 11:29 - 0032768 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\8399788c12c8c515edc5ce5baf251f07.db-shm 2016-09-26 13:15 - 2017-02-16 13:28 - 1049080 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\8399788c12c8c515edc5ce5baf251f07.db-wal 2016-09-26 13:00 - 2017-02-16 11:29 - 0000599 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\ACSLEng.cfg 2016-09-26 13:00 - 2016-09-26 13:00 - 0008192 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\coresync.db 2016-09-26 13:00 - 2017-02-16 07:32 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\GUDE 2017-02-14 08:41 - 2017-02-15 13:55 - 0000044 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\GUDE\gude-2017-02-14.log 2017-02-16 07:32 - 2017-02-16 11:29 - 0000176 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\GUDE\gude-2017-02-16.log 2016-09-26 13:00 - 2016-09-26 13:00 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins 2016-09-26 13:00 - 2016-09-26 13:00 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins\livetype 2016-09-26 13:00 - 2017-02-16 13:40 - 0000000 ___HD () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c 2017-02-16 11:58 - 2017-02-16 13:40 - 0000000 _____ () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c\entitlements-downloading.xml 2016-09-26 13:00 - 2016-09-26 13:00 - 0000000 ___HD () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins\livetype\e 2016-09-26 13:00 - 2016-09-26 13:00 - 0000000 ___HD () C:\Users\oem2\AppData\Roaming\Adobe\CoreSync\plugins\livetype\r 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries 2016-09-26 13:15 - 2017-02-16 11:29 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS 2017-02-16 11:29 - 2017-02-16 11:29 - 0000479 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\librarylookupfile 2017-02-16 11:29 - 2017-02-16 11:29 - 0000169 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\settings.json 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID 2016-09-26 13:15 - 2017-02-16 11:29 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud 2017-02-16 11:29 - 2017-02-16 11:29 - 0000021 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\bookmarks.json 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\dcx 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\dcx\4ae184b5-50f3-42c7-9c97-b5da8b6f39b5 2016-09-26 13:15 - 2016-09-26 13:15 - 0000618 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\dcx\4ae184b5-50f3-42c7-9c97-b5da8b6f39b5\manifest 2016-09-26 13:15 - 2016-09-26 13:15 - 0000618 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\dcx\4ae184b5-50f3-42c7-9c97-b5da8b6f39b5\manifest.base 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\renditions 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\renditions\4ae184b5-50f3-42c7-9c97-b5da8b6f39b5 2016-09-26 13:15 - 2016-09-26 13:15 - 0000022 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Creative Cloud Libraries\LIBS\814549B657E90BE27F000101_AdobeID\creative_cloud\renditions\4ae184b5-50f3-42c7-9c97-b5da8b6f39b5\cache.json 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC\EM Store 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC\EM Store\Shared 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC\EM Store\Virtual Product 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC\Log 2016-10-04 11:16 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Extension Manager CC\Temp 2016-06-16 15:31 - 2016-06-16 17:45 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player 2016-06-16 17:45 - 2016-06-16 17:45 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache 2016-06-16 17:45 - 2016-12-15 13:07 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE 2016-12-15 13:07 - 2016-12-15 13:29 - 0000148 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.heu 2016-12-15 13:07 - 2016-12-15 13:07 - 0482555 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.swz 2016-12-15 13:07 - 2016-12-15 13:29 - 0000148 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\8F903698240FE799F61EEDA8595181137B996156.heu 2016-12-15 13:07 - 2016-12-15 13:07 - 0186404 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\8F903698240FE799F61EEDA8595181137B996156.swz 2016-12-15 13:07 - 2016-12-15 13:29 - 0000148 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\98EECA3E014A0FA3C4C613006BDCEA12DA3BEACE.heu 2016-12-15 13:07 - 2016-12-15 13:07 - 0132753 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\98EECA3E014A0FA3C4C613006BDCEA12DA3BEACE.swz 2016-12-15 13:07 - 2016-12-15 13:29 - 0000148 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\ABD49354324081CEBB8F60184CF5FEE81F0F9298.heu 2016-12-15 13:07 - 2016-12-15 13:07 - 0327044 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\ABD49354324081CEBB8F60184CF5FEE81F0F9298.swz 2016-12-15 13:07 - 2016-12-15 13:07 - 0000008 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\cacheSize.txt 2016-12-15 13:07 - 2016-12-15 13:29 - 0000148 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\D888AEE0CE49F58A35C32EB138EDD00F0D6B9FAE.heu 2016-12-15 13:07 - 2016-12-15 13:07 - 0322020 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\AssetCache\LA3UHMTE\D888AEE0CE49F58A35C32EB138EDD00F0D6B9FAE.swz 2016-06-16 15:31 - 2016-10-04 11:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\NativeCache 2016-10-04 11:16 - 2017-02-17 07:29 - 0000000 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\LogTransport2CC 2016-09-26 13:15 - 2017-02-16 10:09 - 0000123 _____ () C:\Users\oem2\AppData\Roaming\Adobe\LogTransport2CC\LogTransport2.cfg 2016-09-26 13:15 - 2017-02-16 10:50 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\LogTransport2CC\Logs 2017-02-16 10:08 - 2017-02-16 10:50 - 0038203 _____ () C:\Users\oem2\AppData\Roaming\Adobe\LogTransport2CC\Logs\ulog_DC_ACROBAT_814549B657E90BE27F000101@AdobeID_ad1c932f-0a1f-4b9b-b8af-42cb7d20b0a4_0.rdy 2016-09-27 10:50 - 2016-09-27 10:50 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\LogTransport2CC\Logs\PreRelease 2017-01-13 09:16 - 2017-01-13 09:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\OOBE 2017-01-13 09:16 - 2017-02-16 11:29 - 0000536 _____ () C:\Users\oem2\AppData\Roaming\Adobe\OOBE\_LicenseAgreement.xml 2016-09-26 13:15 - 2016-09-27 10:49 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer 2016-09-27 10:49 - 2017-02-16 10:50 - 0000354 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\RTTransfer.config 2016-09-26 13:15 - 2017-02-16 10:08 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Filters 2016-09-26 13:15 - 2016-09-26 13:15 - 0000155 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Filters\DC_ACROBAT_15.17.20050.filters 2016-09-27 10:43 - 2016-09-27 10:43 - 0000155 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Filters\DC_ACROBAT_15.17.20053.filters 2017-02-16 10:08 - 2017-02-16 10:08 - 0000155 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Filters\DC_ACROBAT_15.23.20056.filters 2016-09-26 13:15 - 2017-02-16 10:50 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Logs 2016-09-27 10:49 - 2016-09-27 10:50 - 0003072 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Logs\DC_ACROBAT_15.17.20053.db 2017-02-16 10:50 - 2017-02-16 10:50 - 0003072 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Logs\DC_ACROBAT_15.23.20056.db 2016-09-26 13:15 - 2017-02-16 10:50 - 0003072 _____ () C:\Users\oem2\AppData\Roaming\Adobe\RTTransfer\Logs\RTCommon.db 2017-01-13 09:16 - 2017-01-13 09:16 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\SLData 2017-01-13 09:16 - 2017-02-16 10:08 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache 2017-01-13 09:16 - 2017-02-16 11:29 - 0000540 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache\OTc4MDg3NTcxQ0RBNjVCNzA4QjQ2ODQ0RjI5QjkxNkIxRDM3Q0I2NjhBRUFGMzM2QUUwQjhGRDJFMUFENjcwQg==.slc 2017-02-16 10:08 - 2017-02-16 10:08 - 0001894 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache\OTcwNzg3MDc4NTE2NDU4MjcyODQ0MjEz.slc 2017-02-16 10:08 - 2017-02-16 10:08 - 0000297 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache\QUNDRVNTX0NIRUNL.slc 2017-01-13 09:16 - 2017-02-16 11:29 - 0000327 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache\TXVsdGlVc2Vy.slc 2017-02-16 10:08 - 2017-02-16 10:08 - 0000577 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLCache\Vjd7fUFjcm9iYXRDb250LTEyLVdpbi1HTXt8fUFMTA==.slc 2017-01-13 09:16 - 2017-02-16 11:29 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLStore 2017-01-13 09:16 - 2017-02-16 11:29 - 0000112 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLStore\40E8E13882BF 2017-01-13 09:16 - 2017-01-13 09:16 - 0000020 ____H () C:\Users\oem2\AppData\Roaming\Adobe\SLData\SLStore\57E6FA3893BF 2016-09-26 13:15 - 2016-09-26 13:15 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Sonar 2016-09-26 13:15 - 2017-02-16 10:08 - 0000000 ____D () C:\Users\oem2\AppData\Roaming\Adobe\Sonar\SonarCC 2016-09-26 13:15 - 2016-09-26 13:15 - 0000583 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Sonar\SonarCC\DC_ACROBAT_15.17.20050.xml 2016-09-27 10:43 - 2016-09-27 10:49 - 0000581 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Sonar\SonarCC\DC_ACROBAT_15.17.20053.xml 2017-02-16 10:08 - 2017-02-16 10:50 - 0000583 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Sonar\SonarCC\DC_ACROBAT_15.23.20056.xml 2016-09-27 10:50 - 2017-02-16 10:09 - 0036604 _____ () C:\Users\oem2\AppData\Roaming\Adobe\Sonar\SonarCC\sonar_policy.xml ====== Koniec Folder: ====== ========================= Folder: C:\Users\Public\Documents\AdobeGC ======================== 2017-02-27 12:33 - 2017-02-27 12:33 - 0000330 _____ () C:\Users\Public\Documents\AdobeGC\adobegc_a04516 ====== Koniec Folder: ====== C:\autoexec.bat => pomyślnie przeniesiono C:\Program Files\żěŃą => pomyślnie przeniesiono "C:\Program Files (x86)\Maoha" => nie znaleziono. C:\Program Files (x86)\PubHotspot => pomyślnie przeniesiono C:\Program Files (x86)\Rewity => pomyślnie przeniesiono C:\Program Files (x86)\UCBrowser => pomyślnie przeniesiono C:\ProgramData\service.exe => pomyślnie przeniesiono C:\ProgramData\IObit => pomyślnie przeniesiono C:\ProgramData\ProductData => pomyślnie przeniesiono C:\ProgramData\Thunder Network => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses => pomyślnie przeniesiono "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi" => nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 => pomyślnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk => pomyślnie przeniesiono C:\Users\oem2\AppData\Local\Himergh => pomyślnie przeniesiono C:\Users\oem2\AppData\Local\svchost => pomyślnie przeniesiono C:\Users\oem2\AppData\Local\UCBrowser => pomyślnie przeniesiono C:\Users\oem2\AppData\LocalLow\IObit => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\Adobe\Manager.exe => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\IObit => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\KuaiZip => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\Softlink => pomyślnie przeniesiono "C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk" => nie znaleziono. C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器 (2).lnk => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器.lnk => pomyślnie przeniesiono C:\Users\oem2\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk => pomyślnie przeniesiono "C:\Users\oem2\Desktop\MaohaWiFi.lnk" => nie znaleziono. C:\Users\oem2\Desktop\żěŃą.lnk => pomyślnie przeniesiono =========== "C:\Users\oem2\Downloads\*-dp*.exe" ========== C:\Users\oem2\Downloads\Media-Player-Classic-Home-Cinema-12469-dp.exe => pomyślnie przeniesiono C:\Users\oem2\Downloads\SMPlayer-13051-dp.exe => pomyślnie przeniesiono ========= Koniec -> "C:\Users\oem2\Downloads\*-dp*.exe" ======== "C:\Users\oem2\Downloads\SpyHunter-Installer.exe" => nie znaleziono. C:\Users\Public\Thunder Network => pomyślnie przeniesiono C:\Users\Public\Documents\AdobeGC => pomyślnie przeniesiono C:\Windows\IObit => pomyślnie przeniesiono C:\Windows\system32\Drivers\KuaiZipDrive.sys => pomyślnie przeniesiono =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34535381 B Java, Flash, Steam htmlcache => 708 B Windows/system/drivers => 36724669 B Edge => 0 B Chrome => 558530476 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 6227 B NetworkService => 446334 B oem2 => 394475549 B RecycleBin => 24731887 B EmptyTemp: => 1000.8 MB danych tymczasowych Usunięto. ================================ Rezultat przenoszenia plików przy restarcie (Tryb startu: Normal) (Data i godzina: 27-02-2017 12:37:52) Rezultat usuwania kluczy przy restarcie: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BD5E646-A1C0-44A0-918F-7BAB81AF61AC} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35B25727-64E1-4C9A-8FAE-E215BAD1244C} => klucz nie znaleziono. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE9B6F53-1C10-4B66-B8DC-D06DADBBBDF7} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9B6F53-1C10-4B66-B8DC-D06DADBBBDF7} => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager => klucz pomyślnie usunięto ==== Koniec Fixlog 12:37:53 ====