Spomaleny notebook Lenovo

[valachmar]

Dobry den.
Prosim o kontrolu notebooku, je strasne spomaleny v podstate od zakupenia v Alze pred pol rokom.
Dakujem.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by risos (24-01-2019 14:00:32)
Running from C:\Users\risos\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-07-23 19:27:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1861439330-3910277769-2388807214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1861439330-3910277769-2388807214-503 - Limited - Disabled)
Guest (S-1-5-21-1861439330-3910277769-2388807214-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1861439330-3910277769-2388807214-1003 - Limited - Enabled)
risos (S-1-5-21-1861439330-3910277769-2388807214-1001 - Administrator - Enabled) => C:\Users\risos
WDAGUtilityAccount (S-1-5-21-1861439330-3910277769-2388807214-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Ultimate 10 (64-bit) (HKLM\...\{F1BD782B-A54A-4BC1-9A4E-CF64CFF019BD}) (Version: 10.2.0.878 - ACD Systems International Inc.)
Adobe Reader X (10.1.16) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.252 - Alps Electric)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 4.08 - NCH Software)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{CFA33E6D-2D7D-4785-8025-974398E940D1}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
F4200 (HKLM-x32\...\{C86E1E36-6D30-4834-9C85-5501F31F7BB4}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10250 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.68.3 - ELAN Microelectronic Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\dda9ca0b023f4c56) (Version: 1.6.5.3 - Lenovo)
Lenovo Solution Center (HKLM\...\{87A2CDA6-F4D4-4357-B443-151CC35FA31A}) (Version: 3.4.002.006 - Lenovo)
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0074 - Lenovo)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted) (Version: - )
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Portal 2 1.00 (HKLM-x32\...\Portal 2 1.00) (Version: - )
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.16291 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
Trackmania Turbo (HKLM-x32\...\Uplay Install 2070) (Version: - Ubisoft)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 4.2.3 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F494887-262B-4329-B112-AD47FB37E19F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2018-10-22] ()
Task: {1063805B-0A9F-41D6-9335-EDC0C3EDD80E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {1D32C074-16A1-439E-AA72-F9E01C49E354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {21E3ED8B-BE26-439C-B702-A693E37DAD82} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1861439330-3910277769-2388807214-1001 -> No File <==== ATTENTION
Task: {3A510C20-9211-438A-8CFC-D420FF37D5C7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-12-02] (Lenovo)
Task: {3C1B7817-5979-4530-AD18-D31324070B02} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-12-07] ()
Task: {3CFC4D32-B4CE-48AE-ABA2-370AD00FA544} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {4D496176-E624-40B3-B89F-63705241BA8E} - System32\Tasks\{E35E0621-837C-4DAF-8D52-07217A5C2066} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gtasa120cz.exe" -d "C:\Program Files (x86)\Rockstar Games\GTA San Andreas"
Task: {4F8B3756-12C8-43E6-B9FD-A0C13A3C02D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {546D6F1C-8207-43EA-9938-6C2347CAAC6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {998B88C3-0C69-459F-9ED3-009F4CCFFD51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ADA00DF7-F947-4556-9754-9160C1486FF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {AF0E4ADB-1759-4C21-92FA-C678C4AFD22C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B9D71E92-84AA-4398-A184-FC8656CB04DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation)
Task: {D0A97E3F-7FA3-40ED-96A3-0B8F324982CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation)
Task: {D401B668-A3B1-474F-B982-2441E1DF48A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-12] (Microsoft Corporation)
Task: {F2F6EC2C-CD55-451A-A4EA-93A7EFD81D41} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2018-10-22] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\risos\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2018-11-19 14:25 - 2018-10-22 19:38 - 000023880 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-06-12 00:56 - 2017-06-12 00:56 - 000401848 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 15:35 - 2018-11-09 03:17 - 002759680 ____C () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-10 14:46 - 2019-01-01 07:42 - 002185728 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-16 15:12 - 2018-10-16 15:13 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-23 14:59 - 2019-01-23 14:59 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-23 14:59 - 2019-01-23 14:59 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-23 14:59 - 2019-01-23 14:59 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-23 14:59 - 2019-01-23 14:59 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-18 23:26 - 2018-07-18 23:27 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2019-01-23 14:59 - 2019-01-23 14:59 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-12 14:01 - 2017-09-19 13:19 - 000733864 _____ () C:\Program Files (x86)\Wise\Wise Folder Hider\WFHChecker.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-12 16:40 - 2016-12-12 16:36 - 000000824 ____C C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\risos\AppData\Roaming\ACD Systems\ACDSee\ACD pozadí plochy.bmp
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "ACUW10EN"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "RtsFT"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "ACDSeeCommanderUltimate10"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C58D1BF-56EE-4856-A6C2-27E8B68A49ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{40ED65A9-8EEE-4104-BB9B-C2CB764B2B70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{5E0810B2-DF06-4A2B-97F5-938730DFC28C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{CD81C23C-4015-409A-A75C-2F900DC4AF86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [UDP Query User{0CAFD5D3-6774-420F-9EAC-0355847E05DA}C:\users\risos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\risos\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [TCP Query User{E3DE3778-32DB-4381-A872-8A51FB9E88CD}C:\users\risos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\risos\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{EE24E13D-B39A-4E95-978A-5282E94D4D7F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard)
FirewallRules: [{1C7A8890-93B8-41FB-B573-15369E830D98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett-Packard Co.)
FirewallRules: [{6326C32B-36E7-4EAD-A959-EC425625C523}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett-Packard Co.)
FirewallRules: [{9DD8310D-180B-401A-A3CC-715833C73084}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{D4BA218F-955D-4547-8023-ED6286AFB6CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{F51EB371-A520-437E-B346-52D37D05A0CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard Co.)
FirewallRules: [{00A7C4FD-00DB-48BE-AD1A-B70E4320232B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett-Packard Co.)
FirewallRules: [{2EFFCEF5-3A10-4771-8601-76A4DE9631A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.)
FirewallRules: [{F3645E1A-D313-4D19-8917-F9E825EF3775}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard Co.)
FirewallRules: [{9E4BAE17-92F7-4BB6-9D58-B870E0FEE5B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.)
FirewallRules: [{380048D9-5254-4234-9F41-5981CADCB0E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
FirewallRules: [{6FCEF030-97AD-4B6E-8285-2A94A1D96EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
FirewallRules: [{FF08FD2A-274F-449E-9080-65CAF11FD279}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao)
FirewallRules: [{5E0CF8C6-779B-4CBC-953C-E006731CBD00}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe (Kakao)
FirewallRules: [{488533FB-84D3-48DE-A88D-FB8BF5AAB7B8}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{AA0AAEBB-8DAF-4B40-A62A-814795E01630}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{79B9401C-68AE-40A2-9C1E-0FEEE106FB4B}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{BD4DD534-35EA-4DDB-895A-0DE60C216237}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{B8C98AA9-22D6-4752-8203-5643D059FF99}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [{845116AE-B6E1-4F7F-8BE4-2D3F7337BF6C}] => (Allow) C:\Users\risos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
FirewallRules: [TCP Query User{8334F272-BEAE-4F6D-A2D1-59ACE95ABF74}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe ()
FirewallRules: [UDP Query User{203E869E-86E0-4B93-A340-89326AF11458}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe ()
FirewallRules: [TCP Query User{D6FFC764-8746-4915-A418-09A939C551CE}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe ()
FirewallRules: [UDP Query User{E73BF11B-A12C-4568-8FF4-AA64C86CE772}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe ()
FirewallRules: [{9E3F4BD7-BCF6-4EC7-82D1-B68C43B8E1BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{4DC20C60-25C3-4C01-A1DF-787497ED5CB7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{4765E79D-E60D-46A5-92D6-EACC954D487A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{6272FCBB-B805-4A68-B9F5-D10E8C303B63}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{AA9D4E0F-A917-4DC4-8C31-7AAAEE95A999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe ()
FirewallRules: [{C176D111-A2B9-43D8-BE4D-8AF898793DB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe ()
FirewallRules: [{10B9CBFD-A5CF-4DC5-A5DC-0D2C36FE31D8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ()
FirewallRules: [{AB3BAA0E-BF17-47EC-BCB8-8F0C11774E22}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe ()
FirewallRules: [{5DE03D51-1264-449C-9A9B-908EB85B1B8C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{1599AB85-B97E-4217-8E69-99E2B248724E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{A02828D2-8E92-4E2F-80F7-842A1E42A723}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{483B3DB4-E167-46D2-89B3-A2621061F83C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{D64E9C60-E897-4D7A-A77B-990E0942C9F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

11-12-2018 14:04:26 Windows Modules Installer
08-01-2019 16:48:38 Windows Update
21-01-2019 13:54:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2019 03:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeApp.exe, version: 8.37.0.98, time stamp: 0x5c3fc117
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0xf28
Faulting application start time: 0x01d4b323f28ce584
Faulting application path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 71409a90-0d7a-4953-9a89-e806d1ff9c6a
Faulting package full name: Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c
Faulting package-relative application ID: App

Error: (01/22/2019 04:51:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDSeeUltimate10.exe, version: 10.2.0.878, time stamp: 0x5859e04c
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc000041d
Fault offset: 0x0000000000024989
Faulting process id: 0x1638
Faulting application start time: 0x01d4b25ec410c93b
Faulting application path: C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeUltimate10.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3fedc2bd-cd39-4f39-85bd-7260bda3e727
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2019 02:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 10.1.16.13, time stamp: 0x5603fd53
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0xfe852bc4
Exception code: 0xc0000374
Fault offset: 0x000d8499
Faulting process id: 0x1458
Faulting application start time: 0x01d4b2566f5d074f
Faulting application path: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 8f889668-1639-4040-b777-83e2309f74b1
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2019 02:55:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 8.36.0.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1490

Start Time: 01d4a8ea40e19826

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: ebb126d0-aef7-480a-83c4-ba228fca5693

Faulting package full name: Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (01/10/2019 02:39:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PotPlayerMini64.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1878

Start Time: 01d4a8e86478c9f6

Termination Time: 1120

Application Path: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe

Report Id: bda4b94e-0033-4a5a-9162-ade668fece14

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (01/24/2019 01:52:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2019 01:51:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0PNNP6Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-0PNNP6Q\risos SID (S-1-5-21-1861439330-3910277769-2388807214-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2019 01:50:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0PNNP6Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-0PNNP6Q\risos SID (S-1-5-21-1861439330-3910277769-2388807214-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2019 01:49:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2019 01:49:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0PNNP6Q)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-0PNNP6Q\risos SID (S-1-5-21-1861439330-3910277769-2388807214-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2019 01:46:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service.

Error: (01/24/2019 01:46:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2019 05:34:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-01-21 15:55:31.617
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {46415CFE-8481-46F7-84DF-7BFC0AC004B9}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-21 15:39:00.515
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1400D2A2-4C4A-4BB7-95C1-09C3CC3DB9D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-21 15:06:17.844
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4F0566B6-9903-40A7-B579-1B472AB554CA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-14 14:48:35.949
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1F8F9D78-8B50-4AC8-9EEA-813D935CA386}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-08 17:31:10.471
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ECE47A41-B28E-4400-B6FD-76B8736C8C8B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-21 13:56:51.677
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3004.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-01-15 13:55:45.009
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2937.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-19 14:05:48.213
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.178.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-19 14:05:48.210
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.178.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-19 14:05:48.209
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.178.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 65%
Total physical RAM: 4004.01 MB
Available physical RAM: 1362.2 MB
Total Virtual: 10916.01 MB
Available Virtual: 6529.96 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.42 GB) (Free:199.61 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:10.57 GB) NTFS

\\?\Volume{8a212869-9aca-4bf9-a154-743fc0eecfc7}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.62 GB) NTFS
\\?\Volume{6d5df29f-7cbd-4a6b-a793-8a333a7dbd48}\ (PBR_DRV) (Fixed) (Total:15 GB) (Free:5.41 GB) NTFS
\\?\Volume{859f0f78-5976-4a3c-b6aa-af26caff0cc8}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 08B3E82A)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Zdravím!
Toto je pouze log Addition. Ještě potřebuji vidět obsah souboru frst.txt. Je na ploše.

[valachmar]

Aha, ano, sorry

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by risos (administrator) on DESKTOP-0PNNP6Q (24-01-2019 13:57:36)
Running from C:\Users\risos\Desktop
Loaded Profiles: risos (Available Profiles: risos)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Farbar) C:\Users\risos\Desktop\FRST64 (1).exe
() C:\Program Files (x86)\Wise\Wise Folder Hider\WFHChecker.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3742112 2015-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [9308416 2015-06-02] (Realtek semiconductor)
HKLM\...\Run: [ACUW10EN] => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\acdIDInTouch2.exe [2157000 2018-01-08] (ACD Systems)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Run: [Spotify Web Helper] => C:\Users\risos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-30] (Spotify Ltd)
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Run: [Spotify] => C:\Users\risos\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-30] (Spotify Ltd)
HKU\S-1-5-21-1861439330-3910277769-2388807214-1001\...\Run: [ACDSeeCommanderUltimate10] => C:\Program Files\ACD Systems\ACDSee Ultimate\10.0\ACDSeeCommanderUltimate10.exe [3427272 2018-01-08] ()
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-12] (Google Inc.)
Startup: C:\Users\risos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-03]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\risos\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{25111e46-57e3-4b7e-9fd7-3789ae3c87dc}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{49965f8a-6c62-4f1e-b17c-b0c0447eb193}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{92ac0113-b99c-4a0a-b9a8-7d6143a94391}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{e7d06e8b-01da-4d63-a8c2-16b4e369d21c}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default [2019-01-24]
CHR Extension: (Slides) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (YourTemplateFinder ) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeapomnofcbnaoahibkibpcihkgdomm [2018-09-04]
CHR Extension: (Docs) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-14]
CHR Extension: (YouTube) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-23]
CHR Extension: (CzTorrent - 1. CZ Free Torrent Tracker -) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\chalkflaflbkojghgfddnifalamblkkd [2017-12-04]
CHR Extension: (Sheets) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (Save to Facebook) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-09-06]
CHR Extension: (App Search) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddiihmhihkeooidcjnbjdoppoaebkmf [2018-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\risos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [90440 2015-11-08] (Alps Electric Co., Ltd.)
S3 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-07-29] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23880 2018-10-22] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-12] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [30808 2015-07-29] (ELAN Microelectronic Corp.)
S3 ewsercd; C:\WINDOWS\System32\drivers\ewsercd.sys [112896 2015-05-16] (Huawei Technologies Co., Ltd.)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [25248 2015-12-22] (Lenovo Group Limited (R))
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3057920 2015-06-02] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-12] (Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [66128 2018-09-12] (WiseCleaner.com)
S1 MpKsl148a9ec8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2361727E-71BA-4A50-980B-B685A85EC516}\MpKsl148a9ec8.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-24 13:57 - 2019-01-24 13:59 - 000014310 ____C C:\Users\risos\Desktop\FRST.txt
2019-01-22 16:50 - 2019-01-22 16:50 - 001222144 ____C C:\Users\risos\Desktop\RSITx64.exe
2019-01-22 16:48 - 2019-01-22 16:48 - 002428416 ____C (Farbar) C:\Users\risos\Desktop\FRST64 (1).exe
2019-01-21 13:59 - 2019-01-21 13:59 - 006131713 ____C C:\Users\risos\Downloads\Psychopat-wik.mp4
2019-01-14 16:00 - 2019-01-14 16:00 - 000083462 _____ C:\Users\risos\Downloads\Bach, Johann Sebastian (Arr. Raphaelle Zaneboni) - Badinerie aus der h-moll Suite für 4 Flöten (4. Flöte alternativ mit Bass- oder Altflöte) - Blechbläsersortiment Köbl.html
2019-01-14 16:00 - 2019-01-14 16:00 - 000000000 ___DC C:\Users\risos\Downloads\Bach, Johann Sebastian (Arr. Raphaelle Zaneboni) - Badinerie aus der h-moll Suite für 4 Flöten (4. Flöte alternativ mit Bass- oder Altflöte) - Blechbläsersortiment Köbl_files
2019-01-14 13:46 - 2019-01-14 14:07 - 000000000 ___DC C:\Users\risos\Desktop\Ventil povodne
2019-01-12 16:22 - 2019-01-12 16:23 - 000260152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-10 14:47 - 2019-01-01 08:12 - 009084216 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-10 14:47 - 2019-01-01 08:12 - 007520104 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-10 14:47 - 2019-01-01 07:55 - 025856512 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-10 14:47 - 2019-01-01 07:50 - 022715392 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-10 14:47 - 2019-01-01 07:45 - 007573504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-10 14:47 - 2019-01-01 07:42 - 004939776 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-10 14:47 - 2019-01-01 07:37 - 006571584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-10 14:47 - 2019-01-01 07:29 - 022016512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-10 14:47 - 2019-01-01 07:14 - 004514816 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-10 14:46 - 2019-01-01 14:50 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-10 14:46 - 2019-01-01 14:47 - 000225792 ____C (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-10 14:46 - 2019-01-01 14:46 - 012710912 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-10 14:46 - 2019-01-01 14:45 - 000714752 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-10 14:46 - 2019-01-01 14:45 - 000285184 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-10 14:46 - 2019-01-01 14:43 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-10 14:46 - 2019-01-01 14:20 - 011902976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-10 14:46 - 2019-01-01 14:20 - 000165888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-10 14:46 - 2019-01-01 14:18 - 000500736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-10 14:46 - 2019-01-01 14:17 - 000231936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-10 14:46 - 2019-01-01 08:14 - 001221432 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-10 14:46 - 2019-01-01 08:14 - 001063224 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-10 14:46 - 2019-01-01 08:14 - 001029944 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-10 14:46 - 2019-01-01 08:14 - 000566568 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-10 14:46 - 2019-01-01 08:14 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-10 14:46 - 2019-01-01 08:14 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-10 14:46 - 2019-01-01 08:13 - 003292152 ____C (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-10 14:46 - 2019-01-01 08:13 - 001363536 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-10 14:46 - 2019-01-01 08:13 - 000709728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-10 14:46 - 2019-01-01 08:13 - 000436024 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-10 14:46 - 2019-01-01 08:13 - 000170808 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-10 14:46 - 2019-01-01 08:12 - 002765344 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-10 14:46 - 2019-01-01 08:12 - 002465792 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-10 14:46 - 2019-01-01 08:12 - 002421288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-10 14:46 - 2019-01-01 08:12 - 000713272 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-10 14:46 - 2019-01-01 08:12 - 000268304 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-10 14:46 - 2019-01-01 08:12 - 000128824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-10 14:46 - 2019-01-01 08:12 - 000043536 ____C (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-10 14:46 - 2019-01-01 07:50 - 004383744 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-10 14:46 - 2019-01-01 07:48 - 000342528 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-10 14:46 - 2019-01-01 07:48 - 000081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-10 14:46 - 2019-01-01 07:48 - 000079360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-10 14:46 - 2019-01-01 07:47 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-10 14:46 - 2019-01-01 07:47 - 000433152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-10 14:46 - 2019-01-01 07:46 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-10 14:46 - 2019-01-01 07:46 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-10 14:46 - 2019-01-01 07:46 - 000153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-10 14:46 - 2019-01-01 07:45 - 002368512 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-10 14:46 - 2019-01-01 07:45 - 000352768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-10 14:46 - 2019-01-01 07:44 - 001708544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-10 14:46 - 2019-01-01 07:44 - 001549824 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-10 14:46 - 2019-01-01 07:44 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-10 14:46 - 2019-01-01 07:44 - 000662528 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-10 14:46 - 2019-01-01 07:44 - 000456192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-10 14:46 - 2019-01-01 07:43 - 001805312 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-10 14:46 - 2019-01-01 07:42 - 002247680 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-10 14:46 - 2019-01-01 07:42 - 001371136 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-10 14:46 - 2019-01-01 07:42 - 000717312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-10 14:46 - 2019-01-01 07:41 - 001159680 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-10 14:46 - 2019-01-01 07:41 - 000899072 ____C (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-10 14:46 - 2019-01-01 07:41 - 000895488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-10 14:46 - 2019-01-01 07:41 - 000505344 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 002478664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 002253696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 001989040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 000880048 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 000581808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-10 14:46 - 2019-01-01 07:37 - 000381240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-10 14:46 - 2019-01-01 07:22 - 019405312 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-10 14:46 - 2019-01-01 07:17 - 000153088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-10 14:46 - 2019-01-01 07:16 - 005775872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-10 14:46 - 2019-01-01 07:16 - 001361408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-10 14:46 - 2019-01-01 07:16 - 000310272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-10 14:46 - 2019-01-01 07:15 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-10 14:46 - 2019-01-01 07:15 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-10 14:46 - 2019-01-01 07:15 - 000331264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-10 14:46 - 2019-01-01 07:15 - 000317440 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-10 14:46 - 2019-01-01 07:14 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-10 14:46 - 2019-01-01 07:14 - 000330752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-10 14:46 - 2019-01-01 07:13 - 001628160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-10 14:46 - 2019-01-01 07:13 - 000594432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-10 14:46 - 2019-01-01 07:13 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-10 14:46 - 2019-01-01 07:12 - 001036288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-10 14:46 - 2019-01-01 07:12 - 000795648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-10 14:46 - 2019-01-01 07:12 - 000778240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-10 14:46 - 2019-01-01 07:12 - 000516608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-10 14:46 - 2019-01-01 06:23 - 000001310 ____C C:\WINDOWS\system32\tcbres.wim
2019-01-10 14:46 - 2018-12-19 05:49 - 000352768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 16:50 - 2018-12-14 08:29 - 001130760 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-01-08 16:50 - 2018-12-14 08:25 - 001035256 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-08 16:50 - 2018-12-14 08:21 - 001457240 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-08 16:50 - 2018-12-14 08:21 - 001257672 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-08 16:50 - 2018-12-14 08:21 - 001140480 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-08 16:50 - 2018-12-14 08:21 - 001098064 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-01-08 16:50 - 2018-12-14 08:21 - 000982912 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-08 16:50 - 2018-12-14 08:10 - 001295360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-01-08 16:50 - 2018-12-14 08:07 - 000669696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-01-08 16:50 - 2018-12-14 07:55 - 003396608 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-08 16:50 - 2018-12-14 07:55 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-01-08 16:50 - 2018-12-14 07:54 - 006032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-01-08 16:50 - 2018-12-14 07:54 - 001307648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-01-08 16:50 - 2018-12-14 07:52 - 002173440 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-08 16:50 - 2018-12-14 07:52 - 001826816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-01-08 16:50 - 2018-12-14 07:51 - 001551360 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-08 16:50 - 2018-12-14 07:50 - 000776192 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-24 13:57 - 2017-05-16 15:10 - 000000000 ___DC C:\FRST
2019-01-24 13:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-24 13:47 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-24 13:46 - 2017-06-02 22:59 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-01-24 13:46 - 2016-12-14 22:52 - 000000000 _SHDC C:\Users\risos\IntelGraphicsProfiles
2019-01-23 17:35 - 2018-09-04 14:16 - 000000000 ____D C:\Users\risos\AppData\Local\D3DSCache
2019-01-23 17:35 - 2018-07-23 20:24 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DC9E0A3C-3663-4513-A1E6-ACCAE59608A1}
2019-01-23 17:32 - 2018-07-23 19:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-23 15:00 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-22 14:24 - 2016-12-20 23:29 - 000000000 ___DC C:\Program Files (x86)\TeamViewer
2019-01-22 13:22 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-21 13:59 - 2018-07-18 23:20 - 000000000 ____D C:\Program Files\rempl
2019-01-12 16:32 - 2016-12-14 23:06 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-12 16:32 - 2016-12-14 23:06 - 000002271 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-12 16:23 - 2018-07-23 20:24 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2019-01-12 16:23 - 2016-12-24 02:56 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-12 16:21 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-01-12 16:18 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-12 16:18 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-12 16:18 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-12 16:13 - 2018-07-23 20:00 - 000000000 ____D C:\Users\risos
2019-01-10 14:44 - 2016-12-16 17:58 - 000000000 ___DC C:\WINDOWS\system32\MRT
2019-01-10 14:39 - 2016-12-16 17:57 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-10 14:03 - 2018-07-23 20:24 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-10 14:03 - 2018-07-23 20:24 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-10 14:03 - 2018-07-23 20:24 - 000002280 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-08 14:39 - 2016-12-20 23:29 - 000000000 ___DC C:\Users\risos\AppData\Roaming\TeamViewer
2019-01-08 14:39 - 2016-12-15 16:55 - 000000000 ___DC C:\Users\risos\AppData\Roaming\uTorrent
2019-01-08 14:38 - 2018-05-21 13:12 - 000000000 ___DC C:\WINDOWS\Panther
2019-01-08 14:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-08 14:33 - 2018-11-26 16:03 - 000001029 ____C C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2019-01-08 14:25 - 2018-07-23 20:14 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-02 20:41 - 2018-11-19 14:11 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 20:41 - 2018-11-19 14:11 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-23 19:53

==================== End of FRST.txt ============================

[Rudy]

Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[valachmar]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-29-2019
# Duration: 00:00:33
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


AdwCleaner[S01].txt - [1372 octets] - [29/01/2019 16:50:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {1D32C074-16A1-439E-AA72-F9E01C49E354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {21E3ED8B-BE26-439C-B702-A693E37DAD82} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1861439330-3910277769-2388807214-1001 -> No File <==== ATTENTION
Task: {4D496176-E624-40B3-B89F-63705241BA8E} - System32\Tasks\{E35E0621-837C-4DAF-8D52-07217A5C2066} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gtasa120cz.exe" -d "C:\Program Files (x86)\Rockstar Games\GTA San Andreas"
Task: {4F8B3756-12C8-43E6-B9FD-A0C13A3C02D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {998B88C3-0C69-459F-9ED3-009F4CCFFD51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[valachmar]

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by risos (30-01-2019 15:32:33) Run:1
Running from C:\Users\risos\Desktop
Loaded Profiles: risos (Available Profiles: risos)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {1D32C074-16A1-439E-AA72-F9E01C49E354} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {21E3ED8B-BE26-439C-B702-A693E37DAD82} - \Lenovo\Lenovo Service Bridge\S-1-5-21-1861439330-3910277769-2388807214-1001 -> No File <==== ATTENTION
Task: {4D496176-E624-40B3-B89F-63705241BA8E} - System32\Tasks\{E35E0621-837C-4DAF-8D52-07217A5C2066} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gtasa120cz.exe" -d "C:\Program Files (x86)\Rockstar Games\GTA San Andreas"
Task: {4F8B3756-12C8-43E6-B9FD-A0C13A3C02D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-14] (Google Inc.)
Task: {998B88C3-0C69-459F-9ED3-009F4CCFFD51} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D32C074-16A1-439E-AA72-F9E01C49E354}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D32C074-16A1-439E-AA72-F9E01C49E354}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21E3ED8B-BE26-439C-B702-A693E37DAD82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21E3ED8B-BE26-439C-B702-A693E37DAD82}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-1861439330-3910277769-2388807214-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D496176-E624-40B3-B89F-63705241BA8E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D496176-E624-40B3-B89F-63705241BA8E}" => removed successfully
C:\WINDOWS\System32\Tasks\{E35E0621-837C-4DAF-8D52-07217A5C2066} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E35E0621-837C-4DAF-8D52-07217A5C2066}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F8B3756-12C8-43E6-B9FD-A0C13A3C02D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8B3756-12C8-43E6-B9FD-A0C13A3C02D9}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{998B88C3-0C69-459F-9ED3-009F4CCFFD51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{998B88C3-0C69-459F-9ED3-009F4CCFFD51}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12779538 B
Java, Flash, Steam htmlcache => 35110684 B
Windows/system/drivers => 94511 B
Edge => 24379 B
Chrome => 531331316 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 9127038 B
NetworkService => 0 B
risos => 18733807 B

RecycleBin => 72901 B
EmptyTemp: => 587.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:34:22 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[valachmar]

No ani nie,ide stale pomaly, kazdy program sa otvara 20 sekund, ako na starych kompoch.
V task manageri je disk skoro stale 100%

[Rudy]

Na zkoušku vypněte aut. aktualizace systému a přesvědčte se, zda využití disku spadlo.

[valachmar]

Vo Win 10 sa mi nedari vypnut automaticke updates. Isiel som cez msconfig a zrusil som servis automatic updates, ale stale su running a po restarte sa nic nedeje.

[Rudy]

Návod: http://www.mrpear.net/cz/blog/749/jak-v ... windows-10 . Mělo by to také být v nápovědě systému.

[valachmar]

Link co ste mi poslal, obsahuje navod, ktory nefunguje. Vypnete v msconfig windows update, a po restarte servis bezi dalej. Precital som celu diskusiu pod clankom a nikomu sa nepodarilo tie updates vypnut.

[Rudy]

OK. Zkuste je tedy zakázat přímo ve službách. Příkazem services.msc zadaným přes přík. řádek se dostanete do tohoto rozhraní: https://www.cnews.cz/wp-content/uploads ... zace-6.png . Označte Windows update a pak pravým myšítkem vyvoláte menu, v kterém lze službu vypnout. Opětné zapnutí ovšem budete muset provést ručně.

[valachmar]

Dobry den. Dakujem uz je to lepsie, ale stale je to podstatne pomalsie ako moj druhy, o 4 roky stri notebook, na ktorom mam Win 7,. Mozno je to tym Windowsom 10.