Pomalý počítač

Zpráva

ras099 · #1 Příspěvek od **ras099** » 29 zář 2019 10:29

FRST.zip: (21.14 KiB) Staženo 79 x

Dobrý den, mám celkově pomalý počítač. Posílám zabalené logy.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Venca (29-09-2019 11:22:58)
Running from C:\Users\Venca\Desktop
Windows 10 Home Version 1903 18362.295 (X64) (2019-09-27 18:14:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-96245105-2209748232-2514027130-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-96245105-2209748232-2514027130-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-96245105-2209748232-2514027130-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-96245105-2209748232-2514027130-501 - Limited - Disabled)
Venca (S-1-5-21-96245105-2209748232-2514027130-1001 - Administrator - Enabled) => C:\Users\Venca
WDAGUtilityAccount (S-1-5-21-96245105-2209748232-2514027130-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.6.0 - Ask.com) <==== ATTENTION
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 76.0.1632.100 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Epic Games Launcher (HKLM-x32\...\{E7B62E3F-0F70-4119-89A2-28DE1C3873CC}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Exodus (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\exodus) (Version: 1.41.0 - Exodus Movement Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
K-Lite Mega Codec Pack 10.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.1 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 5.4.6.2 (HKLM\...\{F662982B-D4F5-4CFA-B2AE-90E16B44FF2F}) (Version: 5.4.6.2 - The Document Foundation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.100 - McAfee, LLC.)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 cs)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Nero 9 Lite (HKLM-x32\...\{c6b00d5c-14e4-4bce-9229-8c82f528d6d0}) (Version: - Nero AG)
Opera Stable 63.0.3368.94 (HKLM-x32\...\Opera 63.0.3368.94) (Version: 63.0.3368.94 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
Roblox Player for Venca (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Venca (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Start Menu 10 verze 6.1 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 6.1 - OrdinarySoft)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
Torch (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\Torch) (Version: 57.0.0.12335 - Torch Media, Inc) <==== ATTENTION
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player 0.9.8a (HKLM-x32\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version: - )
Zoom (HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.148.400.0_x86__kgqvnymyfvs32 [2019-09-18] (king.com)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.3.1.1_x86__h6adky7gbf63m [2019-09-12] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-02] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-96245105-2209748232-2514027130-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Venca\Desktop\Toshiba\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [444]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2019-01-04 21:30 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-96245105-2209748232-2514027130-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.100.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-96245105-2209748232-2514027130-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4690A4A1-D262-4815-9CE1-67E1F1F994CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0D7DCA88-BF48-4C1D-B867-B3733DD1E1A7}] => (Allow) C:\Program Files (x86)\Opera\63.0.3368.94\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{631DA038-D985-4280-B6BC-AFED88D327CE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{5BF4176E-37C6-4AB9-9AA9-CDD8FFD7C5F3}] => (Allow) C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{D05EF4FA-7A5B-42D7-8F09-3391BBE0DD35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EDCA5B91-2767-417D-A48D-09F66AAC5A08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C2498BE7-5728-41C8-8F10-360FFC880F8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FBE7095F-6BD3-473B-BF4A-E4BA41833AC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{32C20919-549E-4A9F-96B5-3BBEC3ED0A70}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{14838C9E-0D28-4785-A69A-4D4ED15151AE}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{755F8848-81D2-483C-9902-0E3D92E36F1C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{873330ED-1A08-4954-9B9B-4D5883B637EA}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{0E1FCF29-3708-4AF2-A5E9-68C7157807F8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{51B5D7AD-656D-455A-A48E-363F0F991A9C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{42AF058D-E4C4-4524-B456-40A58B2D49BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{46008ADC-C047-42EF-AC4A-143A103CBBA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E0595A65-0394-48D6-9F01-3469488AA8C1}] => (Allow) C:\Users\Venca\AppData\Local\Torch\Application\torch.exe (Torch Media Inc. -> Torch Media Inc.)
FirewallRules: [{47D171D6-EA23-4541-9F59-861ACEB03F86}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{98C72F0E-5C4C-468C-B7E4-8007F4E38C10}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{81FF20F0-F46D-4D01-9969-CF165E116B5A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{07E5DB1B-1CDE-49D7-9F10-CECE29F051D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{E8481FDA-457D-4A8C-BE81-577E31953E3F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6FB77714-70A3-489E-B2B6-02F573C7E285}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{818EE409-9DD8-441B-AB59-DB97808A518D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{28A35FFF-07A0-40D9-B0B8-9CD06B948F43}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-03-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Restore Points =========================

29-09-2019 10:46:30 Installed IIS 8.0 Express

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2019 11:06:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (09/29/2019 11:06:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (09/29/2019 11:06:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (09/29/2019 11:06:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (09/29/2019 11:05:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OneDrive.exe verze 19.152.801.9 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1b6c

Čas spuštění: 01d576a0e2355513

Čas ukončení: 63

Cesta k aplikaci: C:\Users\Venca\AppData\Local\Microsoft\OneDrive\OneDrive.exe

ID hlášení: 6a775c76-e33a-40ba-8e10-9b8bddc6f06b

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (09/29/2019 11:04:17 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY)
Description: Sběr dat čítače výkonu od služby ASP.NET_64_2.0.50727 byl vypnut z důvodu jedné nebo více chyb generovaných knihovnou čítače výkonu pro tuto službu. Chyby, které vyvolaly tuto akci, byly zapsány do protokolu událostí aplikace. Opravte tyto chyby před novým zapnutím čítačů výkonu pro tuto službu.

Error: (09/29/2019 11:04:17 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1022) (User: NT AUTHORITY)
Description: Systém Windows nemůže otevřít 64bitovou knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll ve 32bitovém prostředí (kód chyby Win32 193). Vyžádejte si od prodejce souboru 32bitovou verzi. Popřípadě (pokud používáte 64bitové nativní prostředí) můžete 64bitovou knihovnu DLL rozšiřujících čítačů otevřít pomocí 64bitové verze nástroje Sledování výkonu. Pokud chcete tento nástroj použít, otevřete složku Windows a pak System32 a spusťte program Perfmon.exe.

Error: (09/29/2019 11:02:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Exodus.exe, verze: 1.41.0.0, časové razítko: 0x59de498f
Název chybujícího modulu: Exodus.exe, verze: 1.41.0.0, časové razítko: 0x59de498f
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000005f4484
ID chybujícího procesu: 0x1d6c
Čas spuštění chybující aplikace: 0x01d576a488e7756c
Cesta k chybující aplikaci: C:\Users\Venca\AppData\Local\exodus\app-1.41.0\Exodus.exe
Cesta k chybujícímu modulu: C:\Users\Venca\AppData\Local\exodus\app-1.41.0\Exodus.exe
ID zprávy: 9e95f0e0-ac90-4627-9500-adb7790aa47e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

System errors:
=============
Error: (09/29/2019 11:08:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/29/2019 11:08:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Presentation Foundation Font Cache 3.0.0.0 bylo dosaženo časového limitu (45000 ms).

Error: (09/29/2019 10:20:15 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-G9A7V7B)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/29/2019 10:18:40 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-G9A7V7B)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/29/2019 10:06:00 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Integrovaný řadič neodpověděl během zadaného časového limitu. Může to znamenat chybu hardwaru nebo firmwaru integrovaného řadiče nebo že systém BIOS přistupuje k integrovanému řadiči nesprávně. Měli byste zjistit, zda výrobce počítače nemá k dispozici upgrade systému BIOS. V některých situacích může tato chyba způsobit, že počítač nebude pracovat správně.

Error: (09/28/2019 09:57:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (09/28/2019 09:54:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/28/2019 09:54:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Presentation Foundation Font Cache 3.0.0.0 bylo dosaženo časového limitu (30000 ms).

Windows Defender:
===================================
Date: 2019-09-29 11:17:57.908
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\KMSpico\AutoPico.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk; file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C85B9822-E461-4998-AC9F-F3A02088AA7C}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk; taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-G9A7V7B\Venca
Název procesu: C:\Users\Venca\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.303.314.0, AS: 1.303.314.0, NIS: 1.303.314.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-29 11:16:41.602
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\KMSpico\AutoPico.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-G9A7V7B\Venca
Název procesu: C:\Users\Venca\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.303.314.0, AS: 1.303.314.0, NIS: 1.303.314.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-29 11:14:53.636
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\KMSpico\KMSELDI.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.303.314.0, AS: 1.303.314.0, NIS: 1.303.314.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-27 20:34:08.681
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\KMSpico\Service_KMS.exe; service:_Service KMSELDI
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.303.314.0, AS: 1.303.314.0, NIS: 1.303.314.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-27 20:14:25.878
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

CodeIntegrity:
===================================

Date: 2019-09-29 11:23:04.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:23:02.327
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:23:00.286
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:22:58.148
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:22:49.850
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:18:01.906
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-09-29 11:16:58.233
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-09-29 11:16:58.168
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X553MA.210 12/25/2014
Motherboard: ASUSTeK COMPUTER INC. X553MA
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 60%
Total physical RAM: 3982.63 MB
Available physical RAM: 1575.94 MB
Total Virtual: 5390.63 MB
Available Virtual: 2929.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:160.03 GB) (Free:81.63 GB) NTFS
Drive d: () (Fixed) (Total:304.63 GB) (Free:300.87 GB) NTFS

\\?\Volume{c918354f-c228-4bde-8afb-bc66e3b3bde7}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{f75bb637-c34f-48b8-9b51-bde2410261a4}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS
\\?\Volume{2cb7a38c-9909-4bc4-844b-0815342be91b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7C957A41)

Partition: GPT.

==================== End of Addition.txt ============================

#2 Příspěvek od **Rudy** » 29 zář 2019 11:30

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

ras099 · #3 Příspěvek od **ras099** » 29 zář 2019 12:19

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-05-2019
# Database: 2019-09-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-29-2019
# Duration: 00:00:24
# OS: Windows 10 Home
# Cleaned: 161
# Failed: 1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Yahoo!\Companion
Deleted C:\ProgramData\torchcrashhandler
Deleted C:\Users\Venca\AppData\Local\torch
Deleted C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

Deleted C:\Program Files (x86)\Yahoo!\Common\unyt.exe
Deleted C:\Users\Venca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Deleted C:\Users\Venca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
Deleted C:\Users\Venca\AppData\Roaming\Mozilla\Firefox\Profiles\nzlp0438.default\searchplugins\Askcom.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\SCHEDULED UPDATE FOR ASK TOOLBAR

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\AskToolbarInfo
Deleted HKCU\Software\AppDataLow\Software\AskToolbar
Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKCU\Software\Ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted HKCU\Software\MozillaPlugins\TorchVLC
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Yahoo\Companion
Deleted HKCU\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\csastats
Deleted HKCU\Software\torch
Deleted HKLM\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.html\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.mfp\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.pdf\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.png\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe
Deleted HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted HKLM\SOFTWARE\Classes\Applications\Torch.exe
Deleted HKLM\SOFTWARE\Classes\Applications\TorchSetup-r0-n-bo.exe
Deleted HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E41BA82-5D5C-45A6-902A-C53545F58F95}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E41BA82-5D5C-45A6-902A-C53545F58F95}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E0595A65-0394-48D6-9F01-3469488AA8C1}
Deleted HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted HKLM\Software\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted HKLM\Software\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted HKLM\Software\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted HKLM\Software\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted HKLM\Software\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted HKLM\Software\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted HKLM\Software\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted HKLM\Software\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted HKLM\Software\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted HKLM\Software\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted HKLM\Software\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted HKLM\Software\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted HKLM\Software\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted HKLM\Software\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted HKLM\Software\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted HKLM\Software\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted HKLM\Software\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted HKLM\Software\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted HKLM\Software\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted HKLM\Software\Classes\Yahoo.PopupBlockerPlugin
Deleted HKLM\Software\Classes\yt.YTHelper
Deleted HKLM\Software\Classes\yt.YToolbarBand
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\YPUBC.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted HKLM\Software\Wow6432Node\\Clients\StartMenuInternet\Torch
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Toolbar|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Deleted HKLM\Software\Wow6432Node\torch
Deleted HKU\.DEFAULT\Software\AskToolbar
Deleted HKU\S-1-5-18\Software\AskToolbar

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Ask Toolbar
Not Deleted Ask Toolbar

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [97615 octets] - [29/09/2019 13:14:17]
AdwCleaner[S00].txt - [19669 octets] - [29/09/2019 13:15:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Rudy** » 29 zář 2019 14:52

Dejte nové logy FRST+Addition.

ras099 · #5 Příspěvek od **ras099** » 29 zář 2019 15:04

Addition.zip: (8.58 KiB) Staženo 66 x

ras099 · #6 Příspěvek od **ras099** » 29 zář 2019 15:05

FRST.zip: (20.94 KiB) Staženo 95 x

#7 Příspěvek od **Rudy** » 29 zář 2019 15:59

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {7B45FB3C-BAEE-47CB-8D5A-A6AEF28BAE1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-26] (Google Inc -> Google Inc.)
Task: {93DA0F68-FBC9-413D-9E0A-430E24876243} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-26] (Google Inc -> Google Inc.)
Task: {E00DA9F0-4883-4CD9-8E7D-B040CFDAC890} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-96245105-2209748232-2514027130-1001 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKU\S-1-5-21-96245105-2209748232-2514027130-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO2&o=&src=crm&q={searchTerms}&locale=
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [444]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{0E1FCF29-3708-4AF2-A5E9-68C7157807F8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{51B5D7AD-656D-455A-A48E-363F0F991A9C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{47D171D6-EA23-4541-9F59-861ACEB03F86}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{98C72F0E-5C4C-468C-B7E4-8007F4E38C10}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{81FF20F0-F46D-4D01-9969-CF165E116B5A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{07E5DB1B-1CDE-49D7-9F10-CECE29F051D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

ras099 · #8 Příspěvek od **ras099** » 29 zář 2019 16:07

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Venca (29-09-2019 17:03:20) Run:1
Running from C:\Users\Venca\Desktop
Loaded Profiles: Venca (Available Profiles: defaultuser0 & Venca)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {7B45FB3C-BAEE-47CB-8D5A-A6AEF28BAE1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-26] (Google Inc -> Google Inc.)
Task: {93DA0F68-FBC9-413D-9E0A-430E24876243} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-26] (Google Inc -> Google Inc.)
Task: {E00DA9F0-4883-4CD9-8E7D-B040CFDAC890} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-96245105-2209748232-2514027130-1001 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=
SearchScopes: HKU\S-1-5-21-96245105-2209748232-2514027130-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [444]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Venca\Desktop\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{0E1FCF29-3708-4AF2-A5E9-68C7157807F8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{51B5D7AD-656D-455A-A48E-363F0F991A9C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{47D171D6-EA23-4541-9F59-861ACEB03F86}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{98C72F0E-5C4C-468C-B7E4-8007F4E38C10}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{81FF20F0-F46D-4D01-9969-CF165E116B5A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{07E5DB1B-1CDE-49D7-9F10-CECE29F051D4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B45FB3C-BAEE-47CB-8D5A-A6AEF28BAE1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B45FB3C-BAEE-47CB-8D5A-A6AEF28BAE1E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93DA0F68-FBC9-413D-9E0A-430E24876243}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93DA0F68-FBC9-413D-9E0A-430E24876243}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E00DA9F0-4883-4CD9-8E7D-B040CFDAC890}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E00DA9F0-4883-4CD9-8E7D-B040CFDAC890}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKU\S-1-5-21-96245105-2209748232-2514027130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-96245105-2209748232-2514027130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
HKLM\Software\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\Venca\Desktop\OP1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Venca\Desktop\OP1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Venca\Desktop\OP2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully
C:\Users\Venca\Desktop\OP2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E1FCF29-3708-4AF2-A5E9-68C7157807F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51B5D7AD-656D-455A-A48E-363F0F991A9C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47D171D6-EA23-4541-9F59-861ACEB03F86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98C72F0E-5C4C-468C-B7E4-8007F4E38C10}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81FF20F0-F46D-4D01-9969-CF165E116B5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07E5DB1B-1CDE-49D7-9F10-CECE29F051D4}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15468431 B
Java, Flash, Steam htmlcache => 1289 B
Windows/system/drivers => 135775 B
Edge => 2679004 B
Chrome => 257518250 B
Firefox => 8187679 B
Opera => 493342 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 25196 B
LocalService => 0 B
NetworkService => 4822 B
NetworkService => 0 B
defaultuser0 => 0 B
Venca => 18162824 B

RecycleBin => 21744 B
EmptyTemp: => 298.7 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:04:32 ====

#9 Příspěvek od **Rudy** » 29 zář 2019 16:48

Smazáno. Nastala nějaká změna?

ras099 · #10 Příspěvek od **ras099** » 29 zář 2019 16:56

Ano, je to dobré. Děkuji.

#11 Příspěvek od **Rudy** » 29 zář 2019 17:43

Rádo se stalo!

VIRY.CZ

Pomalý počítač

Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač

Re: Pomalý počítač