Pro Rudyho - prosím o kontrolu PC

Zpráva

josebor · #1 Příspěvek od **josebor** » 21 lis 2021 17:40

Srdečně zdravím. Je to již drahný čas, kdy jsme spolu komunikovali. Po opravě jsem měl dlouho pokoj od všelijakých breberek v počítači. Nedávno se mi nějaký prevít do PC dostal. Náhodou jsem otevřel v TC panel plochy a ukázal se mi tam řádek s ikonou ftp, která na klasické ploše není vidět. Viz obrázek v příloze. Prosím o kontrolu , neboť vidím v logu zbytky FF, který jsem dávno odinstaloval.

#2 Příspěvek od **Rudy** » 21 lis 2021 17:57

Zdravím!
Dejte logy FRST+Addition.

josebor · #3 Příspěvek od **josebor** » 21 lis 2021 19:21

Nějak mi nefunguje vkládání. Zkuste prosím otevřít přílohu v úvodu threadu. Děkuji.

josebor · #4 Příspěvek od **josebor** » 21 lis 2021 19:38

V příloze posílám obrázek plochy z TC

#5 Příspěvek od **Rudy** » 21 lis 2021 19:56

Ještě poprosím o obsah souboru frst.txt. Je v G:\. Děkuji.

josebor · #6 Příspěvek od **josebor** » 22 lis 2021 11:01

Dobrý den přeji, vkládám, ale píše mi to neplatná přípona souboru. Co s tím? Zkusím to odeslat z jiného PC.

josebor · #7 Příspěvek od **josebor** » 22 lis 2021 11:12

Opět neplatná příloha

josebor · #8 Příspěvek od **josebor** » 22 lis 2021 11:18

Zdravím, ani to se nepovedlo, stejná hláška. Zkusím nový stažení a výpis.

josebor · #9 Příspěvek od **josebor** » 22 lis 2021 11:34

Nové stažení a stejný výsledek, tak nevím. Jedinou naději je otevřít soubor na začátku příspěvku addition. zip ve kterém je i (měl by být) i soubor frst.txt. Podaří se? Jinak nevím co dál, poraďte.

#10 Příspěvek od **Rudy** » 22 lis 2021 15:35

Tak to necháme. Dejte tedy ten log FRST.

josebor · #11 Příspěvek od **josebor** » 23 lis 2021 19:14

Dobrý den, PC včera "spadl" a tak jsem dnes udělal obnovu systému a prohlédl si některé protokoly a jsem zděšen, neboť Windows Defender mi provedl kontrolu 1158000 souborů. Je to možné? Soubor FRST.txt se mi nedaří odeslat, stále to hází chybu : "Neplatná přípona souboru". Zkusím poslat aspoň obrázek. Asi bude nejlepší přeinstalace, ikdyž bych rád věděl rád odpovědi na pár otázek. Tak nakonec se to snad povedlo.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
Ran by Josef (administrator) on PC-HOME (Hewlett-Packard 500-526nc) (23-11-2021 17:18:24)
Running from C:\Users\Josef\Desktop
Loaded Profiles: Josef
Platform: Microsoft Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3626470089-42174178-359833190-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\windows\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\windows\system32\hpbprtmon.dll [423936 2014-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-09-27] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-09-27] (Softex Inc..) [File not signed]
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk [2021-11-23]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 1510 series.lnk -> C:\windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN49S1P0V205YR;CONNECTION=USB;MONITOR=1;

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5323C4D8-86DA-42D5-B104-E47026E2C20C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [545080 2014-08-21] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {57C3C446-FFED-4673-8961-EAB355793EBD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> )
Task: {5E6D2018-9312-43B7-A27A-739819AC5ECC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {5EB99064-B8B5-4747-8F67-C8E112A79379} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {68113392-12F1-407B-A3A4-2491EA79F64B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C7E78DA-AD3C-4BFB-9845-8BCC0AA2ADDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A75ACF3A-E293-4459-BC82-ADC7FE6385BF} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4678392 2014-09-27] (Softex Incorporated -> Hewlett-Packard)
Task: {AF545220-28F6-4DA4-AB42-89BF08FA0636} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [506104 2014-09-27] (Softex Incorporated -> Hewlett-Packard)
Task: {B4E13891-7BA6-4E75-B6A4-5F258C47F4A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {B645D4EA-47EE-4930-8F50-DF70667BE31D} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [506104 2014-09-27] (Softex Incorporated -> Hewlett-Packard)
Task: {D26BBB19-999A-4BBC-AAC6-7184A44AC974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {DE921112-8C95-485E-9F04-EA35A2E92671} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [545080 2014-08-21] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {E553611A-0BA6-4545-AE63-BEFF878F7EE3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F30C53EC-8561-4855-A872-A03DD9511280} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44EAFB1C-6875-461D-94CE-74DF844623A0}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-23]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2020-12-23] [Legacy] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )

Chrome:
=======
CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default [2021-11-23]
CHR Extension: (Prezentace) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]
CHR Extension: (Dokumenty) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-22]
CHR Extension: (Disk Google) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-22]
CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]
CHR Extension: (Tabulky) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [112640 2014-07-31] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\windows\system32\drivers\amdacpksd.sys [280288 2014-08-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S0 amdkmafd; C:\windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 MpKsl2f9000dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E2DB3C1-9C3A-4F3F-9658-443798D32061}\MpKslDrv.sys [47352 2021-09-21] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl4a39788e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E005DB7-25CE-4265-8045-D268A35638A4}\MpKslDrv.sys [48376 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
S3 RtlWlanu; C:\windows\system32\DRIVERS\rtwlanu.sys [8083416 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-23 17:13 - 2021-11-23 17:12 - 002311680 _____ (Farbar) C:\Users\Josef\Desktop\FRST64.exe
2021-11-23 17:12 - 2021-11-23 17:12 - 002311680 _____ (Farbar) C:\Users\Josef\Downloads\FRST64.exe
2021-11-22 17:42 - 2021-11-22 17:42 - 000000000 ____D C:\Users\Josef\AppData\Local\CrashDumps
2021-11-22 11:21 - 2021-11-22 11:26 - 000059454 _____ C:\Users\Josef\Desktop\Addition.txt
2021-11-22 11:20 - 2021-11-23 17:19 - 000015012 _____ C:\Users\Josef\Desktop\FRST.txt
2021-11-20 13:38 - 2021-11-20 13:38 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2021-11-20 13:38 - 2021-11-20 13:38 - 000000000 ____D C:\Users\Josef\Documents\CyberLink
2021-11-20 13:38 - 2021-11-20 13:38 - 000000000 ____D C:\Users\Josef\AppData\Roaming\CyberLink
2021-11-20 13:38 - 2021-11-20 13:38 - 000000000 ____D C:\Users\Josef\AppData\Local\MediaShow
2021-11-19 20:46 - 2021-11-19 20:46 - 000000000 __SHD C:\found.000
2021-11-19 18:44 - 2021-11-23 17:18 - 000000000 ____D C:\FRST
2021-11-19 18:42 - 2021-11-23 18:13 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-11-19 18:37 - 2021-11-19 18:38 - 000001651 _____ C:\Users\Josef\Documents\malware.txt
2021-11-19 17:53 - 2021-11-19 17:53 - 000000000 ____D C:\Users\Josef\AppData\Local\mbam
2021-11-19 17:52 - 2021-11-19 17:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-19 17:51 - 2021-11-19 17:52 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-19 17:03 - 2021-11-19 17:03 - 000008192 ___SH C:\Users\Josef\Documents\Thumbs.db

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-23 18:13 - 2021-06-19 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-11-23 18:13 - 2021-02-19 14:39 - 000000000 ____D C:\ProgramData\Garmin
2021-11-23 18:13 - 2021-02-07 17:39 - 000000000 ____D C:\windows\Minidump
2021-11-23 18:13 - 2021-02-03 17:17 - 000000000 ____D C:\windows\LastGood.Tmp
2021-11-23 18:13 - 2020-12-31 11:24 - 000000000 ____D C:\Users\Josef\AppData\Roaming\GHISLER
2021-11-23 18:13 - 2020-12-23 09:55 - 000000000 ___SD C:\windows\system32\CompatTel
2021-11-23 18:13 - 2015-02-23 09:14 - 000000000 ____D C:\Users\Public\CyberLink
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 __RSD C:\windows\Media
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 __RHD C:\Users\Public\Libraries
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ___RD C:\windows\ToastData
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\WinStore
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\setup
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\WinMetadata
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\setup
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\rescache
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\windows\PolicyDefinitions
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Windows Defender
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-11-23 18:13 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-11-23 18:11 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-23 18:07 - 2013-08-22 16:36 - 000000000 ____D C:\windows\registration
2021-11-23 18:06 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2021-11-23 18:06 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SystemResources
2021-11-23 18:05 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\Macromed
2021-11-23 18:05 - 2013-08-22 14:36 - 000000000 ____D C:\windows\system32\Sysprep
2021-11-23 18:04 - 2013-08-22 16:36 - 000000000 ____D C:\windows\Globalization
2021-11-23 18:03 - 2015-02-23 08:59 - 000000000 ____D C:\ProgramData\CyberLink
2021-11-23 18:03 - 2014-04-02 15:46 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-23 18:02 - 2021-02-19 14:38 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-11-23 18:02 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-11-23 16:43 - 2020-12-22 19:39 - 000003594 _____ C:\windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3626470089-42174178-359833190-1001
2021-11-23 16:28 - 2020-12-22 19:59 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-23 16:28 - 2020-12-22 19:59 - 000002156 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-23 16:28 - 2020-12-22 19:58 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-23 16:22 - 2020-12-22 19:58 - 000003388 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-23 16:22 - 2020-12-22 19:58 - 000003260 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-23 16:22 - 2015-02-23 17:16 - 000726572 _____ C:\windows\system32\perfh005.dat
2021-11-23 16:22 - 2015-02-23 17:16 - 000168564 _____ C:\windows\system32\perfc005.dat
2021-11-23 16:22 - 2014-03-18 16:32 - 001757200 _____ C:\windows\system32\PerfStringBackup.INI
2021-11-23 16:22 - 2013-08-22 14:36 - 000000000 ____D C:\windows\Inf
2021-11-23 16:19 - 2020-12-22 19:34 - 000000000 ____D C:\Users\Josef
2021-11-23 16:15 - 2013-08-22 15:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-11-21 17:27 - 2021-01-29 18:30 - 000000000 ____D C:\Users\Josef\Documents\Nová složka
2021-11-20 15:52 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\NDF
2021-11-17 18:20 - 2021-01-15 16:45 - 000000000 ____D C:\Users\Josef\AppData\Local\ElevatedDiagnostics
2021-11-13 08:47 - 2013-08-22 16:20 - 000000000 ____D C:\windows\CbsTemp
2021-11-13 08:45 - 2021-01-03 16:54 - 000000000 ____D C:\windows\system32\MRT

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-11-17 18:48
==================== End of FRST.txt ========================

#12 Příspěvek od **Rudy** » 23 lis 2021 19:58

Možné to je, záleží na tom, co máte v PC uloženo. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM-x32\...\Run: [] => [X]
Task: {5E6D2018-9312-43B7-A27A-739819AC5ECC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {D26BBB19-999A-4BBC-AAC6-7184A44AC974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
C:\windows\LastGood.Tmp
C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {79DA758C-4DF8-4F97-B692-B367CAEC6955} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3626470089-42174178-359833190-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKU\S-1-5-21-3626470089-42174178-359833190-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
FirewallRules: [{CD362D4C-1A13-436C-9A5C-8BBAE3C4A6DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{A862A080-5EC7-488E-9DEF-D4184BD00F5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A298D3D-AF74-403C-8AC4-1A296B0F11BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C91F1BF-0A1C-42EF-8E98-BFD5E8673C63}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

josebor · #13 Příspěvek od **josebor** » 24 lis 2021 16:28

Dobrý den, přikládám log a jen pro zajímavost, Včera jsem provedl novou kontrolu Windows Defendr a zkontrolovaných položek bylo téměř 14000000. a to jsem provedl jen bod obnovení. Je to možné?

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Ran by Josef (24-11-2021 15:17:52) Run:1
Running from C:\Users\Josef\Desktop
Loaded Profiles: Josef
Boot Mode: Normal
==============================================

fixlist content:
*****************
tart

CloseProcesses:
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM-x32\...\Run: [] => [X]
Task: {5E6D2018-9312-43B7-A27A-739819AC5ECC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {D26BBB19-999A-4BBC-AAC6-7184A44AC974} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
C:\windows\LastGood.Tmp
C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {79DA758C-4DF8-4F97-B692-B367CAEC6955} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3626470089-42174178-359833190-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
SearchScopes: HKU\S-1-5-21-3626470089-42174178-359833190-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... c=HPDTDFJS
FirewallRules: [{CD362D4C-1A13-436C-9A5C-8BBAE3C4A6DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{A862A080-5EC7-488E-9DEF-D4184BD00F5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A298D3D-AF74-403C-8AC4-1A296B0F11BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C91F1BF-0A1C-42EF-8E98-BFD5E8673C63}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File

EmptyTemp:
End
*****************

tart => Error: No automatic fix found for this entry.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDefender" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E6D2018-9312-43B7-A27A-739819AC5ECC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E6D2018-9312-43B7-A27A-739819AC5ECC}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D26BBB19-999A-4BBC-AAC6-7184A44AC974}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D26BBB19-999A-4BBC-AAC6-7184A44AC974}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\windows\LastGood.Tmp => moved successfully
"C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL" => removed successfully
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-3626470089-42174178-359833190-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{79DA758C-4DF8-4F97-B692-B367CAEC6955} => removed successfully
"HKU\S-1-5-21-3626470089-42174178-359833190-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3626470089-42174178-359833190-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD362D4C-1A13-436C-9A5C-8BBAE3C4A6DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A862A080-5EC7-488E-9DEF-D4184BD00F5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A298D3D-AF74-403C-8AC4-1A296B0F11BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C91F1BF-0A1C-42EF-8E98-BFD5E8673C63}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32641204 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 12062323 B
Edge => 0 B
Chrome => 302328677 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 65840 B
systemprofile32 => 65840 B
LocalService => 99838 B
NetworkService => 99184 B
Josef => 668897765 B

RecycleBin => 2873634892 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:19:00 ====

#14 Příspěvek od **Rudy** » 24 lis 2021 17:59

Smazáno, log by již měl být OK.

josebor · #15 Příspěvek od **josebor** » 24 lis 2021 18:50

Dobrý večer, děkuji za pomoc. Budu sledovat funkce PC, ale zdá se , že se stav zlepšil a zrychlil se i start. Ještě jednou dík.

VIRY.CZ

Pro Rudyho - prosím o kontrolu PC

Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC

Re: Pro Rudyho - prosím o kontrolu PC