VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

velmi zpomalený notebook

https://forum.viry.cz:443/viewtopic.php?t=158886

Stránka 1 z 1

velmi zpomalený notebook

Napsal: 20 lis 2022 13:18
od Musclefish
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by kluch (administrator) on DESKTOP-HOME (Dell Inc. Latitude E6530) (20-11-2022 13:09:09)
Running from C:\Users\kluch\Desktop
Loaded Profiles: kluch
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2251 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-11] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1685381F-B4AC-4D94-85DF-D1FB62382D31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2AEFA4AA-E997-495E-85A8-8EFEA3B39A59} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {30FE64AC-A669-4FF0-92FC-CF22141D8F24} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {43ABDD57-5B43-423C-A90D-C393127261BE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (No File)
Task: {54CC14DB-719F-4391-8BAA-83DC40092BB5} - System32\Tasks\GoogleUpdateTaskMachineUA{F8B5663C-6937-4631-B853-FF62AD9FE0BD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-05] (Google LLC -> Google LLC)
Task: {555F9549-B649-4CFB-998B-978E9D9606EE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {606A79CF-B289-46DB-928B-CF0B40870A9B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C9A65A5-FD62-4E23-8785-15534E2B2A39} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6637512 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D808697-58D2-4F08-A8FB-FB3A22162300} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "b7ffd1e6-bcde-4775-b801-0b788911db77" --version "6.04.10044" --silent
Task: {7DD7FAA9-8C32-4E8A-8128-D78CC3F4105C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {847B4D1F-DF57-4537-A564-05CA3EF0B427} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {85142087-7B31-4F54-86E4-E92B41D6725A} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {8A089977-53EB-4053-931E-47A7ADE8047B} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1867612653-4038428619-1474417653-1004 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B7634D78-6D3A-47BE-B8B7-707AC25CBBE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D027CEFE-1BE3-4048-A818-893FA286C340} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4EB2D3D-C2CB-435B-A0C3-3866E33B3C96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E08A60C8-C348-48AD-A061-B30B328777B2} - System32\Tasks\GoogleUpdateTaskMachineCore{DB680756-F223-4A1D-A8CF-021B56A6E8AD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-11-05] (Google LLC -> Google LLC)
Task: {ED0F6EB8-7372-43E5-B939-29788EBAEE50} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6637512 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFD78A7E-1AC0-4D24-A104-A1BFEADB563D} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2930208 2017-05-30] (Dell Inc -> Dell Inc.)
Task: {FDBB3DE4-98A3-4A24-B169-588B8DCCF135} - System32\Tasks\CCleanerSkipUAC - kluch => C:\Program Files\CCleaner\CCleaner64.exe $(Arg0) (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: HTML script in Hosts detected. See Hosts section of Addition.txt <==== ATTENTION
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.10.10 8.8.8.8
Tcpip\..\Interfaces\{1628a578-e39f-4560-b6c7-d76bbd2bc9ae}: [DhcpNameServer] 172.16.0.90 172.16.0.91 172.16.0.92
Tcpip\..\Interfaces\{699fdee2-378e-4b09-abee-cb8329ba9801}: [DhcpNameServer] 10.10.10.10 8.8.8.8
Tcpip\..\Interfaces\{8048a9ea-2625-40ea-ae48-5476aa9a701e}: [DhcpNameServer] 192.168.95.1 8.8.8.8

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\kluch\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-15]
Edge DefaultSearchURL: Default -> hxxps://search-dur.com/gosrch/?uid=e5715da9&i=100&sc=1&q={searchTerms}
Edge DefaultSearchKeyword: Default -> smsearch
Edge DefaultNewTabURL: Default -> hxxps://search-dur.com/ntab/chrome/?uid=e5715da9&i=100&sc=2
Edge DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchT ... e}&PC=U316
Edge Extension: (Chrome PDF Plugin) - C:\Users\kluch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj [2022-09-28]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-11-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-11-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kluch\AppData\Local\Google\Chrome\User Data\Default [2022-11-20]
CHR Notifications: Default -> hxxps://answear.cz; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=818410
CHR Extension: (Chrome PDF Plugin) - C:\Users\kluch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj [2022-09-28]
CHR Extension: (Tampermonkey) - C:\Users\kluch\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-10-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\kluch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kluch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-15] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [16128 2015-06-03] (LENOVO -> Lenovo)
S3 MpKsl4bf6578a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B45ECF8A-2646-4E31-8541-5363B1A83871}\MpKslDrv.sys [214280 2022-11-20] (Microsoft Windows -> Microsoft Corporation)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 13:09 - 2022-11-20 13:09 - 000017874 _____ C:\Users\kluch\Desktop\FRST.txt
2022-11-20 13:09 - 2022-11-20 13:09 - 000000000 ____D C:\FRST
2022-11-20 13:06 - 2022-11-20 13:06 - 002375680 _____ (Farbar) C:\Users\kluch\Desktop\FRST64.exe
2022-11-20 12:54 - 2022-11-20 12:54 - 000001681 _____ C:\ProgramData\MacOS_monkee3y3fdjsuUhuda78qhiIOJd4dD.vbs
2022-11-20 12:51 - 2022-11-20 12:51 - 000000000 ____D C:\Users\kluch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2022-11-13 07:48 - 2022-11-13 07:48 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-13 07:48 - 2022-11-13 07:48 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-13 07:48 - 2022-11-13 07:48 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-13 07:48 - 2022-11-13 07:48 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-13 07:41 - 2022-11-13 07:41 - 000000000 ___HD C:\$WinREAgent
2022-11-05 14:36 - 2022-11-05 14:36 - 000168144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2022-11-05 14:36 - 2022-11-05 14:36 - 000000000 ____D C:\Program Files (x86)\Java
2022-11-05 14:16 - 2022-11-11 07:52 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-05 14:15 - 2022-11-05 14:15 - 000003550 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{F8B5663C-6937-4631-B853-FF62AD9FE0BD}
2022-11-05 14:15 - 2022-11-05 14:15 - 000003426 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{DB680756-F223-4A1D-A8CF-021B56A6E8AD}

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 13:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-20 13:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-20 13:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-20 12:56 - 2020-11-11 10:17 - 001605812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-20 12:56 - 2019-12-07 15:43 - 000683504 _____ C:\WINDOWS\system32\perfh005.dat
2022-11-20 12:56 - 2019-12-07 15:43 - 000137284 _____ C:\WINDOWS\system32\perfc005.dat
2022-11-20 12:53 - 2018-06-21 10:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-20 12:51 - 2020-11-11 10:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-20 12:51 - 2020-11-11 10:07 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-20 12:51 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-20 12:51 - 2018-08-06 18:36 - 000000000 ___RD C:\Users\kluch\OneDrive
2022-11-20 12:51 - 2018-08-06 18:34 - 000000000 __SHD C:\Users\kluch\IntelGraphicsProfiles
2022-11-20 12:47 - 2020-08-13 22:19 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-19 12:15 - 2020-11-11 10:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-19 07:33 - 2022-10-14 06:40 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-11-15 14:21 - 2019-09-11 09:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-11-13 20:36 - 2022-09-28 15:46 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2022-11-13 20:36 - 2020-11-11 10:07 - 000436144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-13 20:36 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-11-13 20:35 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-13 20:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-13 07:51 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-13 07:48 - 2020-11-11 10:12 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-13 07:34 - 2019-01-27 10:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-13 07:32 - 2019-01-27 10:44 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-12 18:28 - 2018-06-21 10:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-12 18:27 - 2021-12-28 09:28 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1867612653-4038428619-1474417653-1004
2022-11-12 18:27 - 2020-11-11 10:15 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1867612653-4038428619-1474417653-1004
2022-11-12 18:27 - 2020-11-11 10:09 - 000002388 _____ C:\Users\kluch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-11 07:51 - 2020-11-11 10:15 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-11 07:51 - 2020-11-11 10:15 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-06 11:09 - 2020-09-28 14:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-05 14:36 - 2022-09-28 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-05 14:16 - 2022-09-28 16:29 - 000000000 ____D C:\Program Files\Google
2022-11-05 13:52 - 2022-09-28 15:46 - 000003476 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2022-11-03 18:25 - 2022-10-14 06:40 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2022-10-21 06:41 - 2022-09-28 15:46 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

==================== Files in the root of some directories ========

2022-11-20 12:54 - 2022-11-20 12:54 - 000001681 _____ () C:\ProgramData\MacOS_monkee3y3fdjsuUhuda78qhiIOJd4dD.vbs
2022-09-28 14:33 - 2022-09-28 14:33 - 001869824 _____ () C:\Users\kluch\AppData\Roaming\d21o6Kxn.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by kluch (20-11-2022 13:10:32)
Running from C:\Users\kluch\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2251 (X64) (2020-11-11 09:15:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1867612653-4038428619-1474417653-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867612653-4038428619-1474417653-503 - Limited - Disabled)
Guest (S-1-5-21-1867612653-4038428619-1474417653-501 - Limited - Disabled)
kluch (S-1-5-21-1867612653-4038428619-1474417653-1004 - Administrator - Enabled) => C:\Users\kluch
WDAGUtilityAccount (S-1-5-21-1867612653-4038428619-1474417653-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 22.003.20282 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.3.1 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.109 - ALPS ELECTRIC CO., LTD.)
EaseUS Data Recovery Wizard Technician 13.6 (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: 13.6 - lrepacks.ru)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{205AE40D-8AD7-4F29-A430-DD2168DA562D}) (Version: 14.5.0.1081 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Java 8 Update 341 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180341F0}) (Version: 8.0.3410.10 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1867612653-4038428619-1474417653-1004\...\Kodi) (Version: 19.3.0.0 - XBMC Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1867612653-4038428619-1474417653-1004\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Project - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visio - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-24922 - Synology)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1867612653-4038428619-1474417653-1004\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.26.33.0_x64__kgqvnymyfvs32 [2022-11-11] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2400.2.0_x64__kgqvnymyfvs32 [2022-11-11] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.231.400.0_x64__kgqvnymyfvs32 [2022-11-16] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_16.0.5.0_x86__m9bz608c1b9ra [2022-10-09] (Nordcurrent)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_7.0.101.0_x64__h6adky7gbf63m [2022-10-16] (Gameloft SE)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.51.5102.0_x86__ytsefhwckbdv6 [2022-11-15] (G5 Entertainment AB)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa [2022-11-05] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-11-15] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1867612653-4038428619-1474417653-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-09-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\ssv.dll [2022-11-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-11-05] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2022-11-20 12:53 - 000002638 __RSH C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 clients.google.com
127.0.0.1 clients0.google.com
127.0.0.1 clients1.google.com
127.0.0.1 clients2.google.com
127.0.0.1 clients3.google.com
127.0.0.1 clients4.google.com
127.0.0.1 clients5.google.com
127.0.0.1 clients6.google.com
127.0.0.1 clients7.google.com
127.0.0.1 clients8.google.com
127.0.0.1 clients9.google.com# Piriform Blocker Key Verificator
127.0.0.1 license.piriform.com
127.0.0.1 www.license.piriform.com
127.0.0.1 speccy.piriform.com
127.0.0.1 www.speccy.piriform.com
127.0.0.1 recuva.piriform.com
127.0.0.1 www.recuva.piriform.com
127.0.0.1 defraggler.piriform.com
127.0.0.1 www.defraggler.piriform.com
127.0.0.1 ccleaner.piriform.com
127.0.0.1 www.ccleaner.piriform.com
127.0.0.1 license-api.ccleaner.com

2020-11-12 11:48 - 2020-11-15 16:52 - 000000441 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 Desktop-Home.mshome.net # 2025 11 5 14 15 52 36 624

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1867612653-4038428619-1474417653-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\kluch\Downloads\20220414_155342.jpg
DNS Servers: 10.10.10.10 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{A46A1557-A51A-4EF6-97A6-3CC42616A807}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{5EFA24F4-9D3D-43DD-A831-EA6276197E83}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{DFB7DF06-C5FF-445F-869D-9B85581EB3D8}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{6924A4AF-D0E9-4101-8064-55432E903B2C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{75E650E2-2335-4A69-883D-975ECC926A91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9F3BD64-BDFA-4EF7-ADEE-3C5B4F7322E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C2C4CA9F-2441-45AA-AEC0-D5F68812F53D}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [UDP Query User{31DA17C0-5EC0-465F-82D1-D8202888CF5A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe (Synology Inc. -> )
FirewallRules: [{07B90180-D927-4D3E-BEB4-BB2B85B36F9F}] => (Allow) C:\Users\kluch\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{0A53D04B-2E87-46B8-B1A3-4322478C09B3}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{DAF2AACF-C866-4881-991D-BCDDBBE73223}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{B2C2753E-D553-4A01-B0DF-843A9054A5D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6E9790E-213B-45DB-BBAF-BB91C080901A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{577933F4-3716-432B-B73F-F31A116D9441}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05C0DEA9-30F2-4BC3-A4D2-14E8A6C57FAA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2097B437-CAF2-44CE-8E0D-CEF8AE33C4BF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8996728B-2C10-46E8-B88A-4268CE8652B3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{60B523F9-8595-4DE0-BE2A-847F126F2230}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F712B027-BC0A-44B5-8212-92F582D6D0DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{91871BD4-703D-4651-BE75-98C15CAF45D0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDD0D179-AD09-44E9-A517-AF80DE2874DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{92F8B949-1A61-4657-A9FB-D7D2C618E18B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0A5E95AA-4A43-4BF4-AF5F-E1D6432B9F65}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C9B06CC1-C198-48C6-9D49-B1D69A2731F6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.24 GB) (Free:66.47 GB) (56%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2022 12:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IAStorDataMgrSvc.exe, verze: 14.5.0.1081, časové razítko: 0x556ecc3d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x059724ed
ID chybujícího procesu: 0x2774
Čas spuštění chybující aplikace: 0x01d8fcd6b1e1e3dc
Cesta k chybující aplikaci: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 4448fc83-5093-43e8-92e8-4d4ea30f4c67
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/20/2022 12:53:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: IAStorDataMgrSvc.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
na IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
na IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
na IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/20/2022 12:48:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.19041.2193 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 15dc

Čas spuštění: 01d8fcd5db41c835

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: b2b1f38e-94ef-4d32-b46b-ccdeac8d4b72

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (11/20/2022 12:47:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.19041.2193 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2fa8

Čas spuštění: 01d8fcd5b076095e

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: fab8f538-b27a-42b5-affb-3bf61b1fca27

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (11/15/2022 02:20:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-HOME)
Description: Aplikaci nebo službu Microsoft Office SDX Helper nelze ukončit.

Error: (11/14/2022 01:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IAStorDataMgrSvc.exe, verze: 14.5.0.1081, časové razítko: 0x556ecc3d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x057c24ed
ID chybujícího procesu: 0x1cec
Čas spuštění chybující aplikace: 0x01d8f82463cb407a
Cesta k chybující aplikaci: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: fbb77ea0-1942-405f-bcff-a4fe404897aa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/14/2022 01:27:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: IAStorDataMgrSvc.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
na IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
na IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
na IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/05/2022 09:31:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IAStorDataMgrSvc.exe, verze: 14.5.0.1081, časové razítko: 0x556ecc3d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0588e78d
ID chybujícího procesu: 0x226c
Čas spuštění chybující aplikace: 0x01d8f0f10d5b9049
Cesta k chybující aplikaci: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3b42ff3d-d0dc-4817-9b14-615f8c681323
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/20/2022 12:53:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Rapid Storage Technology byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/20/2022 12:51:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:40:55, ‎19.‎11.‎2022) bylo neočekávané.

Error: (11/19/2022 09:48:44 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/19/2022 08:30:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/19/2022 07:52:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (11/18/2022 09:04:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/18/2022 05:15:09 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/18/2022 08:37:43 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
================
Date: 2022-11-19 07:51:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {52C0594E-77CA-4CC7-A469-A1D5C3D08310}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-17 09:08:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9343588B-BBE5-49B1-AA2C-B6809FCB7A6D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-16 17:51:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CAF18919-AEE7-4AFF-A9FC-C040336EC607}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-12 18:45:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2388CB6D-BC7C-42A1-8DEB-2579CF8F4356}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-05 07:59:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E5CFDEAB-B96A-4120-BDAD-50F7D8C768F3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-11-15 08:27:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-11 08:13:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-21 08:02:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-09-29 19:50:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-08-16 07:56:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A21 02/21/2018
Motherboard: Dell Inc. 0JC5MT
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 75%
Total physical RAM: 3998.92 MB
Available physical RAM: 981.62 MB
Total Virtual: 5854.92 MB
Available Virtual: 2519.88 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.24 GB) (Free:66.47 GB) (Model: SAMSUNG SSD PM830 2.5" 7mm 128GB) NTFS

\\?\Volume{9212a161-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{9212a161-0000-0000-0000-c0ae1d000000}\ () (Fixed) (Total:0.51 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 9212A161)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=522 MB) - (Type=27)

==================== End of Addition.txt =======================


Děkuji

Re: velmi zpomalený notebook

Napsal: 21 lis 2022 14:53
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: velmi zpomalený notebook

Napsal: 14 pro 2022 10:22
od Musclefish
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-14-2022
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2251)
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Local AppWizard-Generated Applications\Restoro
Deleted HKCU\Software\Restoro
Deleted HKCU\Software\Restoro Key
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Restoro
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2892 octets] - [14/12/2022 10:20:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: velmi zpomalený notebook

Napsal: 14 pro 2022 10:26
od Rudy
OK. Dejte nové logy FRST+Addition.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz