Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC - prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 5
- Registrován: 23 dub 2024 17:34
Pomalé PC - prosím o kontrolu logu
Dobrý den. Jsem tady nový mohl bych požádat o kontrolu Logu? Děkuji předem
- Přílohy
-
- Desktop.rar
- (14.39 KiB) Staženo 51 x
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC - prosím o kontrolu logu
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment: [Anithas] powershell.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2024-04-17] (Adersoft -> Adersoft) <==== ATTENTION
C:\ProgramData\certlm.exe.manifest
C:\ProgramData\h.vbs
C:\ProgramData\S.bat
C:\ProgramData\readme_zh.md
C:\ProgramData\nbminer.exe
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_ergo.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\Test9
C:\ProgramData\Test8
C:\ProgramData\Test7
C:\ProgramData\Test6
C:\ProgramData\Test4
C:\ProgramData\Test3
C:\ProgramData\Test2
C:\ProgramData\Test17
C:\ProgramData\Test16
C:\ProgramData\Test15
C:\ProgramData\Test14
C:\ProgramData\Test13
C:\ProgramData\Test12
C:\ProgramData\Test11
C:\ProgramData\Test10
C:\ProgramData\Test1
C:\ProgramData\player9
C:\ProgramData\player8
C:\ProgramData\player7
C:\ProgramData\player6
C:\ProgramData\player5
C:\ProgramData\player4
C:\ProgramData\player3
C:\ProgramData\player2
C:\ProgramData\player17
C:\ProgramData\player16
C:\ProgramData\player15
C:\ProgramData\player14
C:\ProgramData\player13
C:\ProgramData\player12
C:\ProgramData\player11
C:\ProgramData\player10
C:\ProgramData\player1
C:\ProgramData\player
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{36EBCE55-BE6A-417F-95DF-86F8047B939F}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{71C5B9C7-AF3B-430D-8725-5020213C5BCB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{507C6264-F83D-4C3C-A5D5-58D0FB46450E}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
FirewallRules: [{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
- Návštěvník
- Příspěvky: 5
- Registrován: 23 dub 2024 17:34
Re: Pomalé PC - prosím o kontrolu logu
Děkuji a tady je log. A chtěl bych vás ještě o pomoc jak se zbavit tohoto viz. příloha. Děkuji
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (23-04-2024 20:30:07) Run:1
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment: [Anithas] powershell.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2024-04-17] (Adersoft -> Adersoft) <==== ATTENTION
C:\ProgramData\certlm.exe.manifest
C:\ProgramData\h.vbs
C:\ProgramData\S.bat
C:\ProgramData\readme_zh.md
C:\ProgramData\nbminer.exe
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_ergo.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\Test9
C:\ProgramData\Test8
C:\ProgramData\Test7
C:\ProgramData\Test6
C:\ProgramData\Test4
C:\ProgramData\Test3
C:\ProgramData\Test2
C:\ProgramData\Test17
C:\ProgramData\Test16
C:\ProgramData\Test15
C:\ProgramData\Test14
C:\ProgramData\Test13
C:\ProgramData\Test12
C:\ProgramData\Test11
C:\ProgramData\Test10
C:\ProgramData\Test1
C:\ProgramData\player9
C:\ProgramData\player8
C:\ProgramData\player7
C:\ProgramData\player6
C:\ProgramData\player5
C:\ProgramData\player4
C:\ProgramData\player3
C:\ProgramData\player2
C:\ProgramData\player17
C:\ProgramData\player16
C:\ProgramData\player15
C:\ProgramData\player14
C:\ProgramData\player13
C:\ProgramData\player12
C:\ProgramData\player11
C:\ProgramData\player10
C:\ProgramData\player1
C:\ProgramData\player
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{36EBCE55-BE6A-417F-95DF-86F8047B939F}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{71C5B9C7-AF3B-430D-8725-5020213C5BCB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{507C6264-F83D-4C3C-A5D5-58D0FB46450E}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
FirewallRules: [{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment\\Anithas" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
C:\Windows\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
C:\ProgramData\certlm.exe.manifest => moved successfully
C:\ProgramData\h.vbs => moved successfully
C:\ProgramData\S.bat => moved successfully
C:\ProgramData\readme_zh.md => moved successfully
C:\ProgramData\nbminer.exe => moved successfully
C:\ProgramData\nbminer.exe.sha256 => moved successfully
C:\ProgramData\start_ergo.bat => moved successfully
C:\ProgramData\start_etc.bat => moved successfully
C:\ProgramData\start_beam.bat => moved successfully
C:\ProgramData\start_eth.bat => moved successfully
C:\ProgramData\start_conflux.bat => moved successfully
C:\ProgramData\start_rvn.bat => moved successfully
C:\ProgramData\driver_uninstall.bat => moved successfully
C:\ProgramData\driver_install.bat => moved successfully
C:\ProgramData\start_sero.bat => moved successfully
C:\ProgramData\modify_tdr_delay.reg => moved successfully
C:\ProgramData\start_ae.bat => moved successfully
C:\ProgramData\open_web_monitor.url => moved successfully
C:\ProgramData\start_config.bat => moved successfully
"C:\ProgramData\Test9" Folder move:
C:\ProgramData\Test9 => moved successfully
"C:\ProgramData\Test8" Folder move:
C:\ProgramData\Test8 => moved successfully
"C:\ProgramData\Test7" Folder move:
C:\ProgramData\Test7 => moved successfully
"C:\ProgramData\Test6" Folder move:
C:\ProgramData\Test6 => moved successfully
"C:\ProgramData\Test4" Folder move:
C:\ProgramData\Test4 => moved successfully
"C:\ProgramData\Test3" Folder move:
C:\ProgramData\Test3 => moved successfully
"C:\ProgramData\Test2" Folder move:
C:\ProgramData\Test2 => moved successfully
"C:\ProgramData\Test17" Folder move:
C:\ProgramData\Test17 => moved successfully
"C:\ProgramData\Test16" Folder move:
C:\ProgramData\Test16 => moved successfully
"C:\ProgramData\Test15" Folder move:
C:\ProgramData\Test15 => moved successfully
"C:\ProgramData\Test14" Folder move:
C:\ProgramData\Test14 => moved successfully
"C:\ProgramData\Test13" Folder move:
C:\ProgramData\Test13 => moved successfully
"C:\ProgramData\Test12" Folder move:
C:\ProgramData\Test12 => moved successfully
"C:\ProgramData\Test11" Folder move:
C:\ProgramData\Test11 => moved successfully
"C:\ProgramData\Test10" Folder move:
C:\ProgramData\Test10 => moved successfully
"C:\ProgramData\Test1" Folder move:
C:\ProgramData\Test1 => moved successfully
"C:\ProgramData\player9" Folder move:
C:\ProgramData\player9 => moved successfully
"C:\ProgramData\player8" Folder move:
C:\ProgramData\player8 => moved successfully
"C:\ProgramData\player7" Folder move:
C:\ProgramData\player7 => moved successfully
"C:\ProgramData\player6" Folder move:
C:\ProgramData\player6 => moved successfully
"C:\ProgramData\player5" Folder move:
C:\ProgramData\player5 => moved successfully
"C:\ProgramData\player4" Folder move:
C:\ProgramData\player4 => moved successfully
"C:\ProgramData\player3" Folder move:
C:\ProgramData\player3 => moved successfully
"C:\ProgramData\player2" Folder move:
C:\ProgramData\player2 => moved successfully
"C:\ProgramData\player17" Folder move:
C:\ProgramData\player17 => moved successfully
"C:\ProgramData\player16" Folder move:
C:\ProgramData\player16 => moved successfully
"C:\ProgramData\player15" Folder move:
C:\ProgramData\player15 => moved successfully
"C:\ProgramData\player14" Folder move:
C:\ProgramData\player14 => moved successfully
"C:\ProgramData\player13" Folder move:
C:\ProgramData\player13 => moved successfully
"C:\ProgramData\player12" Folder move:
C:\ProgramData\player12 => moved successfully
"C:\ProgramData\player11" Folder move:
C:\ProgramData\player11 => moved successfully
"C:\ProgramData\player10" Folder move:
C:\ProgramData\player10 => moved successfully
"C:\ProgramData\player1" Folder move:
C:\ProgramData\player1 => moved successfully
"C:\ProgramData\player" Folder move:
C:\ProgramData\player => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36EBCE55-BE6A-417F-95DF-86F8047B939F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71C5B9C7-AF3B-430D-8725-5020213C5BCB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{507C6264-F83D-4C3C-A5D5-58D0FB46450E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9513573 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 462250 B
Edge => 0 B
Chrome => 563583580 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5298 B
rstej => 71664877 B
RecycleBin => 52665 B
EmptyTemp: => 615.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:31:23 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (23-04-2024 20:30:07) Run:1
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment: [Anithas] powershell.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2024-04-17] (Adersoft -> Adersoft) <==== ATTENTION
C:\ProgramData\certlm.exe.manifest
C:\ProgramData\h.vbs
C:\ProgramData\S.bat
C:\ProgramData\readme_zh.md
C:\ProgramData\nbminer.exe
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_ergo.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\Test9
C:\ProgramData\Test8
C:\ProgramData\Test7
C:\ProgramData\Test6
C:\ProgramData\Test4
C:\ProgramData\Test3
C:\ProgramData\Test2
C:\ProgramData\Test17
C:\ProgramData\Test16
C:\ProgramData\Test15
C:\ProgramData\Test14
C:\ProgramData\Test13
C:\ProgramData\Test12
C:\ProgramData\Test11
C:\ProgramData\Test10
C:\ProgramData\Test1
C:\ProgramData\player9
C:\ProgramData\player8
C:\ProgramData\player7
C:\ProgramData\player6
C:\ProgramData\player5
C:\ProgramData\player4
C:\ProgramData\player3
C:\ProgramData\player2
C:\ProgramData\player17
C:\ProgramData\player16
C:\ProgramData\player15
C:\ProgramData\player14
C:\ProgramData\player13
C:\ProgramData\player12
C:\ProgramData\player11
C:\ProgramData\player10
C:\ProgramData\player1
C:\ProgramData\player
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{36EBCE55-BE6A-417F-95DF-86F8047B939F}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{71C5B9C7-AF3B-430D-8725-5020213C5BCB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{507C6264-F83D-4C3C-A5D5-58D0FB46450E}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
FirewallRules: [{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment\\Anithas" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
C:\Windows\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
C:\ProgramData\certlm.exe.manifest => moved successfully
C:\ProgramData\h.vbs => moved successfully
C:\ProgramData\S.bat => moved successfully
C:\ProgramData\readme_zh.md => moved successfully
C:\ProgramData\nbminer.exe => moved successfully
C:\ProgramData\nbminer.exe.sha256 => moved successfully
C:\ProgramData\start_ergo.bat => moved successfully
C:\ProgramData\start_etc.bat => moved successfully
C:\ProgramData\start_beam.bat => moved successfully
C:\ProgramData\start_eth.bat => moved successfully
C:\ProgramData\start_conflux.bat => moved successfully
C:\ProgramData\start_rvn.bat => moved successfully
C:\ProgramData\driver_uninstall.bat => moved successfully
C:\ProgramData\driver_install.bat => moved successfully
C:\ProgramData\start_sero.bat => moved successfully
C:\ProgramData\modify_tdr_delay.reg => moved successfully
C:\ProgramData\start_ae.bat => moved successfully
C:\ProgramData\open_web_monitor.url => moved successfully
C:\ProgramData\start_config.bat => moved successfully
"C:\ProgramData\Test9" Folder move:
C:\ProgramData\Test9 => moved successfully
"C:\ProgramData\Test8" Folder move:
C:\ProgramData\Test8 => moved successfully
"C:\ProgramData\Test7" Folder move:
C:\ProgramData\Test7 => moved successfully
"C:\ProgramData\Test6" Folder move:
C:\ProgramData\Test6 => moved successfully
"C:\ProgramData\Test4" Folder move:
C:\ProgramData\Test4 => moved successfully
"C:\ProgramData\Test3" Folder move:
C:\ProgramData\Test3 => moved successfully
"C:\ProgramData\Test2" Folder move:
C:\ProgramData\Test2 => moved successfully
"C:\ProgramData\Test17" Folder move:
C:\ProgramData\Test17 => moved successfully
"C:\ProgramData\Test16" Folder move:
C:\ProgramData\Test16 => moved successfully
"C:\ProgramData\Test15" Folder move:
C:\ProgramData\Test15 => moved successfully
"C:\ProgramData\Test14" Folder move:
C:\ProgramData\Test14 => moved successfully
"C:\ProgramData\Test13" Folder move:
C:\ProgramData\Test13 => moved successfully
"C:\ProgramData\Test12" Folder move:
C:\ProgramData\Test12 => moved successfully
"C:\ProgramData\Test11" Folder move:
C:\ProgramData\Test11 => moved successfully
"C:\ProgramData\Test10" Folder move:
C:\ProgramData\Test10 => moved successfully
"C:\ProgramData\Test1" Folder move:
C:\ProgramData\Test1 => moved successfully
"C:\ProgramData\player9" Folder move:
C:\ProgramData\player9 => moved successfully
"C:\ProgramData\player8" Folder move:
C:\ProgramData\player8 => moved successfully
"C:\ProgramData\player7" Folder move:
C:\ProgramData\player7 => moved successfully
"C:\ProgramData\player6" Folder move:
C:\ProgramData\player6 => moved successfully
"C:\ProgramData\player5" Folder move:
C:\ProgramData\player5 => moved successfully
"C:\ProgramData\player4" Folder move:
C:\ProgramData\player4 => moved successfully
"C:\ProgramData\player3" Folder move:
C:\ProgramData\player3 => moved successfully
"C:\ProgramData\player2" Folder move:
C:\ProgramData\player2 => moved successfully
"C:\ProgramData\player17" Folder move:
C:\ProgramData\player17 => moved successfully
"C:\ProgramData\player16" Folder move:
C:\ProgramData\player16 => moved successfully
"C:\ProgramData\player15" Folder move:
C:\ProgramData\player15 => moved successfully
"C:\ProgramData\player14" Folder move:
C:\ProgramData\player14 => moved successfully
"C:\ProgramData\player13" Folder move:
C:\ProgramData\player13 => moved successfully
"C:\ProgramData\player12" Folder move:
C:\ProgramData\player12 => moved successfully
"C:\ProgramData\player11" Folder move:
C:\ProgramData\player11 => moved successfully
"C:\ProgramData\player10" Folder move:
C:\ProgramData\player10 => moved successfully
"C:\ProgramData\player1" Folder move:
C:\ProgramData\player1 => moved successfully
"C:\ProgramData\player" Folder move:
C:\ProgramData\player => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36EBCE55-BE6A-417F-95DF-86F8047B939F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71C5B9C7-AF3B-430D-8725-5020213C5BCB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{507C6264-F83D-4C3C-A5D5-58D0FB46450E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9513573 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 462250 B
Edge => 0 B
Chrome => 563583580 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5298 B
rstej => 71664877 B
RecycleBin => 52665 B
EmptyTemp: => 615.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:31:23 ====
- Přílohy
-
- IMG_20240423_170056.jpg (115.71 KiB) Zobrazeno 1703 x
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC - prosím o kontrolu logu
Bylo smazáno. Neříkal jsem vám, abyste ten soubor spouštěl, ale smazal. Tyto *. bat soubory jsou s největší pravděpodobností šmejdy. Nastala po smazání nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
- Návštěvník
- Příspěvky: 5
- Registrován: 23 dub 2024 17:34
Re: Pomalé PC - prosím o kontrolu logu
Dobrý den. Bohužel se to objevuje stále a v PC to nemůžu nikde najít.
Re: Pomalé PC - prosím o kontrolu logu
Vloz kolegovi aktualny log FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
-
- Návštěvník
- Příspěvky: 5
- Registrován: 23 dub 2024 17:34
Re: Pomalé PC - prosím o kontrolu logu
Tady jsou a děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by rstej (administrator) on DESKTOP-M2HVKN3 (ASUSTeK COMPUTER INC. X200MA) (24-04-2024 16:44:24)
Running from C:\Users\rstej\Desktop\FRST64.exe
Loaded Profiles: rstej
Platform: Microsoft Windows 10 Home Version 22H2 19045.4355 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\Run: [MicrosoftEdgeAutoLaunch_47DAD8DB3F29950FF6D2094A8F97770B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.61\Installer\chrmstp.exe [2024-04-23] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {C4D5E76D-E2DB-4AEA-9EE3-1D2734732E53} - System32\Tasks\admin => C:\Users\rstej\Favorites\Systeem.vbs [625 2024-04-17] () [File not signed]
Task: {4729305F-7018-43FC-B805-B863F8AC5FD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CBB6383D-E61D-4C55-8B01-D7E737F9CC20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC20A780-1ABA-4D97-9FA8-5641565CFF34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {05AFA1CE-0085-4E1B-9011-9D9AF8B62A2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{b744aedd-16b8-4c2e-b3c2-afb35b6e5630}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{f681e542-3678-4b20-8943-144c36c1c037}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-23]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.co ... uckgo.com/"
Edge Extension: (Překladač Google) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-04-02]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2024-04-19]
Edge Extension: (VT4Browsers) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2024-04-18]
Edge Extension: (Dokumenty Google offline) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
Edge Extension: (Integrace do GNOME Shell) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gphhapmejobijbbhgpjhcjognlahblep [2024-04-02]
Edge Extension: (HP Network Check Launcher) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2024-04-02]
Edge Extension: (Edge relevant text changes) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-02]
Edge Extension: (uBlock Origin) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-04-09]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2024-04-23]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default [2024-04-24]
CHR Notifications: Default -> hxxps://messages.google.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.co ... com/search"
CHR Extension: (Překladač Google) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-04-02]
CHR Extension: (uBlock Origin) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-04-02]
CHR Extension: (VT4Browsers) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2024-04-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
CHR Extension: (Integrace do GNOME Shell) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphhapmejobijbbhgpjhcjognlahblep [2024-04-02]
CHR Extension: (Prohlížeč DXF) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbfpaeoimiicejdjhmnlhkknclliibbm [2024-04-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2024-04-23]
CHR Extension: (HP Network Check Launcher) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2024-04-02]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2024-04-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-02]
CHR HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2021-02-01] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13932248 2024-04-11] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 PlexUpdateService; C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe [907264 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2017-04-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-24 16:44 - 2024-04-24 16:45 - 000011533 _____ C:\Users\rstej\Desktop\FRST.txt
2024-04-24 15:57 - 2024-04-24 15:57 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner_8.4.2.exe
2024-04-24 14:02 - 2024-04-24 14:02 - 000753184 _____ C:\Users\rstej\Downloads\Adware-Removal-Tool.exe
2024-04-24 14:00 - 2024-04-24 14:00 - 000271712 _____ (AVAST Software) C:\Users\rstej\Downloads\avast_one_free_antivirus.exe
2024-04-24 13:27 - 2024-04-24 13:27 - 000000000 ___HD C:\$WinREAgent
2024-04-23 21:50 - 2024-04-23 21:50 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner (1).exe
2024-04-23 21:13 - 2024-04-23 21:13 - 000014733 _____ C:\Users\rstej\Downloads\FRST Log.rar
2024-04-23 20:30 - 2024-04-24 13:01 - 000008640 _____ C:\Users\rstej\Desktop\Fixlog.txt
2024-04-23 20:16 - 2024-04-23 20:05 - 000143179 _____ C:\Users\rstej\Desktop\Vyuctovani_sluzeb_645_6_STIEBER RADISLAV.pdf
2024-04-23 20:16 - 2024-04-23 20:05 - 000109057 _____ C:\Users\rstej\Desktop\218027655005_Stieber_Radislav.pdf
2024-04-23 20:15 - 2024-04-23 20:15 - 000242768 _____ C:\Users\rstej\Downloads\prilohy_63076.zip
2024-04-23 19:52 - 2024-04-23 19:52 - 000003322 _____ C:\Windows\system32\Tasks\Trojan Killer
2024-04-23 19:50 - 2024-04-23 19:51 - 050689016 _____ (GridinSoft LLC) C:\Users\rstej\Downloads\gtk-2.2.4.4-setup.exe
2024-04-23 18:41 - 2024-04-24 16:45 - 000000000 ____D C:\FRST
2024-04-23 18:38 - 2024-04-23 18:38 - 002394112 _____ (Farbar) C:\Users\rstej\Desktop\FRST64.exe
2024-04-23 17:42 - 2024-04-23 17:46 - 000000000 ____D C:\ProgramData\Emsisoft
2024-04-23 17:41 - 2024-04-23 18:42 - 000000000 ____D C:\EEK
2024-04-23 17:39 - 2024-04-23 17:40 - 370918392 _____ C:\Users\rstej\Downloads\EmsisoftEmergencyKit.exe
2024-04-23 17:32 - 2024-04-23 18:09 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\MMC
2024-04-23 17:29 - 2024-04-23 17:29 - 000000000 ____D C:\Users\rstej\AppData\Local\D3DSCache
2024-04-23 17:26 - 2024-04-23 17:26 - 000000000 ____D C:\Windows\pss
2024-04-23 17:14 - 2024-04-23 17:15 - 000000000 ____D C:\AdwCleaner
2024-04-23 17:14 - 2024-04-23 17:14 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner.exe
2024-04-23 16:22 - 2024-04-23 16:22 - 000000000 ____D C:\Users\rstej\AppData\Roaming\VS Revo Group
2024-04-23 16:09 - 2024-04-23 16:09 - 000000000 ____D C:\Users\rstej\AppData\Local\VS Revo Group
2024-04-23 16:08 - 2024-04-23 16:08 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-23 16:06 - 2024-04-23 16:06 - 000006104 _____ C:\Users\rstej\Downloads\[SkT]Revo_Uninstaller_5.2.6_(x64).torrent
2024-04-23 16:06 - 2024-04-23 16:06 - 000000000 ____D C:\Users\rstej\Downloads\Revo Uninstaller Pro
2024-04-19 16:47 - 2024-04-19 16:47 - 000644529 _____ C:\Users\rstej\Downloads\Omio_Print_Tickets_0874060870607734.pdf
2024-04-19 13:58 - 2024-04-19 13:58 - 000142066 _____ C:\Users\rstej\Desktop\pata jizdenka.pdf
2024-04-19 13:37 - 2024-04-19 13:37 - 000142172 _____ C:\Users\rstej\Desktop\ticket-2024-04-19T11_33_29.352699346.pdf
2024-04-19 13:33 - 2024-04-19 13:33 - 000644529 _____ C:\Users\rstej\Downloads\ticket-2024-04-19T11_33_29.352699346.pdf
2024-04-19 10:01 - 2024-04-19 10:01 - 000073327 _____ C:\Users\rstej\Downloads\Místa_měření_Speedmaraton.xlsx
2024-04-18 19:45 - 2024-04-18 19:45 - 004343357 _____ C:\Users\rstej\Desktop\P-ru-ka.pdf
2024-04-18 11:32 - 2024-04-23 16:20 - 000002922 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1263269243-1539239694-1485521802-1001
2024-04-17 17:51 - 2024-04-23 16:20 - 000003704 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{86512161-7583-42A0-AF9E-B559352962DF}
2024-04-17 17:51 - 2024-04-23 16:20 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1F5362B3-889E-45A0-9FB6-758C87E2A8BE}
2024-04-17 17:49 - 2024-04-23 16:20 - 000003126 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1263269243-1539239694-1485521802-1001
2024-04-17 11:00 - 2024-04-17 11:04 - 002654720 _____ (Microsoft Edge) C:\Users\Public\Microsoft Edge.exe
2024-04-17 10:59 - 2021-08-20 17:28 - 000033271 _____ C:\ProgramData\readme.md
2024-04-17 10:58 - 2024-04-17 10:58 - 000003546 _____ C:\Windows\system32\Tasks\admin
2024-04-17 10:57 - 2024-04-17 10:58 - 000000000 ____D C:\Users\rstej\AppData\Local\Seed4Me
2024-04-17 10:57 - 2024-04-17 10:57 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Key
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\ProgramData\Test5
2024-04-15 16:30 - 2024-04-24 16:44 - 000000000 ____D C:\Users\rstej\Desktop\Nová složka
2024-04-15 15:19 - 2024-04-15 15:42 - 000000000 ____D C:\ProgramData\Glarysoft
2024-04-15 15:19 - 2024-04-15 15:19 - 000000000 ____D C:\Users\rstej\AppData\Roaming\GlarySoft
2024-04-15 14:05 - 2024-04-15 14:05 - 000000000 ____D C:\Users\rstej\AppData\Roaming\QtProject
2024-04-12 18:28 - 2024-04-23 15:00 - 000000000 ____D C:\Users\rstej\AppData\Local\Plex Media Server
2024-04-12 18:26 - 2024-04-12 18:26 - 000001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server.lnk
2024-04-12 18:25 - 2024-04-12 18:25 - 000000000 ____D C:\Program Files\Plex
2024-04-12 14:51 - 2024-04-12 14:51 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-11 14:04 - 2024-04-11 14:38 - 000000000 ____D C:\Users\rstej\AppData\Local\Rufus
2024-04-10 14:19 - 2024-04-10 14:19 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-08 17:31 - 2024-04-10 11:25 - 000000000 ____D C:\Users\rstej\AppData\Roaming\16HD
2024-04-08 17:26 - 2024-04-08 17:26 - 000000000 ____D C:\Program Files\LSoft Technologies
2024-04-07 18:27 - 2024-04-07 18:27 - 000000000 ____D C:\AnyMP4 Studio
2024-04-07 17:42 - 2024-04-07 17:42 - 000000000 ___HD C:\AnyMP4 Temp
2024-04-07 17:41 - 2024-04-07 17:41 - 000000000 ____D C:\Users\rstej\AppData\Local\AnyMP4 Studio
2024-04-07 17:40 - 2024-04-07 17:40 - 000000000 ____D C:\Program Files\AnyMP4 Studio
2024-04-06 12:14 - 2024-04-06 12:17 - 000000000 ____D C:\Users\rstej\AppData\LocalLow\Adobe
2024-04-06 12:14 - 2024-04-06 12:17 - 000000000 ____D C:\Users\rstej\AppData\Local\Adobe
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Roaming\com.adobe.dunamis
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Local\SolidDocuments
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\.ms-ad
2024-04-06 11:58 - 2024-04-06 11:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-04-06 11:55 - 2024-04-06 12:28 - 000000000 ____D C:\ProgramData\Adobe
2024-04-06 11:55 - 2024-04-06 12:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-06 11:55 - 2024-04-06 11:55 - 000000000 ____D C:\Program Files\Adobe
2024-04-05 20:32 - 2024-04-05 20:32 - 000000000 ___HD C:\OneDriveTemp
2024-04-05 16:34 - 2024-04-05 16:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Proof
2024-04-05 15:34 - 2024-04-05 15:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\PowerPoint
2024-04-05 15:33 - 2024-04-05 15:33 - 020428997 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022.xlsx
2024-04-05 15:32 - 2024-04-05 15:32 - 016807273 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022.pptx
2024-04-05 15:32 - 2024-04-05 15:32 - 016807273 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022 (1).pptx
2024-04-05 15:26 - 2024-04-05 15:26 - 000134027 _____ C:\Users\rstej\Downloads\export_montaz_seznam.xls
2024-04-05 15:01 - 2024-04-05 15:01 - 000215106 _____ C:\Users\rstej\Downloads\Inventura 2024_V2.pdf
2024-04-05 15:00 - 2024-04-05 15:00 - 000000000 ____D C:\Users\rstej\Documents\Vlastní šablony Office
2024-04-05 14:56 - 2024-04-05 16:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\UProof
2024-04-05 14:55 - 2024-04-19 10:08 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Excel
2024-04-05 14:55 - 2024-04-05 14:55 - 000040615 _____ C:\Users\rstej\Downloads\Inventura 2024_V2.xlsx
2024-04-05 14:33 - 2024-04-05 14:33 - 000000000 ____D C:\Users\rstej\AppData\Local\Microsoft_Corporation
2024-04-05 14:31 - 2024-04-05 14:31 - 000000985 _____ C:\Users\rstej\Downloads\W10-Store.zip
2024-04-05 09:40 - 2024-04-19 10:08 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Word
2024-04-05 09:40 - 2024-04-05 14:55 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Office
2024-04-05 09:40 - 2024-04-05 09:40 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\AddIns
2024-04-05 09:35 - 2024-04-05 09:35 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2024-04-05 09:26 - 2024-04-12 14:47 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-05 09:26 - 2024-04-05 09:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-04-05 09:17 - 2024-04-05 09:17 - 000000000 ____D C:\Users\rstej\AppData\Roaming\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\Program Files\WinRAR
2024-04-04 20:46 - 2024-04-04 20:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2024-04-04 17:41 - 2024-04-04 17:41 - 000000000 ____D C:\Users\rstej\AppData\Local\Backup
2024-04-03 12:38 - 2024-04-03 12:38 - 000000000 ____D C:\Users\rstej\AppData\Roaming\MediaInfo
2024-04-03 12:07 - 2024-04-14 11:58 - 000000000 ____D C:\Users\rstej\AppData\Roaming\vlc
2024-04-03 12:06 - 2024-04-03 12:06 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2024-04-03 12:06 - 2024-04-03 12:06 - 000000885 _____ C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2024-04-03 12:06 - 2024-04-03 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2024-04-03 12:06 - 2024-04-03 12:06 - 000000000 ____D C:\Program Files\MediaInfo
2024-04-03 12:05 - 2024-04-03 12:05 - 000000000 ____D C:\Program Files\VideoLAN
2024-04-03 11:09 - 2024-04-03 11:09 - 000020861 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-03 11:08 - 2024-04-03 11:08 - 000020861 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-03 09:46 - 2024-04-03 09:46 - 000000000 ____D C:\Users\rstej\AppData\Local\ChanSort
2024-04-03 09:29 - 2024-04-03 09:29 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-04-03 09:24 - 2024-04-03 09:24 - 000000000 ____D C:\Users\rstej\Downloads\ChanSort_2024-02-25
2024-04-02 21:19 - 2024-04-02 21:19 - 000000000 ____D C:\Users\rstej\Downloads\Smetak
2024-04-02 21:13 - 2024-04-02 21:13 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-04-02 20:58 - 2024-04-03 12:09 - 000000000 ____D C:\Windows\InboxApps
2024-04-02 18:32 - 2024-04-21 17:42 - 000000506 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-04-02 17:39 - 2024-04-02 17:39 - 000000000 ____D C:\Users\rstej\AppData\Local\Comms
2024-04-02 17:22 - 2024-04-24 15:18 - 000000000 __SHD C:\Users\rstej\IntelGraphicsProfiles
2024-04-02 17:22 - 2024-04-02 17:22 - 000000000 ____D C:\ProgramData\PLUG
2024-04-02 17:21 - 2024-04-02 17:21 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2024-04-02 17:09 - 2024-04-05 09:00 - 000000000 ____D C:\Windows\Panther
2024-04-02 17:00 - 2024-04-23 15:14 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-02 17:00 - 2024-04-23 15:14 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-02 17:00 - 2024-04-02 17:00 - 000000000 ____D C:\Users\rstej\AppData\Local\Google
2024-04-02 16:59 - 2024-04-24 16:22 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-02 16:59 - 2024-04-02 16:59 - 000000000 ____D C:\Program Files\Google
2024-04-02 16:57 - 2024-04-23 16:07 - 000000000 ____D C:\Users\rstej\AppData\Roaming\uTorrent
2024-04-02 16:57 - 2024-04-05 10:03 - 000000995 _____ C:\Users\rstej\Desktop\µTorrent.lnk
2024-04-02 16:57 - 2024-04-02 16:57 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2024-04-02 16:54 - 2024-04-10 11:57 - 000000000 ____D C:\Windows\system32\MRT
2024-04-02 16:48 - 2024-04-02 16:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-04-02 16:47 - 2024-04-24 13:47 - 000000000 ____D C:\Program Files\RUXIM
2024-04-02 16:41 - 2024-04-02 17:29 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Spelling
2024-04-02 16:37 - 2024-04-21 16:13 - 000000000 ___RD C:\Users\rstej\OneDrive
2024-04-02 16:36 - 2024-04-02 21:15 - 000000000 ____D C:\Users\rstej\AppData\Local\PlaceholderTileLogoFolder
2024-04-02 16:35 - 2024-04-02 16:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-02 16:33 - 2024-04-23 16:19 - 000000000 ____D C:\Users\rstej\AppData\Local\Packages
2024-04-02 16:33 - 2024-04-06 12:34 - 000000000 ____D C:\ProgramData\Packages
2024-04-02 16:33 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Adobe
2024-04-02 16:33 - 2024-04-02 17:22 - 000000000 ____D C:\Users\rstej\AppData\Local\ConnectedDevicesPlatform
2024-04-02 16:33 - 2024-04-02 16:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Crypto
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ___RD C:\Users\rstej\3D Objects
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Vault
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Network
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Local\VirtualStore
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Local\Publishers
2024-04-02 16:32 - 2024-04-02 16:32 - 000000000 ____D C:\Windows\SysWOW64\sda
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\SystemCertificates
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Program Files\Intel
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Program Files (x86)\Intel
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Intel
2024-04-02 16:30 - 2024-04-24 15:18 - 000000000 ____D C:\Users\rstej
2024-04-02 16:30 - 2024-04-23 15:23 - 000002381 _____ C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-02 16:30 - 2024-04-02 17:38 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows
2024-04-02 16:30 - 2024-04-02 16:30 - 000000020 ___SH C:\Users\rstej\ntuser.ini
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Šablony
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Soubory cookie
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Poslední
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Okolní tiskárny
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Okolní síť
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Nabídka Start
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Dokumenty
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Obrázky
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Hudba
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Filmy
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Data aplikací
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\AppData\Local\Data aplikací
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Protect
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Credentials
2024-04-02 16:23 - 2024-04-24 15:10 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Šablony
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Poslední
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Okolní síť
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Dokumenty
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Šablony
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Plocha
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Dokumenty
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Documents and Settings
2024-04-02 16:12 - 2024-04-21 11:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-02 16:12 - 2024-04-21 11:23 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-02 16:11 - 2024-04-10 11:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-02 16:11 - 2024-04-02 16:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-04-02 16:10 - 2024-04-24 15:05 - 000305864 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-02 16:10 - 2024-04-24 15:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-02 16:10 - 2024-04-24 15:04 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-02 16:10 - 2024-04-24 14:55 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-02 16:10 - 2024-04-02 16:10 - 000000000 ____D C:\Windows\ServiceProfiles
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-24 16:22 - 2023-05-05 14:27 - 000000000 ____D C:\Windows\SystemTemp
2024-04-24 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2024-04-24 15:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-24 15:15 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2024-04-24 15:10 - 2019-12-07 16:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2024-04-24 15:10 - 2019-12-07 16:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2024-04-24 15:04 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-04-24 15:03 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2024-04-24 14:57 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2024-04-23 20:30 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-04-23 16:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-22 18:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2024-04-10 14:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-08 17:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Resources
2024-04-05 09:37 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 17:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2024-04-02 21:17 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-04-02 20:59 - 2019-12-07 16:41 - 000000000 ____D C:\Windows\SysWOW64\cs
2024-04-02 20:59 - 2019-12-07 16:41 - 000000000 ____D C:\Windows\system32\cs
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Sysprep
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Com
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2024-04-02 20:58 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-04-02 20:58 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-04-02 18:48 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-04-02 18:47 - 2019-12-07 16:44 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-04-02 18:47 - 2019-12-07 16:44 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-04-02 18:47 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-04-02 17:09 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-04-02 17:07 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-04-02 16:30 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-04-02 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-02 16:21 - 2019-12-07 16:42 - 000000000 ____D C:\Windows\system32\FxsTmp
2024-04-02 16:21 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool
2024-04-02 16:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
==================== Files in the root of some directories ========
2024-04-17 11:00 - 2024-04-17 11:04 - 002654720 _____ (Microsoft Edge) C:\Users\Public\Microsoft Edge.exe
2024-04-06 11:58 - 2024-04-06 11:58 - 000000410 _____ () C:\Users\rstej\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (24-04-2024 16:51:50)
Running from C:\Users\rstej\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4355 (X64) (2024-04-02 14:20:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1263269243-1539239694-1485521802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1263269243-1539239694-1485521802-503 - Limited - Disabled)
Guest (S-1-5-21-1263269243-1539239694-1485521802-501 - Limited - Disabled)
rstej (S-1-5-21-1263269243-1539239694-1485521802-1001 - Administrator - Enabled) => C:\Users\rstej
WDAGUtilityAccount (S-1-5-21-1263269243-1539239694-1485521802-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.61 - Google LLC)
MediaInfo 24.03 (HKLM\...\MediaInfo) (Version: 24.03 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - cs-cz (HKLM\...\ProPlus2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - sk-sk (HKLM\...\ProPlus2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\OneDriveSetup.exe) (Version: 24.081.0421.0001 - Microsoft Corporation)
Microsoft Project Professional 2024 - cs-cz (HKLM\...\ProjectPro2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Project Professional 2024 - sk-sk (HKLM\...\ProjectPro2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - cs-cz (HKLM\...\VisioPro2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - sk-sk (HKLM\...\VisioPro2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17610.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17610.20000 - Microsoft Corporation) Hidden
Plex Media Server 1.40.1.8227 (x64) (HKLM\...\{688e1d8f-188e-49cd-83ca-2669a7e3f8cc}_is1) (Version: 1.40.1.8227 - Plex, Inc.)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WinRAR 7.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.00.0 - win.rar GmbH)
Packages:
=========
Vyhledávání na webu z Microsoft Bingu -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.92.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1263269243-1539239694-1485521802-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2024-04-24 13:01 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
2024-04-02 18:32 - 2024-04-21 17:42 - 000000506 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-M2HVKN3.mshome.net # 2029 4 5 20 15 42 7 91
192.168.137.151 LGSmartTV.mshome.net # 2024 4 0 28 15 42 7 91
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_47DAD8DB3F29950FF6D2094A8F97770B"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{E29DE231-DBEB-49F0-8A12-B599C6C48D14}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{4437FBFD-A491-4BA1-BB9A-11E5D62CAA5B}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{4FC9A359-AA50-4914-BD13-0135F45AAA85}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{67A97B67-2B83-47BC-A2AE-181362E33F7E}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{CF8E1E3A-8B05-485F-BD4B-84DC33982D00}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14F08EF6-5C15-4786-B8F8-A88A9FF3678E}] => (Allow) C:\Users\rstej\AppData\Roaming\uTorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{9EEDCC99-D90F-4711-8043-F79E236FA197}] => (Allow) C:\Users\rstej\AppData\Roaming\uTorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{915FC472-FA2C-4EB1-9D67-90BC398731EC}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Inc. -> Adobe Systems, Incorporated)
FirewallRules: [{EFDAC982-4404-4321-B93A-42C5038D9B61}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Inc. -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{BB6A89B1-E3C6-413F-94E0-C336CDDC1F2F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{C5ECD653-6906-40C7-849A-6DD43DBB8F0A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{146CB060-5C5F-44A9-BC33-CA49E6BB45EA}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{B495C7F1-67CA-4113-A3A4-695C2E68FC5B}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{F5D32735-6F51-4DBC-9008-FF699F6BCBC5}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{220751F5-F18C-4516-8547-963E791EED84}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{0B9C415A-FA53-4BF7-B1BB-C92E97A3CB89}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DA9D0D51-F3F7-4EC9-B656-6346DACD145D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AE42BEC8-FC8C-438B-99A4-00EF557B2FB1}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group Ltd. -> VS Revo Group)
FirewallRules: [{9603A1D7-523E-4396-9A38-6B30250A8081}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group Ltd. -> VS Revo Group)
FirewallRules: [{B8635283-7FB0-4059-92C2-4152E7CA67EC}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe (VS Revo Group Ltd. -> Mirage Systems GmbH)
FirewallRules: [{69F5CF43-D2D1-403E-B547-7C94E657633B}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe (VS Revo Group Ltd. -> Mirage Systems GmbH)
==================== Restore Points =========================
24-04-2024 13:25:31 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/24/2024 04:54:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:54:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:53:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:53:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:52:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:52:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:51:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002
Error: (04/24/2024 04:51:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002
System errors:
=============
Error: (04/24/2024 04:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (04/24/2024 04:35:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (04/24/2024 04:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ClickToRunSvc neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.
Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba LanmanServer závisí na službě srv2, která neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.
Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba srv2 neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.
Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba tcpipreg neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.
Error: (04/24/2024 03:04:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba Winmgmt se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Windows Defender:
================
Date: 2024-04-19 20:38:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4C0D6CD-2786-411A-94B7-6EB3DCB756B6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-04-19 12:54:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7C898EC4-48B8-4150-910C-80B808CACEAB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-04-16 19:13:35
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B58BEACD-F3BA-45B6-84BB-E09EF3FA27A7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-04-16 19:06:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A59AEE59-260C-4FDA-A457-3A9E24113734}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-04-16 17:38:16
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {896DA8BA-32F8-4868-9FFF-B554B0AC8ED2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-04-18 19:23:59
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.409.364.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24030.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X200MA.501 07/09/2014
Motherboard: ASUSTeK COMPUTER INC. X200MA
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3982.69 MB
Available physical RAM: 1641 MB
Total Virtual: 6158.69 MB
Available Virtual: 3721.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.25 GB) (Free:427.26 GB) (Model: WDC WD5000LPVX-80V0TT0) NTFS
\\?\Volume{a2f47a44-3450-4046-88a9-97c2c02260c0}\ () (Fixed) (Total:0.5 GB) (Free:0.47 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC - prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\DumpStack.log.tmp
C:\Users\rstej\favorites\c.bat
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
- Návštěvník
- Příspěvky: 5
- Registrován: 23 dub 2024 17:34
Re: Pomalé PC - prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (24-04-2024 20:41:32) Run:3
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\DumpStack.log.tmp
C:\Users\rstej\favorites\c.bat
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
C:\Windows\System32\Tasks\Trojan Killer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => removed successfully
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Users\rstej\favorites\c.bat => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14738984 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1756809 B
Edge => 0 B
Chrome => 387821123 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
rstej => 588961 B
RecycleBin => 1089678 B
EmptyTemp: => 387.9 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-04-2024 20:44:15)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 20:44:15 ====
Ran by rstej (24-04-2024 20:41:32) Run:3
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\DumpStack.log.tmp
C:\Users\rstej\favorites\c.bat
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
C:\Windows\System32\Tasks\Trojan Killer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => removed successfully
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Users\rstej\favorites\c.bat => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14738984 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1756809 B
Edge => 0 B
Chrome => 387821123 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
rstej => 588961 B
RecycleBin => 1089678 B
EmptyTemp: => 387.9 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-04-2024 20:44:15)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 20:44:15 ====
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC - prosím o kontrolu logu
OK. Jak to vypadá nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.