VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomalé PC - prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=159593

Stránka 1 z 1

Pomalé PC - prosím o kontrolu logu

Napsal: 23 dub 2024 18:14
od romanst811
Dobrý den. Jsem tady nový mohl bych požádat o kontrolu Logu? Děkuji předem

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 23 dub 2024 19:15
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment: [Anithas] powershell.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2024-04-17] (Adersoft -> Adersoft) <==== ATTENTION
C:\ProgramData\certlm.exe.manifest
C:\ProgramData\h.vbs
C:\ProgramData\S.bat
C:\ProgramData\readme_zh.md
C:\ProgramData\nbminer.exe
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_ergo.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\Test9
C:\ProgramData\Test8
C:\ProgramData\Test7
C:\ProgramData\Test6
C:\ProgramData\Test4
C:\ProgramData\Test3
C:\ProgramData\Test2
C:\ProgramData\Test17
C:\ProgramData\Test16
C:\ProgramData\Test15
C:\ProgramData\Test14
C:\ProgramData\Test13
C:\ProgramData\Test12
C:\ProgramData\Test11
C:\ProgramData\Test10
C:\ProgramData\Test1
C:\ProgramData\player9
C:\ProgramData\player8
C:\ProgramData\player7
C:\ProgramData\player6
C:\ProgramData\player5
C:\ProgramData\player4
C:\ProgramData\player3
C:\ProgramData\player2
C:\ProgramData\player17
C:\ProgramData\player16
C:\ProgramData\player15
C:\ProgramData\player14
C:\ProgramData\player13
C:\ProgramData\player12
C:\ProgramData\player11
C:\ProgramData\player10
C:\ProgramData\player1
C:\ProgramData\player
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{36EBCE55-BE6A-417F-95DF-86F8047B939F}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{71C5B9C7-AF3B-430D-8725-5020213C5BCB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{507C6264-F83D-4C3C-A5D5-58D0FB46450E}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
FirewallRules: [{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 23 dub 2024 19:38
od romanst811
Děkuji a tady je log. A chtěl bych vás ještě o pomoc jak se zbavit tohoto viz. příloha. Děkuji

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (23-04-2024 20:30:07) Run:1
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe" (No File)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment: [Anithas] powershell.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2024-04-17] (Adersoft -> Adersoft) <==== ATTENTION
C:\ProgramData\certlm.exe.manifest
C:\ProgramData\h.vbs
C:\ProgramData\S.bat
C:\ProgramData\readme_zh.md
C:\ProgramData\nbminer.exe
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_ergo.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\Test9
C:\ProgramData\Test8
C:\ProgramData\Test7
C:\ProgramData\Test6
C:\ProgramData\Test4
C:\ProgramData\Test3
C:\ProgramData\Test2
C:\ProgramData\Test17
C:\ProgramData\Test16
C:\ProgramData\Test15
C:\ProgramData\Test14
C:\ProgramData\Test13
C:\ProgramData\Test12
C:\ProgramData\Test11
C:\ProgramData\Test10
C:\ProgramData\Test1
C:\ProgramData\player9
C:\ProgramData\player8
C:\ProgramData\player7
C:\ProgramData\player6
C:\ProgramData\player5
C:\ProgramData\player4
C:\ProgramData\player3
C:\ProgramData\player2
C:\ProgramData\player17
C:\ProgramData\player16
C:\ProgramData\player15
C:\ProgramData\player14
C:\ProgramData\player13
C:\ProgramData\player12
C:\ProgramData\player11
C:\ProgramData\player10
C:\ProgramData\player1
C:\ProgramData\player
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{36EBCE55-BE6A-417F-95DF-86F8047B939F}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{71C5B9C7-AF3B-430D-8725-5020213C5BCB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe => No File
FirewallRules: [{507C6264-F83D-4C3C-A5D5-58D0FB46450E}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}] => (Block) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe => No File
FirewallRules: [{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File
FirewallRules: [{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Environment\\Anithas" => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" Folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C39D4B0-5067-4A6B-839A-5EC6FD2D9B50}" => removed successfully
C:\Windows\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
C:\ProgramData\certlm.exe.manifest => moved successfully
C:\ProgramData\h.vbs => moved successfully
C:\ProgramData\S.bat => moved successfully
C:\ProgramData\readme_zh.md => moved successfully
C:\ProgramData\nbminer.exe => moved successfully
C:\ProgramData\nbminer.exe.sha256 => moved successfully
C:\ProgramData\start_ergo.bat => moved successfully
C:\ProgramData\start_etc.bat => moved successfully
C:\ProgramData\start_beam.bat => moved successfully
C:\ProgramData\start_eth.bat => moved successfully
C:\ProgramData\start_conflux.bat => moved successfully
C:\ProgramData\start_rvn.bat => moved successfully
C:\ProgramData\driver_uninstall.bat => moved successfully
C:\ProgramData\driver_install.bat => moved successfully
C:\ProgramData\start_sero.bat => moved successfully
C:\ProgramData\modify_tdr_delay.reg => moved successfully
C:\ProgramData\start_ae.bat => moved successfully
C:\ProgramData\open_web_monitor.url => moved successfully
C:\ProgramData\start_config.bat => moved successfully

"C:\ProgramData\Test9" Folder move:

C:\ProgramData\Test9 => moved successfully

"C:\ProgramData\Test8" Folder move:

C:\ProgramData\Test8 => moved successfully

"C:\ProgramData\Test7" Folder move:

C:\ProgramData\Test7 => moved successfully

"C:\ProgramData\Test6" Folder move:

C:\ProgramData\Test6 => moved successfully

"C:\ProgramData\Test4" Folder move:

C:\ProgramData\Test4 => moved successfully

"C:\ProgramData\Test3" Folder move:

C:\ProgramData\Test3 => moved successfully

"C:\ProgramData\Test2" Folder move:

C:\ProgramData\Test2 => moved successfully

"C:\ProgramData\Test17" Folder move:

C:\ProgramData\Test17 => moved successfully

"C:\ProgramData\Test16" Folder move:

C:\ProgramData\Test16 => moved successfully

"C:\ProgramData\Test15" Folder move:

C:\ProgramData\Test15 => moved successfully

"C:\ProgramData\Test14" Folder move:

C:\ProgramData\Test14 => moved successfully

"C:\ProgramData\Test13" Folder move:

C:\ProgramData\Test13 => moved successfully

"C:\ProgramData\Test12" Folder move:

C:\ProgramData\Test12 => moved successfully

"C:\ProgramData\Test11" Folder move:

C:\ProgramData\Test11 => moved successfully

"C:\ProgramData\Test10" Folder move:

C:\ProgramData\Test10 => moved successfully

"C:\ProgramData\Test1" Folder move:

C:\ProgramData\Test1 => moved successfully

"C:\ProgramData\player9" Folder move:

C:\ProgramData\player9 => moved successfully

"C:\ProgramData\player8" Folder move:

C:\ProgramData\player8 => moved successfully

"C:\ProgramData\player7" Folder move:

C:\ProgramData\player7 => moved successfully

"C:\ProgramData\player6" Folder move:

C:\ProgramData\player6 => moved successfully

"C:\ProgramData\player5" Folder move:

C:\ProgramData\player5 => moved successfully

"C:\ProgramData\player4" Folder move:

C:\ProgramData\player4 => moved successfully

"C:\ProgramData\player3" Folder move:

C:\ProgramData\player3 => moved successfully

"C:\ProgramData\player2" Folder move:

C:\ProgramData\player2 => moved successfully

"C:\ProgramData\player17" Folder move:

C:\ProgramData\player17 => moved successfully

"C:\ProgramData\player16" Folder move:

C:\ProgramData\player16 => moved successfully

"C:\ProgramData\player15" Folder move:

C:\ProgramData\player15 => moved successfully

"C:\ProgramData\player14" Folder move:

C:\ProgramData\player14 => moved successfully

"C:\ProgramData\player13" Folder move:

C:\ProgramData\player13 => moved successfully

"C:\ProgramData\player12" Folder move:

C:\ProgramData\player12 => moved successfully

"C:\ProgramData\player11" Folder move:

C:\ProgramData\player11 => moved successfully

"C:\ProgramData\player10" Folder move:

C:\ProgramData\player10 => moved successfully

"C:\ProgramData\player1" Folder move:

C:\ProgramData\player1 => moved successfully

"C:\ProgramData\player" Folder move:

C:\ProgramData\player => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36EBCE55-BE6A-417F-95DF-86F8047B939F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71C5B9C7-AF3B-430D-8725-5020213C5BCB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CADDD30-6094-4E1B-A7E9-4FFCB2D65249}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6F29525-F3B2-46CF-ADE5-FA3A4281AC6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{507C6264-F83D-4C3C-A5D5-58D0FB46450E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1DB8B71-FFFA-4E6E-A1BA-5D7B490D6111}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A516F-FB70-4AEE-9DAB-8E8A80B91C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{533E9FBC-3FD8-44B6-9B18-4BE9CAB9C3F4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9513573 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 462250 B
Edge => 0 B
Chrome => 563583580 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5298 B
rstej => 71664877 B

RecycleBin => 52665 B
EmptyTemp: => 615.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:31:23 ====

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 23 dub 2024 21:08
od Rudy
Bylo smazáno. Neříkal jsem vám, abyste ten soubor spouštěl, ale smazal. Tyto *. bat soubory jsou s největší pravděpodobností šmejdy. Nastala po smazání nějaká změna?

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 12:37
od romanst811
Dobrý den. Bohužel se to objevuje stále a v PC to nemůžu nikde najít.

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 15:30
od JaRon
Vloz kolegovi aktualny log FRST

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 15:57
od romanst811
JaRon píše: 24 dub 2024 15:30 Vloz kolegovi aktualny log FRST
Tady jsou a děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by rstej (administrator) on DESKTOP-M2HVKN3 (ASUSTeK COMPUTER INC. X200MA) (24-04-2024 16:44:24)
Running from C:\Users\rstej\Desktop\FRST64.exe
Loaded Profiles: rstej
Platform: Microsoft Windows 10 Home Version 22H2 19045.4355 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\Run: [MicrosoftEdgeAutoLaunch_47DAD8DB3F29950FF6D2094A8F97770B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.61\Installer\chrmstp.exe [2024-04-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C4D5E76D-E2DB-4AEA-9EE3-1D2734732E53} - System32\Tasks\admin => C:\Users\rstej\Favorites\Systeem.vbs [625 2024-04-17] () [File not signed]
Task: {4729305F-7018-43FC-B805-B863F8AC5FD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CBB6383D-E61D-4C55-8B01-D7E737F9CC20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC20A780-1ABA-4D97-9FA8-5641565CFF34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {05AFA1CE-0085-4E1B-9011-9D9AF8B62A2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{b744aedd-16b8-4c2e-b3c2-afb35b6e5630}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{f681e542-3678-4b20-8943-144c36c1c037}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-23]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.co ... uckgo.com/"
Edge Extension: (Překladač Google) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-04-02]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2024-04-19]
Edge Extension: (VT4Browsers) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2024-04-18]
Edge Extension: (Dokumenty Google offline) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
Edge Extension: (Integrace do GNOME Shell) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gphhapmejobijbbhgpjhcjognlahblep [2024-04-02]
Edge Extension: (HP Network Check Launcher) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2024-04-02]
Edge Extension: (Edge relevant text changes) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-02]
Edge Extension: (uBlock Origin) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-04-09]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\rstej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2024-04-23]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default [2024-04-24]
CHR Notifications: Default -> hxxps://messages.google.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.co ... com/search"
CHR Extension: (Překladač Google) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-04-02]
CHR Extension: (uBlock Origin) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-04-02]
CHR Extension: (VT4Browsers) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2024-04-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
CHR Extension: (Integrace do GNOME Shell) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphhapmejobijbbhgpjhcjognlahblep [2024-04-02]
CHR Extension: (Prohlížeč DXF) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbfpaeoimiicejdjhmnlhkknclliibbm [2024-04-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2024-04-23]
CHR Extension: (HP Network Check Launcher) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2024-04-02]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2024-04-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\rstej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-02]
CHR HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2021-02-01] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13932248 2024-04-11] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 PlexUpdateService; C:\Program Files\Plex\Plex Media Server\Plex Update Service.exe [907264 2024-03-14] (Plex, Inc. -> Plex, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2017-04-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-24 16:44 - 2024-04-24 16:45 - 000011533 _____ C:\Users\rstej\Desktop\FRST.txt
2024-04-24 15:57 - 2024-04-24 15:57 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner_8.4.2.exe
2024-04-24 14:02 - 2024-04-24 14:02 - 000753184 _____ C:\Users\rstej\Downloads\Adware-Removal-Tool.exe
2024-04-24 14:00 - 2024-04-24 14:00 - 000271712 _____ (AVAST Software) C:\Users\rstej\Downloads\avast_one_free_antivirus.exe
2024-04-24 13:27 - 2024-04-24 13:27 - 000000000 ___HD C:\$WinREAgent
2024-04-23 21:50 - 2024-04-23 21:50 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner (1).exe
2024-04-23 21:13 - 2024-04-23 21:13 - 000014733 _____ C:\Users\rstej\Downloads\FRST Log.rar
2024-04-23 20:30 - 2024-04-24 13:01 - 000008640 _____ C:\Users\rstej\Desktop\Fixlog.txt
2024-04-23 20:16 - 2024-04-23 20:05 - 000143179 _____ C:\Users\rstej\Desktop\Vyuctovani_sluzeb_645_6_STIEBER RADISLAV.pdf
2024-04-23 20:16 - 2024-04-23 20:05 - 000109057 _____ C:\Users\rstej\Desktop\218027655005_Stieber_Radislav.pdf
2024-04-23 20:15 - 2024-04-23 20:15 - 000242768 _____ C:\Users\rstej\Downloads\prilohy_63076.zip
2024-04-23 19:52 - 2024-04-23 19:52 - 000003322 _____ C:\Windows\system32\Tasks\Trojan Killer
2024-04-23 19:50 - 2024-04-23 19:51 - 050689016 _____ (GridinSoft LLC) C:\Users\rstej\Downloads\gtk-2.2.4.4-setup.exe
2024-04-23 18:41 - 2024-04-24 16:45 - 000000000 ____D C:\FRST
2024-04-23 18:38 - 2024-04-23 18:38 - 002394112 _____ (Farbar) C:\Users\rstej\Desktop\FRST64.exe
2024-04-23 17:42 - 2024-04-23 17:46 - 000000000 ____D C:\ProgramData\Emsisoft
2024-04-23 17:41 - 2024-04-23 18:42 - 000000000 ____D C:\EEK
2024-04-23 17:39 - 2024-04-23 17:40 - 370918392 _____ C:\Users\rstej\Downloads\EmsisoftEmergencyKit.exe
2024-04-23 17:32 - 2024-04-23 18:09 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\MMC
2024-04-23 17:29 - 2024-04-23 17:29 - 000000000 ____D C:\Users\rstej\AppData\Local\D3DSCache
2024-04-23 17:26 - 2024-04-23 17:26 - 000000000 ____D C:\Windows\pss
2024-04-23 17:14 - 2024-04-23 17:15 - 000000000 ____D C:\AdwCleaner
2024-04-23 17:14 - 2024-04-23 17:14 - 008790880 _____ (Malwarebytes) C:\Users\rstej\Downloads\adwcleaner.exe
2024-04-23 16:22 - 2024-04-23 16:22 - 000000000 ____D C:\Users\rstej\AppData\Roaming\VS Revo Group
2024-04-23 16:09 - 2024-04-23 16:09 - 000000000 ____D C:\Users\rstej\AppData\Local\VS Revo Group
2024-04-23 16:08 - 2024-04-23 16:08 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-04-23 16:08 - 2024-04-23 16:08 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-23 16:06 - 2024-04-23 16:06 - 000006104 _____ C:\Users\rstej\Downloads\[SkT]Revo_Uninstaller_5.2.6_(x64).torrent
2024-04-23 16:06 - 2024-04-23 16:06 - 000000000 ____D C:\Users\rstej\Downloads\Revo Uninstaller Pro
2024-04-19 16:47 - 2024-04-19 16:47 - 000644529 _____ C:\Users\rstej\Downloads\Omio_Print_Tickets_0874060870607734.pdf
2024-04-19 13:58 - 2024-04-19 13:58 - 000142066 _____ C:\Users\rstej\Desktop\pata jizdenka.pdf
2024-04-19 13:37 - 2024-04-19 13:37 - 000142172 _____ C:\Users\rstej\Desktop\ticket-2024-04-19T11_33_29.352699346.pdf
2024-04-19 13:33 - 2024-04-19 13:33 - 000644529 _____ C:\Users\rstej\Downloads\ticket-2024-04-19T11_33_29.352699346.pdf
2024-04-19 10:01 - 2024-04-19 10:01 - 000073327 _____ C:\Users\rstej\Downloads\Místa_měření_Speedmaraton.xlsx
2024-04-18 19:45 - 2024-04-18 19:45 - 004343357 _____ C:\Users\rstej\Desktop\P-ru-ka.pdf
2024-04-18 11:32 - 2024-04-23 16:20 - 000002922 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1263269243-1539239694-1485521802-1001
2024-04-17 17:51 - 2024-04-23 16:20 - 000003704 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{86512161-7583-42A0-AF9E-B559352962DF}
2024-04-17 17:51 - 2024-04-23 16:20 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1F5362B3-889E-45A0-9FB6-758C87E2A8BE}
2024-04-17 17:49 - 2024-04-23 16:20 - 000003126 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1263269243-1539239694-1485521802-1001
2024-04-17 11:00 - 2024-04-17 11:04 - 002654720 _____ (Microsoft Edge) C:\Users\Public\Microsoft Edge.exe
2024-04-17 10:59 - 2021-08-20 17:28 - 000033271 _____ C:\ProgramData\readme.md
2024-04-17 10:58 - 2024-04-17 10:58 - 000003546 _____ C:\Windows\system32\Tasks\admin
2024-04-17 10:57 - 2024-04-17 10:58 - 000000000 ____D C:\Users\rstej\AppData\Local\Seed4Me
2024-04-17 10:57 - 2024-04-17 10:57 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Key
2024-04-17 10:56 - 2024-04-17 10:56 - 000000000 ____D C:\ProgramData\Test5
2024-04-15 16:30 - 2024-04-24 16:44 - 000000000 ____D C:\Users\rstej\Desktop\Nová složka
2024-04-15 15:19 - 2024-04-15 15:42 - 000000000 ____D C:\ProgramData\Glarysoft
2024-04-15 15:19 - 2024-04-15 15:19 - 000000000 ____D C:\Users\rstej\AppData\Roaming\GlarySoft
2024-04-15 14:05 - 2024-04-15 14:05 - 000000000 ____D C:\Users\rstej\AppData\Roaming\QtProject
2024-04-12 18:28 - 2024-04-23 15:00 - 000000000 ____D C:\Users\rstej\AppData\Local\Plex Media Server
2024-04-12 18:26 - 2024-04-12 18:26 - 000001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server.lnk
2024-04-12 18:25 - 2024-04-12 18:25 - 000000000 ____D C:\Program Files\Plex
2024-04-12 14:51 - 2024-04-12 14:51 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-11 14:04 - 2024-04-11 14:38 - 000000000 ____D C:\Users\rstej\AppData\Local\Rufus
2024-04-10 14:19 - 2024-04-10 14:19 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-08 17:31 - 2024-04-10 11:25 - 000000000 ____D C:\Users\rstej\AppData\Roaming\16HD
2024-04-08 17:26 - 2024-04-08 17:26 - 000000000 ____D C:\Program Files\LSoft Technologies
2024-04-07 18:27 - 2024-04-07 18:27 - 000000000 ____D C:\AnyMP4 Studio
2024-04-07 17:42 - 2024-04-07 17:42 - 000000000 ___HD C:\AnyMP4 Temp
2024-04-07 17:41 - 2024-04-07 17:41 - 000000000 ____D C:\Users\rstej\AppData\Local\AnyMP4 Studio
2024-04-07 17:40 - 2024-04-07 17:40 - 000000000 ____D C:\Program Files\AnyMP4 Studio
2024-04-06 12:14 - 2024-04-06 12:17 - 000000000 ____D C:\Users\rstej\AppData\LocalLow\Adobe
2024-04-06 12:14 - 2024-04-06 12:17 - 000000000 ____D C:\Users\rstej\AppData\Local\Adobe
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Roaming\com.adobe.dunamis
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Local\SolidDocuments
2024-04-06 12:14 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\.ms-ad
2024-04-06 11:58 - 2024-04-06 11:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-04-06 11:55 - 2024-04-06 12:28 - 000000000 ____D C:\ProgramData\Adobe
2024-04-06 11:55 - 2024-04-06 12:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-06 11:55 - 2024-04-06 11:55 - 000000000 ____D C:\Program Files\Adobe
2024-04-05 20:32 - 2024-04-05 20:32 - 000000000 ___HD C:\OneDriveTemp
2024-04-05 16:34 - 2024-04-05 16:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Proof
2024-04-05 15:34 - 2024-04-05 15:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\PowerPoint
2024-04-05 15:33 - 2024-04-05 15:33 - 020428997 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022.xlsx
2024-04-05 15:32 - 2024-04-05 15:32 - 016807273 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022.pptx
2024-04-05 15:32 - 2024-04-05 15:32 - 016807273 _____ C:\Users\rstej\Downloads\ROBE_Product_Guide_2022 (1).pptx
2024-04-05 15:26 - 2024-04-05 15:26 - 000134027 _____ C:\Users\rstej\Downloads\export_montaz_seznam.xls
2024-04-05 15:01 - 2024-04-05 15:01 - 000215106 _____ C:\Users\rstej\Downloads\Inventura 2024_V2.pdf
2024-04-05 15:00 - 2024-04-05 15:00 - 000000000 ____D C:\Users\rstej\Documents\Vlastní šablony Office
2024-04-05 14:56 - 2024-04-05 16:34 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\UProof
2024-04-05 14:55 - 2024-04-19 10:08 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Excel
2024-04-05 14:55 - 2024-04-05 14:55 - 000040615 _____ C:\Users\rstej\Downloads\Inventura 2024_V2.xlsx
2024-04-05 14:33 - 2024-04-05 14:33 - 000000000 ____D C:\Users\rstej\AppData\Local\Microsoft_Corporation
2024-04-05 14:31 - 2024-04-05 14:31 - 000000985 _____ C:\Users\rstej\Downloads\W10-Store.zip
2024-04-05 09:40 - 2024-04-19 10:08 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Word
2024-04-05 09:40 - 2024-04-05 14:55 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Office
2024-04-05 09:40 - 2024-04-05 09:40 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\AddIns
2024-04-05 09:35 - 2024-04-05 09:35 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-04-05 09:35 - 2024-04-05 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2024-04-05 09:26 - 2024-04-12 14:47 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-05 09:26 - 2024-04-05 09:26 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-04-05 09:17 - 2024-04-05 09:17 - 000000000 ____D C:\Users\rstej\AppData\Roaming\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-04-05 09:13 - 2024-04-05 09:13 - 000000000 ____D C:\Program Files\WinRAR
2024-04-04 20:46 - 2024-04-04 20:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2024-04-04 17:41 - 2024-04-04 17:41 - 000000000 ____D C:\Users\rstej\AppData\Local\Backup
2024-04-03 12:38 - 2024-04-03 12:38 - 000000000 ____D C:\Users\rstej\AppData\Roaming\MediaInfo
2024-04-03 12:07 - 2024-04-14 11:58 - 000000000 ____D C:\Users\rstej\AppData\Roaming\vlc
2024-04-03 12:06 - 2024-04-03 12:06 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2024-04-03 12:06 - 2024-04-03 12:06 - 000000885 _____ C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2024-04-03 12:06 - 2024-04-03 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2024-04-03 12:06 - 2024-04-03 12:06 - 000000000 ____D C:\Program Files\MediaInfo
2024-04-03 12:05 - 2024-04-03 12:05 - 000000000 ____D C:\Program Files\VideoLAN
2024-04-03 11:09 - 2024-04-03 11:09 - 000020861 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-03 11:08 - 2024-04-03 11:08 - 000020861 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-03 09:46 - 2024-04-03 09:46 - 000000000 ____D C:\Users\rstej\AppData\Local\ChanSort
2024-04-03 09:29 - 2024-04-03 09:29 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-04-03 09:24 - 2024-04-03 09:24 - 000000000 ____D C:\Users\rstej\Downloads\ChanSort_2024-02-25
2024-04-02 21:19 - 2024-04-02 21:19 - 000000000 ____D C:\Users\rstej\Downloads\Smetak
2024-04-02 21:13 - 2024-04-02 21:13 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-04-02 20:58 - 2024-04-03 12:09 - 000000000 ____D C:\Windows\InboxApps
2024-04-02 18:32 - 2024-04-21 17:42 - 000000506 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-04-02 17:39 - 2024-04-02 17:39 - 000000000 ____D C:\Users\rstej\AppData\Local\Comms
2024-04-02 17:22 - 2024-04-24 15:18 - 000000000 __SHD C:\Users\rstej\IntelGraphicsProfiles
2024-04-02 17:22 - 2024-04-02 17:22 - 000000000 ____D C:\ProgramData\PLUG
2024-04-02 17:21 - 2024-04-02 17:21 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2024-04-02 17:09 - 2024-04-05 09:00 - 000000000 ____D C:\Windows\Panther
2024-04-02 17:00 - 2024-04-23 15:14 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-02 17:00 - 2024-04-23 15:14 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-02 17:00 - 2024-04-02 17:00 - 000000000 ____D C:\Users\rstej\AppData\Local\Google
2024-04-02 16:59 - 2024-04-24 16:22 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-02 16:59 - 2024-04-02 16:59 - 000000000 ____D C:\Program Files\Google
2024-04-02 16:57 - 2024-04-23 16:07 - 000000000 ____D C:\Users\rstej\AppData\Roaming\uTorrent
2024-04-02 16:57 - 2024-04-05 10:03 - 000000995 _____ C:\Users\rstej\Desktop\µTorrent.lnk
2024-04-02 16:57 - 2024-04-02 16:57 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2024-04-02 16:54 - 2024-04-10 11:57 - 000000000 ____D C:\Windows\system32\MRT
2024-04-02 16:48 - 2024-04-02 16:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-04-02 16:47 - 2024-04-24 13:47 - 000000000 ____D C:\Program Files\RUXIM
2024-04-02 16:41 - 2024-04-02 17:29 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Spelling
2024-04-02 16:37 - 2024-04-21 16:13 - 000000000 ___RD C:\Users\rstej\OneDrive
2024-04-02 16:36 - 2024-04-02 21:15 - 000000000 ____D C:\Users\rstej\AppData\Local\PlaceholderTileLogoFolder
2024-04-02 16:35 - 2024-04-02 16:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-04-02 16:33 - 2024-04-23 16:19 - 000000000 ____D C:\Users\rstej\AppData\Local\Packages
2024-04-02 16:33 - 2024-04-06 12:34 - 000000000 ____D C:\ProgramData\Packages
2024-04-02 16:33 - 2024-04-06 12:14 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Adobe
2024-04-02 16:33 - 2024-04-02 17:22 - 000000000 ____D C:\Users\rstej\AppData\Local\ConnectedDevicesPlatform
2024-04-02 16:33 - 2024-04-02 16:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Crypto
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ___RD C:\Users\rstej\3D Objects
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Vault
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Network
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Local\VirtualStore
2024-04-02 16:33 - 2024-04-02 16:33 - 000000000 ____D C:\Users\rstej\AppData\Local\Publishers
2024-04-02 16:32 - 2024-04-02 16:32 - 000000000 ____D C:\Windows\SysWOW64\sda
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\SystemCertificates
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Program Files\Intel
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Program Files (x86)\Intel
2024-04-02 16:31 - 2024-04-02 16:31 - 000000000 ____D C:\Intel
2024-04-02 16:30 - 2024-04-24 15:18 - 000000000 ____D C:\Users\rstej
2024-04-02 16:30 - 2024-04-23 15:23 - 000002381 _____ C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-02 16:30 - 2024-04-02 17:38 - 000000000 ____D C:\Users\rstej\AppData\Roaming\Microsoft\Windows
2024-04-02 16:30 - 2024-04-02 16:30 - 000000020 ___SH C:\Users\rstej\ntuser.ini
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Šablony
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Soubory cookie
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Poslední
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Okolní tiskárny
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Okolní síť
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Nabídka Start
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Dokumenty
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Obrázky
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Hudba
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Documents\Filmy
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\Data aplikací
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 _SHDL C:\Users\rstej\AppData\Local\Data aplikací
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Protect
2024-04-02 16:30 - 2024-04-02 16:30 - 000000000 ___SD C:\Users\rstej\AppData\Roaming\Microsoft\Credentials
2024-04-02 16:23 - 2024-04-24 15:10 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Šablony
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Poslední
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Okolní síť
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Dokumenty
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Šablony
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Plocha
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Dokumenty
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\ProgramData\Data aplikací
2024-04-02 16:19 - 2024-04-02 16:19 - 000000000 _SHDL C:\Documents and Settings
2024-04-02 16:12 - 2024-04-21 11:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-02 16:12 - 2024-04-21 11:23 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-02 16:11 - 2024-04-10 11:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-02 16:11 - 2024-04-02 16:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-04-02 16:10 - 2024-04-24 15:05 - 000305864 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-02 16:10 - 2024-04-24 15:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-02 16:10 - 2024-04-24 15:04 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-02 16:10 - 2024-04-24 14:55 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-02 16:10 - 2024-04-02 16:10 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-24 16:22 - 2023-05-05 14:27 - 000000000 ____D C:\Windows\SystemTemp
2024-04-24 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2024-04-24 15:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-24 15:15 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2024-04-24 15:10 - 2019-12-07 16:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2024-04-24 15:10 - 2019-12-07 16:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2024-04-24 15:04 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-04-24 15:03 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-04-24 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-04-24 14:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-04-24 14:57 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2024-04-24 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2024-04-24 14:57 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2024-04-23 20:30 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-04-23 16:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-22 18:05 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2024-04-10 14:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-08 17:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Resources
2024-04-05 09:37 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 17:41 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-03 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2024-04-02 21:17 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-04-02 20:59 - 2019-12-07 16:41 - 000000000 ____D C:\Windows\SysWOW64\cs
2024-04-02 20:59 - 2019-12-07 16:41 - 000000000 ____D C:\Windows\system32\cs
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Sysprep
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Com
2024-04-02 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2024-04-02 20:58 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-04-02 20:58 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-04-02 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-04-02 18:48 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-04-02 18:47 - 2019-12-07 16:44 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-04-02 18:47 - 2019-12-07 16:44 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-04-02 18:47 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-04-02 17:09 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2024-04-02 17:07 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-04-02 16:30 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-04-02 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-02 16:21 - 2019-12-07 16:42 - 000000000 ____D C:\Windows\system32\FxsTmp
2024-04-02 16:21 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool
2024-04-02 16:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT

==================== Files in the root of some directories ========

2024-04-17 11:00 - 2024-04-17 11:04 - 002654720 _____ (Microsoft Edge) C:\Users\Public\Microsoft Edge.exe
2024-04-06 11:58 - 2024-04-06 11:58 - 000000410 _____ () C:\Users\rstej\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (24-04-2024 16:51:50)
Running from C:\Users\rstej\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4355 (X64) (2024-04-02 14:20:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1263269243-1539239694-1485521802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1263269243-1539239694-1485521802-503 - Limited - Disabled)
Guest (S-1-5-21-1263269243-1539239694-1485521802-501 - Limited - Disabled)
rstej (S-1-5-21-1263269243-1539239694-1485521802-1001 - Administrator - Enabled) => C:\Users\rstej
WDAGUtilityAccount (S-1-5-21-1263269243-1539239694-1485521802-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.61 - Google LLC)
MediaInfo 24.03 (HKLM\...\MediaInfo) (Version: 24.03 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - cs-cz (HKLM\...\ProPlus2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - sk-sk (HKLM\...\ProPlus2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\OneDriveSetup.exe) (Version: 24.081.0421.0001 - Microsoft Corporation)
Microsoft Project Professional 2024 - cs-cz (HKLM\...\ProjectPro2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Project Professional 2024 - sk-sk (HKLM\...\ProjectPro2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - cs-cz (HKLM\...\VisioPro2024Volume - cs-cz) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - sk-sk (HKLM\...\VisioPro2024Volume - sk-sk) (Version: 16.0.17610.20000 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17610.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17610.20000 - Microsoft Corporation) Hidden
Plex Media Server 1.40.1.8227 (x64) (HKLM\...\{688e1d8f-188e-49cd-83ca-2669a7e3f8cc}_is1) (Version: 1.40.1.8227 - Plex, Inc.)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WinRAR 7.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.00.0 - win.rar GmbH)

Packages:
=========

Vyhledávání na webu z Microsoft Bingu -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.92.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1263269243-1539239694-1485521802-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2024-04-24 13:01 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

2024-04-02 18:32 - 2024-04-21 17:42 - 000000506 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-M2HVKN3.mshome.net # 2029 4 5 20 15 42 7 91
192.168.137.151 LGSmartTV.mshome.net # 2024 4 0 28 15 42 7 91

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1263269243-1539239694-1485521802-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_47DAD8DB3F29950FF6D2094A8F97770B"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{E29DE231-DBEB-49F0-8A12-B599C6C48D14}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{4437FBFD-A491-4BA1-BB9A-11E5D62CAA5B}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{4FC9A359-AA50-4914-BD13-0135F45AAA85}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{67A97B67-2B83-47BC-A2AE-181362E33F7E}C:\users\rstej\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rstej\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{CF8E1E3A-8B05-485F-BD4B-84DC33982D00}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14F08EF6-5C15-4786-B8F8-A88A9FF3678E}] => (Allow) C:\Users\rstej\AppData\Roaming\uTorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{9EEDCC99-D90F-4711-8043-F79E236FA197}] => (Allow) C:\Users\rstej\AppData\Roaming\uTorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [{915FC472-FA2C-4EB1-9D67-90BC398731EC}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Inc. -> Adobe Systems, Incorporated)
FirewallRules: [{EFDAC982-4404-4321-B93A-42C5038D9B61}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Inc. -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{BB6A89B1-E3C6-413F-94E0-C336CDDC1F2F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{C5ECD653-6906-40C7-849A-6DD43DBB8F0A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{146CB060-5C5F-44A9-BC33-CA49E6BB45EA}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{B495C7F1-67CA-4113-A3A4-695C2E68FC5B}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{F5D32735-6F51-4DBC-9008-FF699F6BCBC5}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{220751F5-F18C-4516-8547-963E791EED84}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{0B9C415A-FA53-4BF7-B1BB-C92E97A3CB89}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DA9D0D51-F3F7-4EC9-B656-6346DACD145D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AE42BEC8-FC8C-438B-99A4-00EF557B2FB1}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group Ltd. -> VS Revo Group)
FirewallRules: [{9603A1D7-523E-4396-9A38-6B30250A8081}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group Ltd. -> VS Revo Group)
FirewallRules: [{B8635283-7FB0-4059-92C2-4152E7CA67EC}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe (VS Revo Group Ltd. -> Mirage Systems GmbH)
FirewallRules: [{69F5CF43-D2D1-403E-B547-7C94E657633B}] => (Block) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe (VS Revo Group Ltd. -> Mirage Systems GmbH)

==================== Restore Points =========================

24-04-2024 13:25:31 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/24/2024 04:54:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:54:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:53:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:53:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:52:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:52:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:51:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:39:41Z. Kód chyby: 0x80070002

Error: (04/24/2024 04:51:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2024-07-04T07:40:11Z. Kód chyby: 0x80070002


System errors:
=============
Error: (04/24/2024 04:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/24/2024 04:35:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/24/2024 04:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ClickToRunSvc neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.

Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba LanmanServer závisí na službě srv2, která neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.

Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba srv2 neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.

Error: (04/24/2024 03:04:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba tcpipreg neuspěla při spuštění v důsledku následující chyby:
Médium je chráněno proti zápisu.

Error: (04/24/2024 03:04:04 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba Winmgmt se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.


Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).


Windows Defender:
================
Date: 2024-04-19 20:38:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4C0D6CD-2786-411A-94B7-6EB3DCB756B6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-04-19 12:54:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7C898EC4-48B8-4150-910C-80B808CACEAB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-04-16 19:13:35
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B58BEACD-F3BA-45B6-84BB-E09EF3FA27A7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-04-16 19:06:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A59AEE59-260C-4FDA-A457-3A9E24113734}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-04-16 17:38:16
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {896DA8BA-32F8-4868-9FFF-B554B0AC8ED2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2024-04-18 19:23:59
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.409.364.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24030.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X200MA.501 07/09/2014
Motherboard: ASUSTeK COMPUTER INC. X200MA
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3982.69 MB
Available physical RAM: 1641 MB
Total Virtual: 6158.69 MB
Available Virtual: 3721.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.25 GB) (Free:427.26 GB) (Model: WDC WD5000LPVX-80V0TT0) NTFS

\\?\Volume{a2f47a44-3450-4046-88a9-97c2c02260c0}\ () (Fixed) (Total:0.5 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 17:02
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\DumpStack.log.tmp
C:\Users\rstej\favorites\c.bat

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 20:09
od romanst811
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by rstej (24-04-2024 20:41:32) Run:3
Running from C:\Users\rstej\Desktop
Loaded Profiles: rstej
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {F6260AE6-80AE-41BB-A49E-7F9FB2456E61} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => "%ProgramFiles%\RUXIM\PLUGscheduler.exe" (No File)
Task: {4ECC0A25-2768-4476-B549-9176746347CC} - System32\Tasks\Trojan Killer => "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" -startupscan (No File)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\DumpStack.log.tmp
C:\Users\rstej\favorites\c.bat

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6260AE6-80AE-41BB-A49E-7F9FB2456E61}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ECC0A25-2768-4476-B549-9176746347CC}" => removed successfully
C:\Windows\System32\Tasks\Trojan Killer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => removed successfully
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Users\rstej\favorites\c.bat => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14738984 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1756809 B
Edge => 0 B
Chrome => 387821123 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
rstej => 588961 B

RecycleBin => 1089678 B
EmptyTemp: => 387.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-04-2024 20:44:15)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 20:44:15 ====

Re: Pomalé PC - prosím o kontrolu logu

Napsal: 24 dub 2024 20:46
od Rudy
OK. Jak to vypadá nyní?
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz