Hezký den,
prosím o kontrolu. V oznamovací oblasti vyskočilo oznámení, že je počítač zavirovaný a že mám klepnout na odkaz v oznámení...
K tomu disk stále hrabe na 100%
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.02.2024
Ran by Jana (administrator) on LATITUDE-E5450 (Dell Inc. Latitude E5450) (18-02-2024 18:37:56)
Running from C:\Users\Jana\Desktop\FRST64.exe
Loaded Profiles: Jana
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.128\Installer\setup.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Jana\AppData\Local\Microsoft\OneDrive\24.023.0131.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(spoolsv.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jana\AppData\Local\Microsoft\OneDrive\24.023.0131.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3989_none_7ddb45627cb30e03\TiWorker.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779152 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [18113784 2018-12-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805376 2018-10-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\Run: [MicrosoftEdgeAutoLaunch_1DCFC33FDD0C888F6A149A13AC8253CE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\CNAB4 Monitor: C:\WINDOWS\system32\CNAB4LMD.DLL [58880 2012-10-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-18] (Google LLC -> Google LLC)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2019-06-19]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2018-10-26]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC. -> CANON INC.)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {EEDE4E71-099F-4215-90AA-9E43F7A3D416} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {6834B61A-BE29-457E-9370-C82ED2115A0C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {34BF55C1-716A-495A-AC6F-50B9D099FC92} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E62CE800-0537-4D7B-952B-438020E6EB17} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {89915A14-9F85-4D06-AA99-B7F52068C9CA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C84E694-002E-4F89-BC5F-0FF741310DE1} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4436272 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {07F757BA-B2D1-4B8C-8BA3-7ABA0344C968} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A42A923-9485-438E-BC7D-CAB754285E8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F9CCDE4-3FEF-4F46-9759-D9760FA1E3A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {81B6E472-2EE9-48DC-B4BB-A042A71C6560} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1A26D0C-D1FB-4141-9C98-C9D467732D9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE937F8A-E118-4503-8091-B44A03E2CD5C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-19] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FF46C4F8-584A-47FC-9C87-7D5A57793750} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {989759DF-769B-48BD-AF6D-C06EBAB9A96F} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{749910b1-ef26-45e6-9cf6-b4d6f467a8a5}: [DhcpNameServer] 10.191.111.110 10.191.111.120 10.191.203.50
Tcpip\..\Interfaces\{749910b1-ef26-45e6-9cf6-b4d6f467a8a5}: [DhcpDomain] ovhut.cz
Tcpip\..\Interfaces\{a5dc0024-1839-4d26-9865-02e50d39c53c}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\146796F6E6F575966496: [DhcpNameServer] 172.16.0.1 195.46.39.40
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\146796F6E6F575966496: [DhcpDomain] intern
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\94E4455425E45445025374: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\94E4455425E45445025374: [DhcpDomain] Home
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\94E4455425E454450255E4946494: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\94E4455425E454450255E4946494: [DhcpDomain] Home
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\F423D294E6475627E65647D234231323: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\F423D294E6475627E65647D25374D2834303: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f330863b-2fb8-4ac6-9e83-0e60af9cbac2}\F423D294E6475627E65647D25374D2834303: [DhcpDomain] Home
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jana\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-18]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-24]
Edge Extension: (Abcd PDF) - C:\Users\Jana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iicjlohkojjngbbienlgmlikgdhloegi [2021-12-30]
Edge Extension: (Edge relevant text changes) - C:\Users\Jana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
FireFox:
========
FF DefaultProfile: rzdcgzkm.default
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\rzdcgzkm.default [2022-11-06]
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\2ujjz371.default-release [2024-02-18]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default [2024-02-18]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://quickdatingpoint.top; hxxps://www.nev-dama.cz
CHR Extension: (Dokumenty Google offline) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-19]
CHR Extension: (Abcd PDF) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicjlohkojjngbbienlgmlikgdhloegi [2021-11-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-20]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [114960 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
R2 EPWD; C:\Program Files (x86)\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe [293112 2018-08-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [5879544 2018-12-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [29160 2018-07-27] (Dell Inc -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-18 18:37 - 2024-02-18 18:43 - 000019853 _____ C:\Users\Jana\Desktop\FRST.txt
2024-02-18 18:28 - 2024-02-18 18:29 - 008797968 _____ (Malwarebytes) C:\Users\Jana\Downloads\adwcleaner.exe
2024-02-18 17:57 - 2024-02-18 18:02 - 000028659 _____ C:\Users\Jana\Desktop\Additionprvni.txt
2024-02-18 17:52 - 2024-02-18 17:52 - 000000000 ___HD C:\$WinREAgent
2024-02-18 17:48 - 2024-02-18 18:02 - 000026637 _____ C:\Users\Jana\Desktop\FRSTprvni.txt
2024-02-18 17:46 - 2024-02-18 18:40 - 000000000 ____D C:\FRST
2024-02-18 17:35 - 2024-02-18 17:35 - 000000000 ___HD C:\OneDriveTemp
2024-02-18 17:27 - 2024-02-18 17:29 - 002390016 _____ (Farbar) C:\Users\Jana\Desktop\FRST64.exe
2024-02-18 17:07 - 2024-02-18 17:07 - 000001275 _____ C:\Users\Jana\Desktop\ESET Online Scanner.lnk
2024-02-18 16:58 - 2024-02-18 17:06 - 000001381 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-02-18 16:57 - 2024-02-18 16:57 - 015274968 _____ (ESET) C:\Users\Jana\Downloads\esetonlinescanner.exe
2024-02-18 16:57 - 2024-02-18 16:57 - 000000000 ____D C:\Users\Jana\AppData\Local\ESET
2024-02-10 17:37 - 2024-02-10 17:39 - 001248588 _____ C:\WINDOWS\Minidump\021024-34625-01.dmp
2024-02-08 19:37 - 2024-02-08 19:37 - 000028233 _____ C:\Users\Jana\Downloads\objednávka-831311.pdf
2024-02-07 11:01 - 2024-02-07 11:01 - 000078537 _____ C:\Users\Jana\Downloads\2024-02-01-2001485523-sluzby_v_pevne_siti-fs.pdf
2024-02-07 10:58 - 2024-02-07 10:58 - 000001279 _____ C:\Users\Jana\Downloads\2024-02-01-2001485523-sluzby_v_pevne_siti-s.csv.zip
2024-01-29 17:34 - 2024-01-29 17:34 - 000152501 _____ C:\Users\Jana\Desktop\Výběrové řízení - ZŠ a MŠ Staříč.pdf
2024-01-25 15:40 - 2024-01-25 15:40 - 000434796 _____ C:\Users\Jana\Downloads\Výpis z účtu Úvěru od Buřinky (1).pdf
2024-01-25 15:40 - 2024-01-25 15:40 - 000050526 _____ C:\Users\Jana\Downloads\Potvrzení o úrocích (2).pdf
2024-01-19 17:29 - 2024-01-19 17:29 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-01-19 17:28 - 2024-02-18 16:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-18 18:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-18 18:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-18 18:40 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-18 18:26 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-18 17:53 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-18 17:39 - 2018-08-13 09:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-18 17:35 - 2022-12-16 16:14 - 000000000 ___RD C:\Users\Jana\OneDrive - Univerzita Tomáše Bati ve Zlíně
2024-02-18 17:12 - 2020-06-12 12:36 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-18 17:12 - 2020-06-12 12:36 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-18 16:58 - 2018-08-10 11:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-18 16:55 - 2021-12-19 20:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-18 16:55 - 2018-10-21 08:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-18 16:55 - 2018-10-21 08:48 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-18 16:51 - 2022-11-06 14:42 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-18 16:49 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-18 16:46 - 2018-08-10 11:58 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-18 16:43 - 2018-08-10 10:18 - 000000000 __SHD C:\Users\Jana\IntelGraphicsProfiles
2024-02-18 16:43 - 2018-08-10 10:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-02-14 18:35 - 2021-12-13 16:26 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2613768656-1866664547-1641146514-1001
2024-02-14 18:35 - 2021-04-14 19:55 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2613768656-1866664547-1641146514-1001
2024-02-14 18:35 - 2021-04-14 19:41 - 000002378 _____ C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-10 18:11 - 2021-04-14 19:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-10 18:11 - 2021-04-14 19:36 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-10 18:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-10 18:11 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-02-10 17:40 - 2021-05-30 09:29 - 000000000 ____D C:\WINDOWS\Minidump
2024-02-10 17:37 - 2021-06-14 15:09 - 1098141693 _____ C:\WINDOWS\MEMORY.DMP
2024-02-08 20:14 - 2021-04-14 19:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-07 10:50 - 2021-04-14 19:50 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-07 10:50 - 2019-12-07 15:43 - 000684862 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-07 10:50 - 2019-12-07 15:43 - 000137626 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-07 10:44 - 2022-11-06 14:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-06 15:10 - 2021-04-14 19:55 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-06 15:10 - 2021-04-14 19:55 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-01 12:41 - 2018-11-01 16:53 - 000018938 _____ C:\Users\Jana\Desktop\plyn.xlsx
2024-01-24 17:25 - 2022-11-06 14:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-19 19:54 - 2021-04-14 19:36 - 000437136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-19 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-19 17:29 - 2018-10-21 08:48 - 000000000 ____D C:\Program Files (x86)\Google
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.02.2024
Ran by Jana (18-02-2024 18:47:29)
Running from C:\Users\Jana\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) (2021-04-14 18:55:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2613768656-1866664547-1641146514-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2613768656-1866664547-1641146514-503 - Limited - Disabled)
Guest (S-1-5-21-2613768656-1866664547-1641146514-501 - Limited - Disabled)
Jana (S-1-5-21-2613768656-1866664547-1641146514-1001 - Administrator - Enabled) => C:\Users\Jana
WDAGUtilityAccount (S-1-5-21-2613768656-1866664547-1641146514-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - )
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{74117219-F4F7-4CB7-98A2-AAF9D6D9928C}) (Version: 3.4.8.14 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.215 - ALPSALPINE CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.185 - Google LLC)
Check Point VPN (HKLM-x32\...\{FF3FC376-CBEA-4CF3-A931-E5FD95D640E0}) (Version: 98.61.112 - Check Point Software Technologies Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.128 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\OneDriveSetup.exe) (Version: 24.023.0131.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 121.0.1 (x64 cs)) (Version: 121.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 106.0.5 - Mozilla)
Navigation Updater (HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\{e31c67e1-784d-4ced-9ff9-bfdfacdeb5a7}) (Version: 2.2.2.0 - HYUNDAI MOTOR GROUP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
Skype verze 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2023-12-09] (Microsoft) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2613768656-1866664547-1641146514-1001_Classes\CLSID\{04271989-4A69-3C15-1592-D267C23B6D70} -> [OneDrive - Univerzita Tomáše Bati ve Zlíně] => C:\Users\Jana\OneDrive - Univerzita Tomáše Bati ve Zlíně [2022-12-16 16:14]
CustomCLSID: HKU\S-1-5-21-2613768656-1866664547-1641146514-1001_Classes\CLSID\{04271989-C4D2-968D-8DFA-38C13479EBAD} -> [OneDrive - GFG Alliance] => C:\Users\Jana\OneDrive - GFG Alliance [2019-11-24 15:58]
CustomCLSID: HKU\S-1-5-21-2613768656-1866664547-1641146514-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Jana\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2613768656-1866664547-1641146514-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Jana\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-08-13 09:33 - 2018-08-13 09:33 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2018-08-13 09:33 - 2018-08-13 09:33 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\...\sharepoint.com -> hxxps://dataeur-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-11-04 20:10 - 2019-11-04 20:15 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2613768656-1866664547-1641146514-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{A7689A8E-30DE-46F7-9D4F-BA798A61DD15}C:\users\jana\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jana\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AF9D4A54-D1D1-413F-AD16-D163256717D4}C:\users\jana\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jana\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{1452E23F-4746-4529-8508-3F1A00AD9B28}C:\users\jana\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\jana\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{D7BEFC12-96EA-4963-8C0B-8FA5A9788E2B}C:\users\jana\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\jana\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC9FBD7D-545F-4A67-B782-1745AD0360D0}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{7FE476E9-6B5B-4D11-B51B-923468E443A0}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
FirewallRules: [{CF82CE51-8A18-4DCF-BC43-4FEDA9334470}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D27B06EB-8142-4A0C-A1B7-572B9AAACFD4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32863E4D-11C6-4FC8-AD2A-762195F02850}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{443CF2AF-3BE2-4D4C-9525-3622BF9F604A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A29FA3B9-0089-4D4A-9252-53BF62E015EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AE40BB5B-A574-4AAC-A525-58A618C2BE3B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CD32A4AE-7F0F-4856-B5CA-1CFE91899892}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FBE6A6B6-4640-4DA6-AD62-1D7BEB30D1D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4C09F78-8F78-4AA0-831D-9A9572271609}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E58E82B-A116-4C0F-A2EC-24EA47BAA711}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97F48A0C-7D34-4922-A70B-E8E1D0F54D6F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70985BE3-5003-4C22-BFFB-978CC0C516B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{814E6F20-12E1-4BF5-ADA3-4D035C863674}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
03-02-2024 20:07:08 Naplánovaný kontrolní bod
18-02-2024 17:09:32 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/18/2024 06:36:28 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c48) se zjistila nekonzistence dat.
Error: (02/18/2024 06:36:28 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c48) se zjistila nekonzistence dat.
Error: (02/18/2024 06:36:25 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,18) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c48) se zjistila nekonzistence dat.
Error: (02/18/2024 06:33:35 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c4a) se zjistila nekonzistence dat.
Error: (02/18/2024 06:33:35 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c4a) se zjistila nekonzistence dat.
Error: (02/18/2024 06:33:35 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,18) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c4a) se zjistila nekonzistence dat.
Error: (02/18/2024 06:02:39 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c48) se zjistila nekonzistence dat.
Error: (02/18/2024 06:02:39 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (8996,D,19) WebCacheLocal: V tabulce BlobEntry_129 databáze C:\Users\Jana\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (524, 0x8000000080000c48) se zjistila nekonzistence dat.
System errors:
=============
Error: (02/18/2024 05:44:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200b): Aktualizace bezpečnostních informací pro Microsoft Defender Antivirus – KB2267602 (verze 1.405.207.0) – Aktuální kanál (široká distribuce).
Error: (02/18/2024 05:41:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (02/18/2024 05:41:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).
Error: (02/18/2024 05:12:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.
Error: (02/18/2024 05:12:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Jana\AppData\Local\Temp\ehdrv.sys
Error: (02/18/2024 05:12:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.
Error: (02/18/2024 05:12:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Jana\AppData\Local\Temp\ehdrv.sys
Error: (02/18/2024 05:12:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.
Windows Defender:
================
Date: 2024-02-04 17:19:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FAD1EBE4-0D12-436F-B0EF-11F4E8957A2E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-11-19 21:32:45
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EB9D2B55-AA61-4AED-814C-8F63B77419C9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-11-19 20:56:13
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {05FBA226-74B8-4311-B8E5-593C22380F1C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-11-13 18:58:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {14FD1388-1A79-4560-AE8B-1B5DC96FD82D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-11-09 19:07:50
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {015537DA-B150-4AF6-9751-4FD2F6BC2F61}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-02-18 17:10:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.3739.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2024-02-03 16:04:12
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.2949.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2024-02-03 16:04:12
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.2949.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2024-02-03 16:04:12
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.2949.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2024-02-03 16:04:12
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.2949.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80072efe
Popis chyby: Spojení se serverem bylo nenormálně ukončeno.
CodeIntegrity:
===============
Date: 2023-11-19 20:55:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-09 17:52:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-23 18:04:34
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2023-09-24 10:25:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-09-01 19:44:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-05 21:44:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-06-20 07:15:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-06-09 17:45:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A19 01/23/2018
Motherboard: Dell Inc. 0C7K68
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 64%
Total physical RAM: 8067.4 MB
Available physical RAM: 2881.03 MB
Total Virtual: 9347.4 MB
Available Virtual: 3770.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.16 GB) (Free:354.03 GB) (Model: TOSHIBA MQ02ABF050H) NTFS
\\?\Volume{aa90e4c7-762f-4af2-9f15-57f7c2ad72dc}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS
\\?\Volume{a1af9e67-351b-4441-918e-1731b63195e3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5A1CDFD0)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Disk stále na 100% a "virus" v oznamovací oblasti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Disk stále na 100% a "virus" v oznamovací oblasti
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Disk stále na 100% a "virus" v oznamovací oblasti
adwcleaner nic nenašel
# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-18-2024
# Duration: 00:00:07
# OS: Windows 10 (Build 19045.3930)
# Scanned: 32096
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1420 octets] - [18/02/2024 19:23:17]
AdwCleaner[S01].txt - [1481 octets] - [18/02/2024 19:24:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-18-2024
# Duration: 00:00:07
# OS: Windows 10 (Build 19045.3930)
# Scanned: 32096
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1420 octets] - [18/02/2024 19:23:17]
AdwCleaner[S01].txt - [1481 octets] - [18/02/2024 19:24:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Disk stále na 100% a "virus" v oznamovací oblasti
Nic tam není. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
Task: {EEDE4E71-099F-4215-90AA-9E43F7A3D416} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\DumpStack.log.tmp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Disk stále na 100% a "virus" v oznamovací oblasti
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.02.2024
Ran by Jana (18-02-2024 20:09:57) Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {EEDE4E71-099F-4215-90AA-9E43F7A3D416} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\DumpStack.log.tmp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEDE4E71-099F-4215-90AA-9E43F7A3D416}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDE4E71-099F-4215-90AA-9E43F7A3D416}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF}" => removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterInternalService123.0.6288.0 => removed successfully
GoogleUpdaterInternalService123.0.6288.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterService123.0.6288.0 => removed successfully
GoogleUpdaterService123.0.6288.0 => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 103657310 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 40151829 B
Edge => 0 B
Chrome => 1110754823 B
Firefox => 234594984 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 38874264 B
Jana => 352078475 B
RecycleBin => 70684216 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-02-2024 20:17:22)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 20:17:22 ====
no vypadá to, že ty oznámení už se neobjevují...
Ran by Jana (18-02-2024 20:09:57) Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {EEDE4E71-099F-4215-90AA-9E43F7A3D416} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\DumpStack.log.tmp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEDE4E71-099F-4215-90AA-9E43F7A3D416}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDE4E71-099F-4215-90AA-9E43F7A3D416}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{2F0319B9-FA70-41EC-98E3-AE5AA75538BF}" => removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterInternalService123.0.6288.0 => removed successfully
GoogleUpdaterInternalService123.0.6288.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\GoogleUpdaterService123.0.6288.0 => removed successfully
GoogleUpdaterService123.0.6288.0 => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 103657310 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 40151829 B
Edge => 0 B
Chrome => 1110754823 B
Firefox => 234594984 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 38874264 B
Jana => 352078475 B
RecycleBin => 70684216 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-02-2024 20:17:22)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 20:17:22 ====
no vypadá to, že ty oznámení už se neobjevují...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Disk stále na 100% a "virus" v oznamovací oblasti
Smazáno. Jak to vypadá nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Disk stále na 100% a "virus" v oznamovací oblasti
vypadá to líp, nic už nevyskakuje, disk na rozumném zatížení.
mockrát díky
mockrát díky
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Disk stále na 100% a "virus" v oznamovací oblasti
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?