Prosím o kontrolu logu - proces na pozadí

Zpráva

cormack · #1 Příspěvek od **cormack** » 25 bře 2024 12:04

Zdravím,
prosím o kontrolu logu. Pokud na PC nepracuji, tak dojde ke spuštění nějakého procesu na pozadí. CPU je na 100% vytíženo. Jakmile otevře Správce úloh, proces ne stopne a neukáže se. Celkem fikaný, že?

Moc děkuji za pomoc při řešení tohoto problému.

Logy:

Platform: Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\WindowsApps\MicrosoftTeams_24047.202.2704.38_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe <7>
(explorer.exe ->) (ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation) [File not signed] C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe <4>
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.310.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.58\Installer\chrmstp.exe [2024-03-25] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FB88C5D8-2311-420A-AE54-4145D094B936} - System32\Tasks\Core Temp Autostart Zbyse => C:\Program Files\Core Temp\Core Temp.exe [1040136 2023-09-24] (ALCPU -> ALCPU)
Task: {D6D8D769-C337-467D-B8DE-844F6F7D9D05} - System32\Tasks\GoogleUpdateTaskMachineCore{BCF87BD4-A985-4091-956E-FC8D83E0DA41} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {BB807D70-B99E-4D55-8EF3-6C72450E5090} - System32\Tasks\GoogleUpdateTaskMachineUA{9FEA1145-04B8-4504-BCE5-B8817427B805} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {F2410016-4142-4E64-938A-AD4BE0BD4A0A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3380788475-3939504263-3657553111-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2070.12.228.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2169080 2024-03-20] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {0A44F4F1-EDEE-434D-A14F-2ADDE2F9FF79} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E97A2D7-A16B-4341-8A6D-6A85994EB677} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {54ACFE6B-6811-45D3-9A14-F3E78AF6828E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6A02436-C1C5-4298-8490-4AAF71F02F94} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {28662BE2-FFDD-49B9-A4AC-6C4128D597AF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [170136 2024-03-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {72F2923F-94D5-4562-BA96-DA9B6F1166FC} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4446400 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9919FB1B-8C04-4378-A222-E9CF6C3264F8} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcActivation => C:\Windows\Setup\Scripts\bin\ActivationCheck\bincheckx64.exe [73728 2022-12-09] (Microsoft Corporation) [File not signed]
Task: {91E08188-C721-42B2-A20F-1A9B847F06F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0B567AD1-E17F-4E16-909F-5C24BDE776B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18F91EF0-3AA1-4158-AC84-D5026EA074C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F81264EF-5AEE-4123-82A7-3FA25A24A9CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {55A51538-E39E-4D7B-8E9B-48BC10712EFC} - System32\Tasks\MXWTPTTTYKDUYVXJ_run => C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe [69632 2022-12-09] (Microsoft Corporation) [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.178.72.150
Tcpip\..\Interfaces\{0c04f7bc-fd96-4da4-bd6f-c5704135ae2d}: [DhcpNameServer] 195.178.72.150
Tcpip\..\Interfaces\{0c04f7bc-fd96-4da4-bd6f-c5704135ae2d}: [DhcpDomain] mendelu.cz

Edge:
=======
Edge Profile: C:\Users\Zbyse\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-09]
Edge Extension: (Dokumenty Google offline) - C:\Users\Zbyse\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Zbyse\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-10-27]
Edge Extension: (Edge relevant text changes) - C:\Users\Zbyse\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-27]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default [2024-03-25]
CHR Extension: (Authenticator) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2024-03-05]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-03-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Zbyse\AppData\Local\Temp\ALSysIO64.sys [43528 2024-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Arthur Liberman) <==== ATTENTION
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20928 2024-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [603416 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-25 11:23 - 2024-03-25 11:55 - 000000000 ____D C:\FRST
2024-03-25 11:22 - 2024-03-25 11:22 - 000000918 _____ C:\Users\Zbyse\Desktop\FRST64.lnk
2024-03-25 09:52 - 2024-03-25 09:52 - 000000375 _____ C:\Users\Zbyse\Desktop\Ovládací panely – zástupce.lnk
2024-03-15 12:11 - 2024-03-20 12:22 - 000013473 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1
2024-03-15 12:00 - 2024-03-15 12:00 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-03-15 11:54 - 2024-03-15 12:11 - 000000000 ____D C:\Users\Zbyse\AppData\Roaming\TIDAL
2024-03-15 11:54 - 2024-03-15 11:54 - 000002155 _____ C:\Users\Zbyse\Desktop\TIDAL.lnk
2024-03-15 11:54 - 2024-03-15 11:54 - 000000000 ____D C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TIDAL Music AS
2024-03-15 11:54 - 2024-03-15 11:54 - 000000000 ____D C:\Users\Zbyse\AppData\Local\TIDAL
2024-03-05 10:00 - 2024-03-15 12:11 - 000007689 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-25 11:55 - 2022-12-12 12:38 - 000000000 ____D C:\Temp
2024-03-25 11:55 - 2022-12-12 12:26 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-25 11:55 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2024-03-25 11:51 - 2023-10-13 13:07 - 000000000 ____D C:\Users\Zbyse\AppData\Local\CrashDumps
2024-03-25 11:23 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2024-03-25 11:14 - 2022-12-09 12:55 - 000000000 ____D C:\Users\Zbyse\AppData\Local\D3DSCache
2024-03-25 10:59 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-25 10:05 - 2022-12-09 12:38 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-25 10:02 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-25 10:02 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2024-03-25 09:54 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\Registration
2024-03-25 09:51 - 2022-12-12 12:26 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-25 09:51 - 2022-12-12 12:26 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-20 08:40 - 2022-12-12 12:38 - 000000000 ____D C:\Program Files\Microsoft Office
2024-03-20 08:35 - 2022-12-09 12:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-15 12:11 - 2022-12-09 12:38 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-15 12:06 - 2022-12-09 12:57 - 000000000 ____D C:\Windows\system32\MRT
2024-03-15 12:05 - 2022-12-09 12:57 - 190470136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-03-15 11:54 - 2022-12-12 13:17 - 000000000 ____D C:\Users\Zbyse\AppData\Local\SquirrelTemp
2024-03-15 11:54 - 2022-12-09 12:55 - 000000000 ____D C:\Users\Zbyse\AppData\Local\Packages
2024-03-15 11:51 - 2022-12-09 12:38 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-15 11:51 - 2022-12-09 12:38 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-05 09:59 - 2022-12-09 12:47 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2022-12-09 12:56 - 2022-12-09 12:56 - 000069632 _____ (Microsoft Corporation) C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
2022-12-09 12:56 - 2024-01-09 14:11 - 161140671 _____ () C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ_0.dat
2023-10-13 13:24 - 2023-10-13 13:24 - 000000600 _____ () C:\Users\Zbyse\AppData\Roaming\winscp.rnd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.03.2024 01
Ran by Zbyse (25-03-2024 11:56:48)
Running from C:\Temp
Microsoft Windows 11 Home Version 21H2 22000.2538 (X64) (2022-12-09 11:42:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3380788475-3939504263-3657553111-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3380788475-3939504263-3657553111-503 - Limited - Disabled)
Guest (S-1-5-21-3380788475-3939504263-3657553111-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3380788475-3939504263-3657553111-504 - Limited - Disabled)
Zbyse (S-1-5-21-3380788475-3939504263-3657553111-1001 - Administrator - Enabled) => C:\Users\Zbyse

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Altap Salamander 4.0 (x86) (HKLM-x32\...\Altap Salamander 4.0 (x86)) (Version: 4.0 - ALTAP)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
CPUID CPU-Z 2.06 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.06 - CPUID, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.58 - Google LLC)
IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan)
MadOnion.com/3DMark2001 SE (HKLM-x32\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3380788475-3939504263-3657553111-1001\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
NVIDIA Ovladače grafiky 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
TIDAL (HKU\S-1-5-21-3380788475-3939504263-3657553111-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)

Packages:
=========

AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-27] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2070.12.228.0_x64__8xx8rvfyw5nnt [2024-03-20] (Meta) [Startup Task]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe [2024-03-05] (Microsoft) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-03-25] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-03-25] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3380788475-3939504263-3657553111-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Zbyse\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3380788475-3939504263-3657553111-1001_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander 3.06 (x86 x64) 2015 CZ (Ml) Portable\utils\salextx64.dll (ALTAP) [File not signed]
CustomCLSID: HKU\S-1-5-21-3380788475-3939504263-3657553111-1001_Classes\CLSID\{C78B614F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files (x86)\Altap Salamander\utils\salextx64.dll (Fine spol. s r.o. -> ALTAP)
CustomCLSID: HKU\S-1-5-21-3380788475-3939504263-3657553111-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Zbyse\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\nvshext.dll [2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-03-01 13:31 - 2015-02-27 12:41 - 000013312 _____ (ALTAP) [File not signed] C:\Program Files\Altap Salamander 3.06 (x86 x64) 2015 CZ (Ml) Portable\utils\salextx64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3380788475-3939504263-3657553111-1001\...\sharepoint.com -> hxxps://mendelu-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3380788475-3939504263-3657553111-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 195.178.72.150
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E5ADE47B-E82F-4054-A6BB-A702CACCEA88}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{277AADBF-D374-4597-93E3-FA4B3C48842F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3590F5FB-C7BB-41E9-A8C8-24EC41D94FC0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE358E1F-E851-4F37-B80D-7CB1F599A5DE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C56E5906-23FE-40F2-B161-BCFBA6E9803C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{893F66FE-5341-4DE6-890C-EE52DA846F89}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53DA9159-0E59-4246-9672-93E4923E4AB1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5481D5AB-B760-4810-8004-D9A29179D993}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24047.202.2704.38_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6DF3D0D-F1D4-42D8-B0AD-6CC91E45EC53}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24047.202.2704.38_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{91BD1439-4037-4DB8-BE34-781A84E34DD7}C:\users\zbyse\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\zbyse\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{9BD5B508-9CE0-4284-9055-09368ECB60B6}C:\users\zbyse\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\zbyse\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{5174C9CD-485E-4344-930F-FFEF4A0EA146}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17B477FC-133C-4D18-8C31-C446F380982A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.08 GB) (Free:72.26 GB) (65%)

==================== Faulty Device Manager Devices ============

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2024 11:51:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.22000.1, časové razítko: 0xdbc88395
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3c0c
Čas spuštění chybující aplikace: 0x01da7e99f1546b40
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 26157c3f-1e9c-45ec-98ca-2c025c010bb4
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/25/2024 10:50:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.22000.1, časové razítko: 0xdbc88395
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x229c
Čas spuštění chybující aplikace: 0x01da7e91863f90da
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e0a10901-295e-4b51-894d-e156140cad24
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/20/2024 10:33:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.22000.1, časové razítko: 0xdbc88395
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x4204
Čas spuštění chybující aplikace: 0x01da7aa15855f878
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 87997ba0-75f7-48eb-8f54-8fc8b5319eb8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/20/2024 09:33:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.22000.1, časové razítko: 0xdbc88395
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2dc4
Čas spuštění chybující aplikace: 0x01da7a98edb81c95
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 9ed5b1ab-627d-4ace-813e-7506b8fabd6c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/13/2023 01:23:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit defragmentace na Elements (E:), protože: Disk byl odpojen od systému. (0x89000011)

Error: (10/13/2023 01:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.22000.1, časové razítko: 0xdbc88395
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x1ee0
Čas spuštění chybující aplikace: 0x01d9fdc56c6f010d
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 5b5ce037-eb3b-4c6b-a424-844e53f253a6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/27/2023 12:43:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..

Error: (07/27/2023 12:43:23 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]

System errors:
=============
Error: (03/25/2024 11:55:11 AM) (Source: DCOM) (EventID: 10010) (User: SECONDPC)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/25/2024 10:24:11 AM) (Source: DCOM) (EventID: 10010) (User: SECONDPC)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/25/2024 09:59:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (03/25/2024 09:50:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (03/25/2024 09:50:38 AM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{0C04F7BC-FD96-4DA4-BD6F-C5704135AE2D}, protože jiný počítač v síti má stejný název. Server nelze spustit.

Error: (03/20/2024 12:08:15 PM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{0C04F7BC-FD96-4DA4-BD6F-C5704135AE2D}, protože jiný počítač v síti má stejný název. Server nelze spustit.

Error: (03/20/2024 11:25:42 AM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{0C04F7BC-FD96-4DA4-BD6F-C5704135AE2D}, protože jiný počítač v síti má stejný název. Server nelze spustit.

Error: (03/20/2024 10:05:21 AM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{0C04F7BC-FD96-4DA4-BD6F-C5704135AE2D}, protože jiný počítač v síti má stejný název. Server nelze spustit.

Windows Defender:
================
Date: 2024-03-25 11:07:29
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win64/AutoKMS!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\Setup\Scripts\bin\x64.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: SecondPC\Zbyse
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.407.701.0, AS: 1.407.701.0, NIS: 1.407.701.0
Verze modulu: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-25 11:07:29
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\Setup\Scripts\bin\ActivationCheck\patch_1.dat
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Uživatel
Uživatel: SecondPC\Zbyse
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.407.701.0, AS: 1.407.701.0, NIS: 1.407.701.0
Verze modulu: AM: 1.1.24020.9, NIS: 1.1.24020.9

Date: 2024-03-25 10:03:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5D29F321-BBC9-401B-8704-01A9FE7CFAC5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-03-20 12:19:03
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DD8FB461-49E9-4070-A4D8-4574965CCE2C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-03-20 11:25:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {780BA22C-5360-4343-B67D-3D76C23B8ACF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

==================== Memory info ===========================

BIOS: American Megatrends Inc. 5222 10/15/2019
Motherboard: ASUSTeK COMPUTER INC. PRIME X370-A
Processor: AMD Ryzen 3 3300X 4-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 16320.8 MB
Available physical RAM: 9462.23 MB
Total Virtual: 18752.8 MB
Available Virtual: 10217.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.08 GB) (Free:72.26 GB) (Model: Patriot Burst) NTFS
Drive d: (Data Disc) (Fixed) (Total:1863.01 GB) (Free:1422.04 GB) (Model: WDC WD20EARX-00PASB0) NTFS

\\?\Volume{7fe142fb-fc57-48df-9451-ace97ffdfbfc}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS
\\?\Volume{192bf3a8-3890-4748-92c2-07b40aa02d70}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F1CA089C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 94DF1818)

Partition: GPT.

==================== End of Addition.txt =======================

#2 Příspěvek od **Rudy** » 25 bře 2024 12:44

Zdravím!

Spusťte tuto utlitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

cormack · #3 Příspěvek od **cormack** » 25 bře 2024 13:18

Děkuji.

Program jsem stáhnul a dle instrukcí nainstaloval a spustil. Ale po skenu jsem dal opravit a nechtělo to restart.
Tak jsem vložil log před a po restartu:

Před:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-25-2024
# Duration: 00:00:00
# OS: Windows 11 (Build 22000.2538)
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [25/03/2024 13:11:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

a po restartu:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-25-2024
# Duration: 00:00:00
# OS: Windows 11 (Build 22000.2538)
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [25/03/2024 13:11:26]
AdwCleaner[C00].txt - [1610 octets] - [25/03/2024 13:11:53]
AdwCleaner[S01].txt - [1542 octets] - [25/03/2024 13:12:26]
AdwCleaner[C01].txt - [1732 octets] - [25/03/2024 13:12:37]
AdwCleaner[S02].txt - [1664 octets] - [25/03/2024 13:15:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

#4 Příspěvek od **Rudy** » 25 bře 2024 15:12

Ono nebylo celkem co opravovat. Log je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Task: {D6D8D769-C337-467D-B8DE-844F6F7D9D05} - System32\Tasks\GoogleUpdateTaskMachineCore{BCF87BD4-A985-4091-956E-FC8D83E0DA41} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {BB807D70-B99E-4D55-8EF3-6C72450E5090} - System32\Tasks\GoogleUpdateTaskMachineUA{9FEA1145-04B8-4504-BCE5-B8817427B805} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {55A51538-E39E-4D7B-8E9B-48BC10712EFC} - System32\Tasks\MXWTPTTTYKDUYVXJ_run => C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe [69632 2022-12-09] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ_0.dat
C:\Windows\Setup\Scripts\bin\x64.dll
C:\Windows\Setup\Scripts\bin\ActivationCheck\patch_1.dat

EmptyTemp:
End

Uložte do C:\Temp jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

cormack · #5 Příspěvek od **cormack** » 26 bře 2024 07:25

Super, děkuji. Zde je log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.03.2024
Ran by Zbyse (26-03-2024 07:21:32) Run:1
Running from C:\Temp
Loaded Profiles: Zbyse
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll
Task: {D6D8D769-C337-467D-B8DE-844F6F7D9D05} - System32\Tasks\GoogleUpdateTaskMachineCore{BCF87BD4-A985-4091-956E-FC8D83E0DA41} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {BB807D70-B99E-4D55-8EF3-6C72450E5090} - System32\Tasks\GoogleUpdateTaskMachineUA{9FEA1145-04B8-4504-BCE5-B8817427B805} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-12] (Google LLC -> Google LLC)
Task: {55A51538-E39E-4D7B-8E9B-48BC10712EFC} - System32\Tasks\MXWTPTTTYKDUYVXJ_run => C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe [69632 2022-12-09] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ_0.dat
C:\Windows\Setup\Scripts\bin\x64.dll
C:\Windows\Setup\Scripts\bin\ActivationCheck\patch_1.dat

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\osppsvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6D8D769-C337-467D-B8DE-844F6F7D9D05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6D8D769-C337-467D-B8DE-844F6F7D9D05}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{BCF87BD4-A985-4091-956E-FC8D83E0DA41} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{BCF87BD4-A985-4091-956E-FC8D83E0DA41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB807D70-B99E-4D55-8EF3-6C72450E5090}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB807D70-B99E-4D55-8EF3-6C72450E5090}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{9FEA1145-04B8-4504-BCE5-B8817427B805} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{9FEA1145-04B8-4504-BCE5-B8817427B805}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55A51538-E39E-4D7B-8E9B-48BC10712EFC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A51538-E39E-4D7B-8E9B-48BC10712EFC}" => removed successfully
C:\Windows\System32\Tasks\MXWTPTTTYKDUYVXJ_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MXWTPTTTYKDUYVXJ_run" => removed successfully
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ.exe => moved successfully
C:\Users\Zbyse\AppData\Roaming\MXWTPTTTYKDUYVXJ_0.dat => moved successfully
"C:\Windows\Setup\Scripts\bin\x64.dll" => not found
"C:\Windows\Setup\Scripts\bin\ActivationCheck\patch_1.dat" => not found

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34196981 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 6483171 B
Edge => 0 B
Chrome => 1132634147 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 65024 B
Zbyse => 27731649 B

RecycleBin => 8791352 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:21:41 =

#6 Příspěvek od **Rudy** » 26 bře 2024 09:14

Smazáno. Nastala nějaká změna?

cormack · #7 Příspěvek od **cormack** » 26 bře 2024 10:58

Vypadám to, že je vše v pořádku a na pozadí již jedou pouze standartní programy.

Moc Vám děkuji za pomoc!

#8 Příspěvek od **Rudy** » 26 bře 2024 13:35

OK, nemáte zač!

VIRY.CZ

Prosím o kontrolu logu - proces na pozadí

Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí

Re: Prosím o kontrolu logu - proces na pozadí