Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

hacknutý mail

Návody, recenze, diskuze, řešení problémů

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

hacknutý mail

#1 Příspěvek od devet »

Před týdnem mi přišel mail s výhrůžkou zničení souborů v PC, nezaplatím-li 500US. Szavající heslo k mailu bylo součástí taxtu. Heslo jsem změnil, nicméně do týdne se u všech zálohovaných souborů objevila další přípona a soubory byly zničeny. Naštěstí si dělám ještě týdenní externí zálohu, takže po přeinstalaci W jsem mohl na D přetáhnout léta práce.
Heslo jsem opět změnil. Nicméně čím projet PC, aby se situace neopakovala? Případně jaké řešení? Jistě nejsem sám. Výhrůžka zveřejnění mi visí u prdele. Ale ta práce. Mobil, PC v práci, PC doma atd. Do hajzlu se sráčema, kteří by měli dostat výprask bejsbolkou.
Díky za radu
juráš

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#2 Příspěvek od Rudy »

Zdravím!
Tato situace se, bohužel, opakovat může. Z 99% se však jedná o sociální inženýrství. Útočník počítá s tím, že se zaleknete a požadovanou částku zaplatíte. Je to druh ilegálního vydělávání přes internet. Pokud chcete mít jistotu, dejte log FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#3 Příspěvek od devet »

Rudy,
moc děkuji za odpověď. V příloza zasílám potřebné soubory.
FRST+Add.rar
(18.42 KiB) Staženo 60 x
S úctou
juráš

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#4 Příspěvek od Rudy »

OK. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#5 Příspěvek od devet »

Rudy,
posílám potřebné a moc děkuji za čas i ochotu.
juráš
P.S. Nechce se přidat *.txt soubor, tak jsdem to zipnul
Přílohy
AdwCleaner.rar
(1.06 KiB) Staženo 62 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#6 Příspěvek od Rudy »

Stačí zkopírovat obsah souboru sem, přímo do fóra. Položky s vyjímkou "Preinstalled" smažte (dejte do karantény), restartujte a dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#7 Příspěvek od devet »

Tak takhle
díky juráš
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-22-2022
# Duration: 00:00:05
# OS: Windows 10 (Build 19044.2251)
# Scanned: 32097
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic HKCU\SOFTWARE\296D83C6BE25718C42FF4AF590B9C38B

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [3520 octets] - [22/11/2022 16:20:44]
AdwCleaner[C00].txt - [3734 octets] - [22/11/2022 16:21:13]
AdwCleaner[S01].txt - [1584 octets] - [22/11/2022 16:21:32]
AdwCleaner[C01].txt - [1754 octets] - [22/11/2022 16:21:42]
AdwCleaner[S02].txt - [1706 octets] - [22/11/2022 16:21:52]
AdwCleaner[C02].txt - [1876 octets] - [22/11/2022 16:22:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#8 Příspěvek od Rudy »

Ano, tak. Ten Heuristic není třeba odstraňovat. Dejte nové logy FRST.Addition, abychon mohli dočistit zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#9 Příspěvek od devet »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by jtrac (administrator) on DESKTOP-1TH6EDE (Hewlett-Packard HP EliteDesk 800 G1 SFF) (22-11-2022 16:42:13)
Running from D:\DOWN
Loaded Profiles: jtrac
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2251 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <34>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102800 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617864 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Q-Dir] => C:\Program Files\Q-Dir\Q-Dir.exe [2323776 2022-02-24] (Nenad Hrg -> Nenad Hrg (SoftwareOK.com))
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII6E.EXE [293504 2012-05-21] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON L550 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMI6E.DLL [120320 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2018-05-15] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\WINDOWS\system32\pxc50pmaf15.dll [57328 2018-12-05] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\UDC: C:\WINDOWS\system32\udcpm.dll [42456 2016-11-05] (fCoder SIA -> fCoder Group, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-21] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {244E4497-8925-444F-93FE-C53286925986} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3412725004-164030467-415606481-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4189064 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F0E77EC-150F-4A11-B2D4-3E603EF30289} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {316B4090-638D-4F93-9D29-492975773016} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {3290BB57-BD29-41D8-B59E-E8F80445D89B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {55D2A885-A7E5-4263-8526-1868AAE09060} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2022-10-26] (HP Inc. -> HP Inc.)
Task: {56350192-719A-48A5-BDBC-FDF5F06241AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FFE0637-8C50-48C9-84AC-6E52329E21A0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {62714CC8-7612-485A-85C0-C85AD2BD5A85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6379361D-B6BE-47DD-87A7-04A63B48DA0D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {63C5145F-3A00-4931-880D-4A9C7128A7EB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4189064 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {70D3AD87-C99C-4BB2-A70D-4AE5E81DF8B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {71F627A4-E4F6-45D7-B7D7-B1082FA10231} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {907C03C1-60FD-4133-8C76-B67249437E1D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {9357371B-EE51-489F-AD39-3C75542B59D0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A35BF7FE-A6E2-4846-8D87-80206AA0C0D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {A382B9AE-7E06-49A6-B694-E3875B521137} - System32\Tasks\Uninstaller_SkipUac_jtrac => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9410568 2022-11-15] (IObit CO., LTD -> IObit)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {AAACCBFF-6806-4E1F-9A35-F782EA8D6733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2022-10-26] (HP Inc. -> HP Inc.)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe /sup2 (No File)
Task: {C569EA73-DE78-40F2-8F02-D7AC7FDBE04B} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {D1F7FC7E-0326-4F6A-B771-E1D5C84C244A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {D8A9AFB4-4DE7-4A6C-8C4A-02C553012427} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)
Task: {EA5284D2-A34B-444F-A4C1-4294165C6A65} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [106761112 2021-01-26] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0 www.aomeitech.com
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7e9039e2-cc16-4442-b67a-0fc547256861}: [DhcpNameServer] 192.168.8.1 192.168.8.1

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2022-05-09] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default [2022-11-22]
CHR DownloadDir: D:\DOWN
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.darekvakci.cz; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-11-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-22]
CHR Extension: (FormApps Extension) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-11-21]
CHR Extension: (HP Network Check Launcher) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2022-02-03]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2022-02-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.15.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe [1058032 2019-07-30] (ABBYY Production LLC -> ABBYY Production LLC)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe [1092656 2022-03-16] (AOMEI International Network Limited -> AOMEI International Network Limited)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncHelper.exe [3476368 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
S2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [787512 2022-10-26] (HP Inc. -> HP Inc.)
S2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [786512 2022-10-26] (HP Inc. -> HP Inc.)
S2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [782904 2022-10-26] (HP Inc. -> HP Inc.)
S2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [787016 2022-10-26] (HP Inc. -> HP Inc.)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2022-10-20] (IObit CO., LTD -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8872736 2022-11-22] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.225.1026.0001\OneDriveUpdaterService.exe [3842480 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2022-04-04] (AOMEI International Network Limited -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2022-04-04] (AOMEI International Network Limited -> )
S3 ANVSOFT_WaveExtensible; C:\WINDOWS\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2021-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [39000 2020-10-11] (IObit CO., LTD -> IObit Information Technology)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2022-10-20] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2022-10-20] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2022-10-20] (IObit Information Technology -> IObit)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-22] (Malwarebytes Inc. -> Malwarebytes)
R3 NmPar; C:\WINDOWS\system32\DRIVERS\NmPar.sys [95744 2022-02-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469288 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-22 15:23 - 2022-11-22 15:23 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-11-22 15:23 - 2022-11-22 15:23 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-11-22 15:23 - 2022-11-22 15:23 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-11-22 15:22 - 2022-11-22 15:22 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-11-22 15:13 - 2022-11-22 16:21 - 000000000 ____D C:\AdwCleaner
2022-11-22 15:05 - 2022-11-22 15:05 - 000001024 ____H C:\SYSTAG.BIN
2022-11-22 15:00 - 2022-11-22 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2022-11-22 13:24 - 2022-11-22 13:24 - 000000000 ____D C:\Program Files (x86)\uTorrent
2022-11-22 11:09 - 2022-11-22 16:42 - 000000000 ____D C:\FRST
2022-11-22 09:42 - 2022-11-22 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2022-11-22 07:54 - 2022-11-22 07:54 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-11-22 07:54 - 2022-11-22 07:54 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-11-22 07:54 - 2022-11-22 07:54 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-11-22 07:54 - 2022-11-22 07:54 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-11-22 07:54 - 2022-11-22 07:54 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-11-22 07:54 - 2022-11-22 07:54 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-22 07:53 - 2022-11-22 07:53 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-22 07:53 - 2022-11-22 07:53 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-11-22 07:53 - 2022-11-22 07:53 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-11-22 07:53 - 2022-11-22 07:53 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-11-22 07:48 - 2022-11-22 07:48 - 000000000 ___HD C:\$WinREAgent
2022-11-22 07:26 - 2022-11-22 07:26 - 000000000 ____D C:\Users\jtrac\AppData\Local\mbam
2022-11-22 07:09 - 2022-11-22 07:09 - 000002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-22 07:08 - 2022-11-22 07:08 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-22 07:08 - 2022-11-22 07:08 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-22 07:06 - 2022-11-22 07:06 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-22 07:06 - 2022-11-22 07:06 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-22 07:05 - 2022-11-22 07:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-22 07:05 - 2022-11-22 07:05 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-22 06:41 - 2022-11-22 06:41 - 000000925 _____ C:\Users\jtrac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk
2022-11-22 06:41 - 2022-11-22 06:41 - 000000000 ____D C:\Users\jtrac\FastCopy
2022-11-21 15:52 - 2022-11-21 15:52 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\com.adobe.dunamis
2022-11-21 15:04 - 2022-11-21 15:04 - 000000000 ____D C:\Users\All Users\AomeiBR
2022-11-21 15:04 - 2022-11-21 15:04 - 000000000 ____D C:\Users\All Users
2022-11-21 14:32 - 2022-11-21 14:32 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-11-21 14:32 - 2022-11-21 14:32 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-11-21 14:32 - 2022-11-21 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2022-11-21 14:30 - 2022-11-21 14:31 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\iTop PDF
2022-11-21 14:28 - 2022-11-21 14:28 - 000003144 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_jtrac
2022-11-21 14:28 - 2022-11-21 14:28 - 000001436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2022-11-21 14:12 - 2022-11-21 14:12 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-11-21 14:12 - 2022-11-21 14:12 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-22 16:39 - 2022-02-03 15:12 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\vlc
2022-11-22 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-22 16:22 - 2022-04-04 08:43 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2022-11-22 16:22 - 2022-02-03 16:41 - 000000936 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2022-11-22 16:21 - 2022-04-21 11:19 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Hewlett-Packard
2022-11-22 16:21 - 2022-02-26 09:36 - 000000000 ____D C:\Program Files\EPSON
2022-11-22 16:21 - 2022-02-10 08:13 - 000000000 ____D C:\Program Files (x86)\PSPad editor
2022-11-22 16:21 - 2022-02-10 07:49 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-11-22 16:21 - 2022-02-10 07:48 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-11-22 16:21 - 2022-02-04 08:11 - 000000000 ____D C:\Users\jtrac\AppData\LocalLow\IObit
2022-11-22 16:21 - 2022-02-04 08:09 - 000000000 ____D C:\ProgramData\IObit
2022-11-22 16:21 - 2022-02-03 13:50 - 000000000 ____D C:\ProgramData\EPSON
2022-11-22 16:14 - 2022-02-10 08:08 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\MediaMonkey5
2022-11-22 16:13 - 2022-02-28 14:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-22 16:12 - 2022-02-03 14:10 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-22 16:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-22 15:28 - 2020-11-19 00:55 - 001694140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-22 15:28 - 2019-12-07 15:43 - 000717008 _____ C:\WINDOWS\system32\perfh005.dat
2022-11-22 15:28 - 2019-12-07 15:43 - 000145186 _____ C:\WINDOWS\system32\perfc005.dat
2022-11-22 15:28 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-22 15:22 - 2022-06-17 13:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-22 15:22 - 2022-02-03 14:02 - 000000000 __SHD C:\Users\jtrac\IntelGraphicsProfiles
2022-11-22 15:22 - 2020-11-19 00:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-22 15:22 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-22 15:20 - 2022-02-04 09:01 - 000000000 ____D C:\ProgramData\AomeiBR
2022-11-22 15:00 - 2022-06-17 05:53 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2022-11-22 15:00 - 2022-03-04 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2022-11-22 15:00 - 2022-03-04 08:46 - 000000000 ____D C:\Program Files\Calibre2
2022-11-22 14:59 - 2022-02-16 11:20 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\uTorrent
2022-11-22 14:55 - 2020-11-18 23:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-22 13:58 - 2020-11-18 23:46 - 000486880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-22 13:57 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-22 13:57 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-11-22 13:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-22 09:43 - 2022-02-04 10:26 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\MyPhoneExplorer
2022-11-22 09:42 - 2022-02-04 10:26 - 000000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2022-11-22 07:57 - 2022-03-09 07:43 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-22 07:53 - 2020-11-19 00:48 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-22 07:42 - 2022-02-10 07:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-11-22 07:30 - 2022-03-28 09:33 - 000000000 ____D C:\Program Files\PowerISO
2022-11-22 07:30 - 2022-03-08 13:21 - 000000000 ____D C:\ProgramData\KMSAutoS
2022-11-22 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-22 06:41 - 2022-02-09 12:24 - 000000000 ____D C:\Users\jtrac
2022-11-22 06:37 - 2022-03-09 07:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-22 06:36 - 2022-02-21 12:29 - 000000000 ____D C:\Program Files\HP
2022-11-22 06:35 - 2022-02-03 14:02 - 000000000 ____D C:\Users\jtrac\AppData\Local\Packages
2022-11-22 06:34 - 2022-02-03 17:27 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-21 14:48 - 2022-06-08 13:37 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-11-21 14:34 - 2022-02-24 11:51 - 000000000 ____D C:\ProgramData\iTop
2022-11-21 14:32 - 2022-03-09 08:36 - 000000000 ____D C:\Program Files\Microsoft Office
2022-11-21 14:28 - 2022-02-04 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2022-11-21 14:16 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-21 14:14 - 2022-02-03 14:10 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-21 14:13 - 2022-03-04 15:48 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\calibre
2022-11-21 14:12 - 2022-06-07 12:20 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3412725004-164030467-415606481-1001
2022-11-21 14:10 - 2022-02-04 08:10 - 000000000 ____D C:\ProgramData\ProductData
2022-11-21 14:07 - 2022-02-09 12:26 - 000003550 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}
2022-11-21 14:07 - 2022-02-09 12:26 - 000003426 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-02-04] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Klobouček a přání báječného večera.
juras

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#10 Příspěvek od Rudy »

Potřebuji vidět i log Addition. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#11 Příspěvek od devet »

Pardon,
včera jsem již skončil a nebyl u PC.
Omluva
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by jtrac (22-11-2022 16:43:33)
Running from D:\DOWN
Microsoft Windows 10 Pro Version 21H2 19044.2251 (X64) (2022-02-09 11:26:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3412725004-164030467-415606481-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3412725004-164030467-415606481-503 - Limited - Disabled)
Guest (S-1-5-21-3412725004-164030467-415606481-501 - Limited - Disabled)
jtrac (S-1-5-21-3412725004-164030467-415606481-1001 - Administrator - Enabled) => C:\Users\jtrac
WDAGUtilityAccount (S-1-5-21-3412725004-164030467-415606481-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
ABBYY FineReader 15 (HKLM\...\{F15000FE-0001-6400-0000-074957833700}) (Version: 15.0.1496 - ABBYY Production LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_0) (Version: 23.0.0.36 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AM-DeadLink 4.3 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.3 - www.aignes.com)
AnyMP4 Video Converter Ultimate 7.2.52 (HKLM-x32\...\{B77ACAAE-53EE-43c3-86F1-4AEA52F6CDD5}_is1) (Version: 7.2.52 - AnyMP4 Studio)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: 6.9.1 - AOMEI International Network Limited.)
Avidemux VC++ 64bits (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\{4d8c42c8-5d0c-4992-9e59-13c5068aaa37}) (Version: 2.8.0 - Mean)
Beyond Compare 4 (HKLM\...\{03A1824C-61DF-45C4-989F-30BDE4A69F24}) (Version: 4.3.4.24657 - Scooter Software, Inc.)
calibre 64bit (HKLM\...\{A51C2A72-1A27-40EA-8718-D6F1AD6D9B79}) (Version: 6.8.0 - Kovid Goyal)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L550 Series Printer Uninstall (HKLM\...\EPSON L550 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7CC286A8-EEC5-491F-A4B5-02BD4E656BF6}) (Version: 4.6.2 - Seiko Epson Corporation)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.14.402 - Epubor Inc.)
Fakturky 755F (HKLM-x32\...\Fakturky 755F_is1) (Version: 755F - Milan Bánovský)
FastCopy (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\FastCopy) (Version: 4.2.1 - H.Shirouzu & FastCopy Lab, LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{1DD659FE-014E-43E0-B848-0C4C89AD124E}) (Version: 1.6.8.0 - HP Inc.)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 27.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
IObit Uninstaller 12 (HKLM-x32\...\IObitUninstall) (Version: 12.1.0.6 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.2 - IObit Information Technology)
IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Malwarebytes version 4.5.18.226 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.18.226 - Malwarebytes)
Master PDF Editor 5.3.12 (HKLM\...\Master PDF Editor 5.3.12_is1) (Version: 5.3.12 - Code Industry Ltd.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.225.1026.0001 - Microsoft Corporation)
Microsoft Project - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
MP3 Splitter Joiner Pro v4.2 build 2612 (HKLM-x32\...\{F88C04C9-9CDC-4830-A533-CC5E3D69F2A1}_is1) (Version: - Hoo Technologies)
Mp3tag v3.18 (HKLM-x32\...\Mp3tag) (Version: 3.18 - Florian Heidenreich)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.0 - F.J. Wechselberger)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
PowerISO (HKLM-x32\...\PowerISO) (Version: 8.1 - Power Software Ltd)
PSPad editor (HKLM-x32\...\PSPad editor 32bit_is1) (Version: 5.0.6.589 - Jan Fiala)
Q-Dir (HKLM\...\Q-Dir) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9225.1 - Realtek Semiconductor Corp.)
Similarity 64-bit 2.5.1 (HKLM\...\{3D3C412A-8521-4C5C-83F3-94CC8223C309}) (Version: 2.5.2415 - GAR Software)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize V8.0.3 (64 bit) (HKLM\...\TreeSize_is1) (Version: 8.0.3 - JAM Software)
Universal Document Converter (HKLM-x32\...\Universal Document Converter_is1) (Version: 6.7 - fCoder SIA)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows 10 Manager (HKLM\...\{A3BAA471-5A6F-4FB1-8FB4-E634169065F0}) (Version: 3.6.0 - Yamicsoft) Hidden
Windows 10 Manager (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Windows 10 Manager 3.6.0) (Version: 3.7.2 - Yamicsoft)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.21.30.0_x64__v10z8vjag6ke6 [2022-11-22] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3412725004-164030467-415606481-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-02-21] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers1: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-23] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-11] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-02-21] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-11] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2022-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-02-21] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers6: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-23] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-11] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3412725004-164030467-415606481-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-03] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-04 08:41 - 2021-06-22 13:41 - 000014336 _____ () [File not signed] C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\libamcbconsole.dll
2022-04-04 08:41 - 2015-05-21 13:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\vcomp.dll
2022-02-09 15:14 - 2018-05-15 07:34 - 000026112 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3412725004-164030467-415606481-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-02-16 06:47:22&iid=3b588d00-1c8b-4329-b3d7-2b94c6b1badf&bName=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2022-10-20] (IObit Information Technology -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-02-03 13:29 - 2022-02-04 11:16 - 000000851 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 www.aomeitech.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Users\jtrac\AppData\Local\Microsoft\WindowsApps;C:\Program Files\Calibre2\;;C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1;
HKU\S-1-5-21-3412725004-164030467-415606481-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jtrac\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\StartupApproved\Run: => "CCleanerssProfessional"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D784BB5A-B775-45D1-BBFD-E65ABA76D88A}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [UDP Query User{09E616B6-96FA-4D1F-A4B4-4CDCA630E533}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{785A1437-235C-4AD0-9E8A-E25CAF09EF71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3854B4FF-1DC8-408D-9495-7F5F78F8B75A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E59CE40C-FE66-40C7-8D69-D483F30CD62E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B728E6F-2331-4C27-B197-4B05EAF85AA9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A713B3A-608B-47C6-92A5-CBB8F3842594}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{4F3C81BB-E72C-4BFA-9A3C-8C93A9879F5A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [TCP Query User{57361BBB-9C40-416D-811A-72EFAAF4C2A7}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe () [File not signed]
FirewallRules: [UDP Query User{E4987988-E2E6-4158-87A0-393D56AA4881}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe () [File not signed]
FirewallRules: [{38B2E158-0034-4AC1-AD74-F329A11E9B07}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{7FB2F2C5-7D5F-4758-A2A2-6B07D078699E}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{8F888E2D-89B1-4B7F-BD49-1E3F0B80B397}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2413CACD-E377-4EE7-9569-55BAAECA98ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC029780-77EA-4A87-A22D-0C8281E2E6B7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{887C54E1-4769-4529-9628-06CE923AC699}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7FABE716-5EFD-431B-8606-0D765B5667D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BDD3E75-A86D-48C4-99F8-41B938500E62}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{D7EC710C-44F4-4AB8-8F26-F6D2116A9825}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{43C2A841-7036-42E9-A7D7-B93B91698081}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)

==================== Restore Points =========================

22-11-2022 07:47:56 Instalační služba modulů systému Windows
22-11-2022 07:49:10 Instalační služba modulů systému Windows
22-11-2022 16:21:02 AdwCleaner_BeforeCleaning_22/11/2022_16:21:01

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:44:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:43:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (11/22/2022 04:43:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (3892,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba AOMEI Backupper Scheduler Service byla nečekaně ukončena. Stalo se to 3 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP System Info HSA Service byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Network HSA Service byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP App Helper HSA Service byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/22/2022 04:22:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Diagnostics HSA Service byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/22/2022 04:21:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (11/22/2022 04:21:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Diagnostics HSA Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2022-11-22 06:48:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.H!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpečnostních informací: AV: 1.379.727.0, AS: 1.379.727.0, NIS: 1.379.727.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:49:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SyncAppvPublishAbuse.A
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\wscript.exe C:\Windows\System32\SyncAppvPublishingServer.vbs n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:39:24
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpečnostních informací: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:38:02
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpečnostních informací: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:32:24
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpečnostních informací: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

CodeIntegrity:
===============
Date: 2022-11-22 16:43:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard L01 v02.33 07/15/2014
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8103.52 MB
Available physical RAM: 3272.57 MB
Total Virtual: 16295.52 MB
Available Virtual: 11002.41 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:237.34 GB) (Free:160.2 GB) (Model: SanDisk SD8SB8U256G1122) NTFS
Drive d: (PRACKAV) (Fixed) (Total:2794.5 GB) (Free:1543.05 GB) (Model: TOSHIBA HDWD130) NTFS

\\?\Volume{4137a2b2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:1.13 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4137A2B2)
Partition 1: (Active) - (Size=1.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#12 Příspěvek od Rudy »

OK, nic se neděje. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\SyncAppvPublishingServer.vbs n
C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]
F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe /sup2 (No File)
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}
C:\WINDOWS\SysWOW64\version_IObitDel.dll

Hosts:
EmptyTemp:
End
Uložte do D:\DOWN jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#13 Příspěvek od devet »

Chlape,
Vz se mnou máte práce..
Moc děkuji. Příspěvek zašlu.
S úctou
juráš
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by jtrac (23-11-2022 10:35:58) Run:1
Running from D:\DOWN
Loaded Profiles: jtrac
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\SyncAppvPublishingServer.vbs n
C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]
F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe /sup2 (No File)
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}
C:\WINDOWS\SysWOW64\version_IObitDel.dll

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe" => not found
C:\Windows\System32\wscript.exe => moved successfully
"C:\Windows\System32\SyncAppvPublishingServer.vbs n" => not found
"C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]" => not found
"F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe" => not found
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar => moved successfully
D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Error setting value.
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Error setting value.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84354AC7-6400-4A9D-BF0B-3933B27FBAA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84354AC7-6400-4A9D-BF0B-3933B27FBAA1}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9EF7BA9-7403-4286-AADB-5A727492FDB2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EF7BA9-7403-4286-AADB-5A727492FDB2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B90F944C-1438-47BC-92F6-70BF5DCEA5A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B90F944C-1438-47BC-92F6-70BF5DCEA5A8}" => removed successfully
C:\WINDOWS\System32\Tasks\Sump Task (One-Time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sump Task (One-Time)" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz150 => removed successfully
cpuz150 => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}" => not found
C:\WINDOWS\SysWOW64\version_IObitDel.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33799408 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 41680 B
Windows/system/drivers => 22228772 B
Edge => 0 B
Chrome => 598510997 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 63112 B
NetworkService => 107532 B
jtrac => 12676472 B

RecycleBin => 0 B
EmptyTemp: => 637.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:36:17 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacknutý mail

#14 Příspěvek od Rudy »

Ale nemám, já tu relaxuji. :) Bylo snazáno, PC je nyní čistý. Za příspěvek děkujeme. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

devet
Návštěvník
Návštěvník
Příspěvky: 69
Registrován: 24 led 2008 07:27
Bydliště: Praha

Re: hacknutý mail

#15 Příspěvek od devet »

Rudy,.
ještě jednou moc děkuji.
juráš

Zamčeno