Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Ukradnuté hesla

To, co se nehodí jinam..

Moderátor: Moderátoři

Zamčeno
Zpráva
Autor
Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Ukradnuté hesla

#1 Příspěvek od PacandaMilan »

Zdravím, asi 4 dny zpět mi došel mail, že se někdo pokoušel změnit moje heslo od spousty serverů (steam atp.), děje se to skoro každej den, řek bych že je to více lidí.
Díky bohu mám dvoufázové ověření takže to nezměnil, mail mám taky 2 fázkovko, přes iCloud. Jenže třeba na ea.com už heslo změněno bylo.
Nemůžou být hesla někde leaknuté na netu ?
Dostal jsem od steamu asi 5 mailů, zrovna dnes mi píšou, že se někdo pokoušel připojit ze země Bangladeš, rusko, indie, čína.
Asi 2 týdny zpět sem omylem klikl na nějakej odkaz, kterej se mi zdál podezdřelej.
Co bych měl podle Vás udělat ? Reinstall PC ?

Děkuji moc za pomoc
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ukradnuté hesla

#2 Příspěvek od Rudy »

Zdravím!
Záleží na tom, zda onen hacker se snažil změnit heslo metodou BruteForce, Nebo se vám naboural do PC a vytáhl je odtamtud. V druhém případě by v PC mohl být pozůstatek po jeho činnosti. K prověření musíte al dát logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Pokud to uděla metodou BruteForce, v PC nic nenajseme a pak vám pomůže pouze dvoufázové ověření.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Ukradnuté hesla

#3 Příspěvek od PacandaMilan »

Ok, děkuji za objnasnění.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023
Ran by micha (administrator) on RTX2060 (ATComputers ALZA) (19-01-2023 19:14:50)
Running from C:\Users\micha\OneDrive\Plocha
Loaded Profiles: micha
Platform: Microsoft Windows 11 Home Version 21H2 22000.1455 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.52\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(explorer.exe ->) (Global Delight Technologies Private Limited -> Global-Delight) C:\Program Files\Global Delight\Boom 3D\Boom3D.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe <6>
(explorer.exe ->) (Swift Media Entertainment, Inc. -> Blitz, Inc.) C:\Users\micha\AppData\Local\Programs\Blitz\Blitz.exe <5>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <26>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(sihost.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Unpacker) [File not signed] C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405544 2020-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [Boom 3D] => C:\Program Files\Global Delight\Boom 3D\Boom3D.exe [465568 2022-07-29] (Global Delight Technologies Private Limited -> Global-Delight)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [20422520 2022-12-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [MobalyticsHQ.DesktopApp] => "C:\Users\micha\AppData\Local\Programs\mobalytics-desktop\Mobalytics Desktop.exe" (No File)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [electron.app.Mobalytics Desktop] => "C:\Users\micha\AppData\Local\Programs\mobalytics-desktop\Mobalytics Desktop.exe" (No File)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Run: [com.blitz.app] => C:\Users\micha\AppData\Local\Programs\Blitz\Blitz.exe [130395848 2023-01-18] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2039187500-3861812081-2781867699-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.75\Installer\chrmstp.exe [2023-01-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2022-12-24] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DED5193-48D5-4ADC-880B-F332E453A558} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647424 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0E8A0FF6-FFB5-4406-8D8E-3F967A558CB7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {20CA0181-C907-4315-8E39-B2A76DD475A5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-25] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {49F7BC1B-E5DC-4CCE-BF8A-86A1F7A2D768} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70A8B671-EB36-4B6A-8E92-5EC3C539BFE7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {72FBF00F-9CDB-4433-AC76-31CD08C66FF4} - System32\Tasks\GoogleUpdateTaskMachineUA{AC9986A4-F60C-4124-AC58-12D905C67CD9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
Task: {79AF2B12-6C66-44D0-BA80-DBB6955419B0} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe [290332672 2021-07-30] (Unpacker) [File not signed] <==== ATTENTION
Task: {825EB19E-95CD-4D12-BC82-7933E191EE5A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8FE46749-E453-4C26-B83C-7B5A3F6BF0FB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A85588C4-0925-4657-8006-E880A2CF5277} - System32\Tasks\GoogleUpdateTaskMachineCore{50A76D15-CD66-4606-BFFA-2A6409EB6FE3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
Task: {AC469810-92C1-4314-BC95-437335DDDDFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {B4923D90-C16F-4B40-A83C-C7519C09D949} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341432 2022-05-06] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B6AC7231-3876-427E-8830-135F6DE75D2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C148F974-4502-4D2E-9BF0-1D129D11F81E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C640955E-80C4-401A-B114-CC3098BC8D0A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1649920 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D2F08D19-A8B8-434D-944E-368F11F18A1A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D49F7FF4-0219-4623-AF82-9B462465CC1B} - System32\Tasks\Boom 3D App Updater => C:\Program Files\Global Delight\AppUpdater\Updater.exe [6144 2021-11-12] () [File not signed]
Task: {EC499A8F-E60B-4D3D-A3B8-257A9ED5F42E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3220573-E110-4433-9786-AF63E53C9346} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F92F2E36-2BAD-45DB-ABA6-17B4AB4E724B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {FF172D4D-3812-4A33-B57C-7745BA01DD83} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905984 2022-05-04] (Nvidia Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1c9091e5-cbed-403f-8952-5c8cbff6cdd1}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2ae49ddd-672d-467c-8fc1-c5cf1da5de86}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8f4b2b77-8370-49c5-a246-7eb7ec4ff163}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-28]
Edge Notifications: Default -> hxxps://www.ifortuna.cz
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 00lakxte.default
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\00lakxte.default [2022-07-19]
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\y0a19v2a.default-release [2023-01-19]
FF Homepage: Mozilla\Firefox\Profiles\y0a19v2a.default-release -> seznam.cz
FF Notifications: Mozilla\Firefox\Profiles\y0a19v2a.default-release -> hxxps://eune.op.gg; hxxps://www.instagram.com; hxxps://www.tiktok.com; hxxps://www.op.gg
FF Extension: (ColorZilla) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\y0a19v2a.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2022-06-19]
FF Extension: (Return YouTube Dislike) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\y0a19v2a.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-01-03]
FF Extension: (No Name) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\y0a19v2a.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-12-05]
FF Plugin: @java.com/DTPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\dtplugin\npDeployJava1.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\plugin2\npjp2.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-12-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2023-01-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-02]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-01-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-25]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-11-06] (BattlEye Innovations e.K. -> )
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [384040 2020-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [55336 2020-01-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-10-08] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-06-03] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2023-01-03] (Epic Games Inc. -> Epic Games, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2575624 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3494672 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2022-01-27] (Rockstar Games, Inc. -> Rockstar Games)
S3 SmrtService; C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\2b67c3ccd0d71e2037ebdf99a5a5c9caaffe4d3a\smrtsvc64.exe [13980504 2023-01-13] (Eikonect Software SL -> )
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5950504 2022-12-02] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [10011208 2022-12-02] (PUBG CORPORATION -> KRAFTON, Inc)
S3 AAErrorPort; C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [X] <==== ATTENTION
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21728 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-12-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-12-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 GDPL_BOOM; C:\WINDOWS\system32\drivers\boomvad.sys [51016 2021-06-17] (WDKTestCert Adarsh,131897759775447238 -> Windows (R) Win 7 DDK provider)
S3 gdrv3; C:\WINDOWS\System32\drivers\gdrv3.sys [45248 2022-11-05] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 MpKsl0f868f9f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F24F93CB-AD6B-4881-97E5-6C4463FD87EB}\MpKslDrv.sys [214280 2023-01-19] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2021-06-01] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-02] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1445920 2022-12-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S0 BTATH_BUS; System32\drivers\btath_bus.sys [X]
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
S3 PRProt; \??\C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\1223694\active64.sys [X] <==== ATTENTION
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-13 18:21 - 2023-01-13 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reborn
2023-01-11 19:49 - 2023-01-11 19:49 - 000000000 ___HD C:\$WinREAgent
2023-01-11 17:56 - 2023-01-12 17:56 - 000002224 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk
2023-01-05 15:42 - 2023-01-05 15:42 - 000001024 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Updater_C4.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-19 19:15 - 2022-06-22 17:39 - 000000000 ____D C:\FRST
2023-01-19 18:46 - 2021-09-12 08:55 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2023-01-19 18:39 - 2020-02-11 14:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-19 18:26 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-19 18:10 - 2021-09-12 08:55 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2023-01-19 18:08 - 2020-02-14 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2023-01-19 18:08 - 2020-02-11 14:57 - 000000000 ____D C:\ProgramData\Riot Games
2023-01-19 17:50 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-01-19 17:50 - 2020-02-11 16:11 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2023-01-19 17:48 - 2020-02-11 19:11 - 000000000 ____D C:\Program Files (x86)\Steam
2023-01-19 17:46 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-01-19 17:46 - 2020-02-04 09:10 - 000000000 ____D C:\ProgramData\NVIDIA
2023-01-19 17:44 - 2022-02-12 10:58 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-01-19 17:40 - 2022-09-24 11:06 - 000000000 ____D C:\Users\micha\AppData\Roaming\Blitz
2023-01-19 17:40 - 2022-01-28 12:36 - 000000032 _____ C:\Users\micha\AppData\Roaming\.machineId
2023-01-18 19:23 - 2021-10-09 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-01-18 19:23 - 2021-10-09 16:55 - 000000000 ____D C:\Program Files\Java
2023-01-18 18:11 - 2022-01-11 17:52 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-18 18:11 - 2022-01-11 17:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-01-18 18:11 - 2022-01-11 17:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-18 18:11 - 2022-01-11 17:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-01-18 18:07 - 2022-11-30 17:51 - 000002388 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-18 18:07 - 2021-12-18 10:22 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2039187500-3861812081-2781867699-1001
2023-01-18 18:07 - 2021-10-10 20:05 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2039187500-3861812081-2781867699-1001
2023-01-18 18:00 - 2022-06-25 12:47 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-17 17:52 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-17 17:38 - 2020-06-08 21:17 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-16 23:15 - 2021-10-10 20:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-01-15 17:22 - 2020-02-23 23:31 - 000000000 ____D C:\Users\micha\AppData\Roaming\vlc
2023-01-15 14:45 - 2020-03-11 22:15 - 000000000 ____D C:\Users\micha\AppData\Roaming\Awesomium
2023-01-13 23:37 - 2021-10-10 19:42 - 000000000 ____D C:\Users\micha
2023-01-13 22:34 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ServiceState
2023-01-13 21:25 - 2021-10-10 20:09 - 001714894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-13 21:25 - 2021-06-05 18:20 - 000724600 _____ C:\WINDOWS\system32\perfh005.dat
2023-01-13 21:25 - 2021-06-05 18:20 - 000150562 _____ C:\WINDOWS\system32\perfc005.dat
2023-01-13 21:25 - 2021-06-05 13:09 - 000000000 ____D C:\WINDOWS\INF
2023-01-13 21:25 - 2021-03-11 11:33 - 000000000 ____D C:\Users\micha\AppData\LocalLow\Mozilla
2023-01-13 21:18 - 2021-10-10 20:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-13 21:18 - 2020-11-16 01:12 - 000012288 ___SH C:\DumpStack.log.tmp
2023-01-13 18:20 - 2020-08-16 09:53 - 000000000 ____D C:\Lineage II
2023-01-13 17:02 - 2021-06-05 13:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-01-11 21:30 - 2021-10-10 20:02 - 000328960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-11 21:30 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-11 21:30 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-11 21:30 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-11 20:14 - 2020-02-11 14:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-11 20:11 - 2020-02-11 14:59 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-11 19:53 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-11 19:51 - 2021-10-10 20:05 - 003110912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-11 18:10 - 2022-10-11 16:47 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2023-01-09 09:10 - 2021-10-09 16:55 - 000195232 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2023-01-08 14:19 - 2021-03-27 16:36 - 000000000 ____D C:\Users\micha\AppData\Local\Boom 3D
2023-01-06 08:15 - 2021-10-10 20:05 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-06 08:15 - 2021-10-10 20:05 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-05 16:42 - 2020-02-23 22:58 - 000000000 ___RD C:\pergl
2022-12-30 15:00 - 2020-05-25 14:14 - 000000000 ____D C:\Users\micha\AppData\Local\Roblox
2022-12-30 14:57 - 2022-09-05 22:10 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-12-30 14:57 - 2020-05-25 14:14 - 000000256 _____ C:\Users\micha\AppData\LocalLow\rbxcsettings.rbx
2022-12-26 18:38 - 2020-05-26 22:23 - 000000000 ____D C:\Users\micha\AppData\Local\Battle.net
2022-12-22 11:06 - 2020-05-26 22:23 - 000000000 ____D C:\Program Files (x86)\World of Warcraft

==================== Files in the root of some directories ========

2022-01-28 12:36 - 2023-01-19 17:40 - 000000032 _____ () C:\Users\micha\AppData\Roaming\.machineId

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Přílohy
Addition.rar
(31.65 KiB) Staženo 59 x
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ukradnuté hesla

#4 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Ukradnuté hesla

#5 Příspěvek od PacandaMilan »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-19-2023
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1695 octets] - [19/03/2021 17:30:44]
AdwCleaner[S01].txt - [1756 octets] - [19/03/2021 17:31:27]
AdwCleaner[C01].txt - [1889 octets] - [19/03/2021 17:31:34]
AdwCleaner[S02].txt - [1589 octets] - [18/07/2022 22:29:17]
AdwCleaner[C02].txt - [1779 octets] - [18/07/2022 22:29:50]
AdwCleaner[S03].txt - [2001 octets] - [18/07/2022 22:30:55]
AdwCleaner[C03].txt - [2133 octets] - [18/07/2022 22:31:06]
AdwCleaner[S04].txt - [1889 octets] - [03/09/2022 10:22:24]
AdwCleaner[C04].txt - [2039 octets] - [03/09/2022 10:22:40]
AdwCleaner[S05].txt - [1955 octets] - [19/01/2023 20:21:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ukradnuté hesla

#6 Příspěvek od Rudy »

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
Task: {79AF2B12-6C66-44D0-BA80-DBB6955419B0} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe [290332672 2021-07-30] (Unpacker) [File not signed] <==== ATTENTION
Task: {A85588C4-0925-4657-8006-E880A2CF5277} - System32\Tasks\GoogleUpdateTaskMachineCore{50A76D15-CD66-4606-BFFA-2A6409EB6FE3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
Task: {72FBF00F-9CDB-4433-AC76-31CD08C66FF4} - System32\Tasks\GoogleUpdateTaskMachineUA{AC9986A4-F60C-4124-AC58-12D905C67CD9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
S3 AAErrorPort; C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [X] <==== ATTENTION
S3 PRProt; \??\C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\1223694\active64.sys [X] <==== ATTENTION
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\Users\micha\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\micha\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
FirewallRules: [UDP Query User{21742137-F262-4D4D-A67E-4E5EB8F947A2}C:\program files (x86)\origin games\fifa 19\fifa19.exe] => (Allow) C:\program files (x86)\origin games\fifa 19\fifa19.exe => No File
FirewallRules: [TCP Query User{73FDCD90-18A7-4CCC-9D28-2844A92746AE}C:\program files (x86)\origin games\fifa 19\fifa19.exe] => (Allow) C:\program files (x86)\origin games\fifa 19\fifa19.exe => No File
FirewallRules: [{38232822-48C5-417F-B7D9-DBB9B84325D0}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8D03F0E1-3EE5-4475-B34E-74D380ADA5F7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [UDP Query User{483794F3-BA26-43E2-85C5-B528AD278574}C:\users\micha\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\micha\appdata\local\enlisted\launcher.exe => No File
FirewallRules: [TCP Query User{48765E44-5E79-4304-8A05-8E22B819A56A}C:\users\micha\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\micha\appdata\local\enlisted\launcher.exe => No File
FirewallRules: [{CF80CC91-34D8-4886-94F2-DA620BB4EA6C}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8DF476CE-8C35-4E2A-B688-37704F642894}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{05DA912D-A848-4B70-AB70-CCAFADD097BB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{A7FC4F1E-4AD3-496F-B314-7A9F89218791}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{39DAA91A-8048-4F6E-84FE-79ECBD786596}] => (Allow) C:\Program Files (x86)\Lineage II - kopie\L2Reborn.exe => No File
FirewallRules: [{E2B27077-192B-422E-8949-FE4BD7D488C8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{9BA2B9EE-A0BA-44EC-90D8-5B638E872AE8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{02F1B86D-0999-41C3-9813-124E16F76FD5}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{96EB310F-257D-4C90-AEA9-74B5EDBE29D0}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8C2603C0-8D9B-4E5D-BE91-FB4D3CC47B62}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{059A5B9C-088F-4657-B857-2C3A68BE97F4}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8C07AEFC-716E-4DFA-9D65-EAB8B702FEA7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{CB772066-6947-48D3-84BE-D47FDC758831}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{1B8E8A5C-14C7-4189-9A2A-58113EEAECCB}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe => No File
FirewallRules: [UDP Query User{8665FFF2-0DA4-4471-B2B0-372DC078F81A}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe => No File
FirewallRules: [{D824A982-8E39-4B13-8CA6-72F3C46D051C}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{326FAB7C-A685-4996-8EFC-67719AE95C16}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{765A98B9-9FEA-4845-A856-E8DA1C03A94D}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe] => (Allow) C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe => No File
FirewallRules: [UDP Query User{32712A0C-B4BD-4EB4-AF41-DDDC7EF604FB}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe] => (Allow) C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe => No File
FirewallRules: [TCP Query User{31678EE7-60BA-4258-8B3C-A8C0F359E261}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{B4036AC2-DE8C-4916-B8A8-D089D39A39B5}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe => No File

EmptyTemp:
End
Uložte do C:\Users\micha\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Ukradnuté hesla

#7 Příspěvek od PacandaMilan »

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-01-2023
Ran by micha (19-01-2023 22:29:43) Run:2
Running from C:\Users\micha\OneDrive\Plocha
Loaded Profiles: micha
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
Task: {79AF2B12-6C66-44D0-BA80-DBB6955419B0} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe [290332672 2021-07-30] (Unpacker) [File not signed] <==== ATTENTION
Task: {A85588C4-0925-4657-8006-E880A2CF5277} - System32\Tasks\GoogleUpdateTaskMachineCore{50A76D15-CD66-4606-BFFA-2A6409EB6FE3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
Task: {72FBF00F-9CDB-4433-AC76-31CD08C66FF4} - System32\Tasks\GoogleUpdateTaskMachineUA{AC9986A4-F60C-4124-AC58-12D905C67CD9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-25] (Google LLC -> Google LLC)
S3 AAErrorPort; C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [X] <==== ATTENTION
S3 PRProt; \??\C:\Users\micha\AppData\Local\Temp\ActiveAnticheat\1223694\active64.sys [X] <==== ATTENTION
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\Users\micha\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\micha\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
FirewallRules: [UDP Query User{21742137-F262-4D4D-A67E-4E5EB8F947A2}C:\program files (x86)\origin games\fifa 19\fifa19.exe] => (Allow) C:\program files (x86)\origin games\fifa 19\fifa19.exe => No File
FirewallRules: [TCP Query User{73FDCD90-18A7-4CCC-9D28-2844A92746AE}C:\program files (x86)\origin games\fifa 19\fifa19.exe] => (Allow) C:\program files (x86)\origin games\fifa 19\fifa19.exe => No File
FirewallRules: [{38232822-48C5-417F-B7D9-DBB9B84325D0}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8D03F0E1-3EE5-4475-B34E-74D380ADA5F7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [UDP Query User{483794F3-BA26-43E2-85C5-B528AD278574}C:\users\micha\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\micha\appdata\local\enlisted\launcher.exe => No File
FirewallRules: [TCP Query User{48765E44-5E79-4304-8A05-8E22B819A56A}C:\users\micha\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\micha\appdata\local\enlisted\launcher.exe => No File
FirewallRules: [{CF80CC91-34D8-4886-94F2-DA620BB4EA6C}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8DF476CE-8C35-4E2A-B688-37704F642894}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{05DA912D-A848-4B70-AB70-CCAFADD097BB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{A7FC4F1E-4AD3-496F-B314-7A9F89218791}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{39DAA91A-8048-4F6E-84FE-79ECBD786596}] => (Allow) C:\Program Files (x86)\Lineage II - kopie\L2Reborn.exe => No File
FirewallRules: [{E2B27077-192B-422E-8949-FE4BD7D488C8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{9BA2B9EE-A0BA-44EC-90D8-5B638E872AE8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{02F1B86D-0999-41C3-9813-124E16F76FD5}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{96EB310F-257D-4C90-AEA9-74B5EDBE29D0}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8C2603C0-8D9B-4E5D-BE91-FB4D3CC47B62}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{059A5B9C-088F-4657-B857-2C3A68BE97F4}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{8C07AEFC-716E-4DFA-9D65-EAB8B702FEA7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{CB772066-6947-48D3-84BE-D47FDC758831}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{1B8E8A5C-14C7-4189-9A2A-58113EEAECCB}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe => No File
FirewallRules: [UDP Query User{8665FFF2-0DA4-4471-B2B0-372DC078F81A}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe => No File
FirewallRules: [{D824A982-8E39-4B13-8CA6-72F3C46D051C}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{326FAB7C-A685-4996-8EFC-67719AE95C16}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{765A98B9-9FEA-4845-A856-E8DA1C03A94D}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe] => (Allow) C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe => No File
FirewallRules: [UDP Query User{32712A0C-B4BD-4EB4-AF41-DDDC7EF604FB}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe] => (Allow) C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe => No File
FirewallRules: [TCP Query User{31678EE7-60BA-4258-8B3C-A8C0F359E261}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{B4036AC2-DE8C-4916-B8A8-D089D39A39B5}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{ACFC407B-266C-8504-8DAE-F3E276336E4B} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{ACFC407B-266C-8504-8DAE-F3E276336E4B} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79AF2B12-6C66-44D0-BA80-DBB6955419B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79AF2B12-6C66-44D0-BA80-DBB6955419B0}" => removed successfully
C:\WINDOWS\System32\Tasks\SoundBass => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoundBass" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A85588C4-0925-4657-8006-E880A2CF5277}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A85588C4-0925-4657-8006-E880A2CF5277}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{50A76D15-CD66-4606-BFFA-2A6409EB6FE3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{50A76D15-CD66-4606-BFFA-2A6409EB6FE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72FBF00F-9CDB-4433-AC76-31CD08C66FF4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72FBF00F-9CDB-4433-AC76-31CD08C66FF4}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{AC9986A4-F60C-4124-AC58-12D905C67CD9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{AC9986A4-F60C-4124-AC58-12D905C67CD9}" => removed successfully
HKLM\System\CurrentControlSet\Services\AAErrorPort => removed successfully
AAErrorPort => service removed successfully
HKLM\System\CurrentControlSet\Services\PRProt => removed successfully
PRProt => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Atheros => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\Users\micha\Data aplikací => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
"C:\Users\micha\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21742137-F262-4D4D-A67E-4E5EB8F947A2}C:\program files (x86)\origin games\fifa 19\fifa19.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{73FDCD90-18A7-4CCC-9D28-2844A92746AE}C:\program files (x86)\origin games\fifa 19\fifa19.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38232822-48C5-417F-B7D9-DBB9B84325D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D03F0E1-3EE5-4475-B34E-74D380ADA5F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{483794F3-BA26-43E2-85C5-B528AD278574}C:\users\micha\appdata\local\enlisted\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{48765E44-5E79-4304-8A05-8E22B819A56A}C:\users\micha\appdata\local\enlisted\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF80CC91-34D8-4886-94F2-DA620BB4EA6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DF476CE-8C35-4E2A-B688-37704F642894}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05DA912D-A848-4B70-AB70-CCAFADD097BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7FC4F1E-4AD3-496F-B314-7A9F89218791}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39DAA91A-8048-4F6E-84FE-79ECBD786596}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2B27077-192B-422E-8949-FE4BD7D488C8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BA2B9EE-A0BA-44EC-90D8-5B638E872AE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02F1B86D-0999-41C3-9813-124E16F76FD5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96EB310F-257D-4C90-AEA9-74B5EDBE29D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C2603C0-8D9B-4E5D-BE91-FB4D3CC47B62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{059A5B9C-088F-4657-B857-2C3A68BE97F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C07AEFC-716E-4DFA-9D65-EAB8B702FEA7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB772066-6947-48D3-84BE-D47FDC758831}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1B8E8A5C-14C7-4189-9A2A-58113EEAECCB}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8665FFF2-0DA4-4471-B2B0-372DC078F81A}C:\program files (x86)\steam\steamapps\common\fifa 22\fifa22.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D824A982-8E39-4B13-8CA6-72F3C46D051C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{326FAB7C-A685-4996-8EFC-67719AE95C16}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{765A98B9-9FEA-4845-A856-E8DA1C03A94D}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32712A0C-B4BD-4EB4-AF41-DDDC7EF604FB}C:\users\micha\appdata\local\programs\mobalytics-desktop\mobalytics desktop.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31678EE7-60BA-4258-8B3C-A8C0F359E261}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4036AC2-DE8C-4916-B8A8-D089D39A39B5}C:\users\micha\appdata\local\discord\app-1.0.9005\discord.exe" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33075976 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 811006692 B
Windows/system/drivers => 478847 B
Edge => 0 B
Chrome => 260410400 B
Firefox => 1082413055 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 329842 B
micha => 156265395 B

RecycleBin => 27648066295 B
EmptyTemp: => 27.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:30:39 ====
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ukradnuté hesla

#8 Příspěvek od Rudy »

Smazáno. PC je nyní OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Ukradnuté hesla

#9 Příspěvek od PacandaMilan »

Děkuji mnohokrát ! PC jede jak zběsilej.
Posílám opět nějakou korunu na provoz.
:offtopic: :thumbsup:
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Ukradnuté hesla

#10 Příspěvek od Rudy »

Za příspěvek děkujeme a vy nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno