VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola po mailu od hackera

https://forum.viry.cz:443/viewtopic.php?t=158311

Stránka 1 z 1

Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:17
od VitaP73
Dobrý den! Na můj mail mi přisla zpráva od mě samého a bylo v ní napsáno, že hacker zná mé heslo k emailu a to heslo tam bylo opravdu zmíněno a chce výkupné...
Přikládám logy a předem děkuji za Váš drahocený čas, kontrolu a rady!

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:18
od VitaP73
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2021
Ran by VitaP (administrator) on HP-VITAP (Hewlett-Packard HP ZBook 15 G2) (19-10-2021 13:01:49)
Running from C:\Users\User\OneDrive\Desktop
Loaded Profiles: VitaP
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Canon Inc. -> Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\21.196.0921.0007\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(Polar Electro Oy) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2019-08-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [751328 2019-08-09] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [225248 2019-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated) [File not signed]
HKLM\...\RunOnce: [auup697] => C:\Program Files\Avast Software\Avast\setup\auup697.exe [161560 2021-10-19] (Avast Software s.r.o. -> )
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1397248 2018-09-17] (Polar Electro Oy) [File not signed]
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe [223816 2021-10-01] (Google LLC -> Google LLC)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2019-08-08]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F34549C-1D93-44E7-9327-7E9692FE0963} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
Task: {1A1112B7-2963-4813-A807-B7BE4BE0F290} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58A867FD-9395-4168-AEA6-4BAD50E23897} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {61BB8AC5-F4FB-4158-B0F2-72939F74596B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {737843BE-CA54-4598-9CB0-136793307EB1} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {739689C5-EAB5-489A-B1CD-0B0167957D0F} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A4436EA-D076-4CB2-891A-C063C330D9C3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-29] () [File not signed]
Task: {7B322E47-32D2-4113-B7BF-47ACAE9FAD74} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {81601490-5898-46A7-B864-82545CADCDC4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {965EB25A-7FDD-4CBF-9645-414CDE55611A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-02] (HP Inc. -> HP Inc.)
Task: {9E90B7BC-20C0-45D3-8F73-BB6057C70383} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-EI2N4QU-VitaP => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A461518B-B524-4DB2-8BB9-1D6620EBCD91} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-18] (ESET, spol. s r.o. -> ESET)
Task: {B08826F8-430B-45A4-BCB2-4E2B8CD893E5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2021-10-19] (Avast Software s.r.o. -> Avast Software)
Task: {B884577F-86A1-4E25-8978-C5338FF95106} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {C4E09ABA-773F-4FA8-86EC-AFF3D862F981} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
Task: {C5D6EB46-FB84-4E68-B518-29AA2C714C0A} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2106240 2019-10-20] (NVIDIA Corporation -> )
Task: {CA8C48C4-31B9-4B2A-B50B-4CA24F2071C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
Task: {D901385A-A20B-4211-9156-A1F4595EDFFB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-10-18] (ESET, spol. s r.o. -> ESET)
Task: {FAEABF1D-BDE0-43A2-9008-0B85B06FA31F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13641566-44b9-42bf-a538-80e4bfa88366}: [DhcpNameServer] 100.100.100.100 100.100.100.200
Tcpip\..\Interfaces\{17753737-14b7-419a-9c37-59dab0289525}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{279327f0-19da-46db-9f0c-e0a99714a42c}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\User\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001 -> hxxp//www.seznam.cz/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-13]
Edge DownloadDir: Default -> C:\Users\User\Downloads
Edge HomePage: Default -> hxxp//www.seznam.cz/
Edge StartupUrls: Default -> "hxxps//seznam.c/"

FireFox:
========
FF DefaultProfile: 51g1zwec.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\51g1zwec.default [2019-08-08]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ad0e03pj.default-release [2021-10-19]
FF DownloadDir: C:\Users\User\OneDrive\Dokumenty
FF Homepage: Mozilla\Firefox\Profiles\ad0e03pj.default-release -> www.seznam.cz
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-10-10]
CHR HomePage: Default -> hxxp//www.seznam.cz/
CHR StartupUrls: Default -> "hxxp//www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-08]
CHR Extension: (Dokumenty) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-08]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-08]
CHR Extension: (Tabulky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [755704 2021-09-30] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [754184 2021-09-30] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [751104 2021-09-30] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [754688 2021-09-30] (HP Inc. -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [4738952 2019-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-19 13:01 - 2021-10-19 13:02 - 000000000 ____D C:\FRST
2021-10-19 12:53 - 2021-10-19 12:53 - 000000000 ____D C:\AdwCleaner
2021-10-19 12:33 - 2021-10-19 12:33 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-10-19 12:33 - 2021-10-19 12:33 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-10-19 12:33 - 2021-10-19 12:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Avast Software
2021-10-19 12:33 - 2021-10-19 12:33 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2021-10-19 12:33 - 2021-10-19 12:33 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2021-10-19 12:32 - 2021-10-19 12:32 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-19 12:32 - 2021-10-19 12:32 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-19 12:32 - 2021-10-19 12:32 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-19 12:32 - 2021-10-19 12:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-10-19 12:32 - 2021-10-19 12:32 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-10-19 12:31 - 2021-10-19 12:31 - 000000000 ____D C:\Program Files\Avast Software
2021-10-19 12:30 - 2021-10-19 12:32 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-19 12:30 - 2021-10-19 12:30 - 000234272 _____ (AVAST Software) C:\Users\User\OneDrive\Dokumenty\avast_free_antivirus_setup_online.exe
2021-10-18 21:43 - 2021-10-18 21:43 - 000011447 _____ C:\Users\User\OneDrive\Dokumenty\Listopad.xlsx
2021-10-18 21:23 - 2021-10-18 21:23 - 000003842 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-10-18 21:23 - 2021-10-18 21:23 - 000003400 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-10-18 19:44 - 2021-10-18 19:44 - 011697056 _____ (ESET) C:\Users\User\OneDrive\Dokumenty\esetonlinescanner.exe
2021-10-18 19:44 - 2021-10-18 19:44 - 000001381 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-10-18 19:44 - 2021-10-18 19:44 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2021-10-18 19:38 - 2021-10-18 19:38 - 000010624 _____ C:\Users\User\OneDrive\Dokumenty\hijackthis.txt
2021-10-14 14:43 - 2021-10-14 14:43 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-14 14:43 - 2021-10-14 14:43 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-14 14:43 - 2021-10-14 14:43 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-14 14:43 - 2021-10-14 14:43 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-14 14:43 - 2021-10-14 14:43 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-14 14:43 - 2021-10-14 14:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-14 14:43 - 2021-10-14 14:43 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-14 14:43 - 2021-10-14 14:43 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-14 14:43 - 2021-10-14 14:43 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-14 14:43 - 2021-10-14 14:43 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-14 14:43 - 2021-10-14 14:43 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-14 14:43 - 2021-10-14 14:43 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-14 14:43 - 2021-10-14 14:43 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-14 14:43 - 2021-10-14 14:43 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-14 14:43 - 2021-10-14 14:43 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-14 14:42 - 2021-10-14 14:42 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-14 14:39 - 2021-10-14 14:39 - 000000000 ___HD C:\$WinREAgent
2021-10-14 13:08 - 2021-10-14 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.2
2021-10-06 10:39 - 2021-10-06 10:39 - 002951996 _____ C:\WINDOWS\Minidump\100621-9437-01.dmp
2021-10-06 08:26 - 2021-10-06 08:26 - 000001344 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-06 08:26 - 2021-10-06 08:26 - 000000000 ____D C:\Users\User\AppData\Local\PCHealthCheck
2021-10-05 19:45 - 2021-10-05 19:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-05 19:35 - 2021-10-06 10:39 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-19 12:58 - 2019-08-08 09:11 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-19 12:57 - 2019-08-08 09:11 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-10-19 12:32 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-19 12:26 - 2020-09-03 14:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-19 09:02 - 2019-07-08 10:19 - 000000000 ___RD C:\Users\User\OneDrive
2021-10-19 09:01 - 2019-07-08 10:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-10-18 23:08 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-18 23:08 - 2019-07-08 10:24 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-18 19:53 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-18 19:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-18 19:42 - 2019-08-08 09:35 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-10-18 19:37 - 2019-07-08 10:17 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2021-10-17 19:57 - 2019-07-08 10:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2021-10-17 17:41 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-17 17:38 - 2020-06-15 16:42 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-14 18:40 - 2020-09-03 14:14 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-14 18:40 - 2019-12-07 16:43 - 000683566 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-14 18:40 - 2019-12-07 16:43 - 000137346 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-14 18:35 - 2020-09-03 14:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-14 18:35 - 2020-09-03 14:09 - 005084152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-14 18:35 - 2020-09-03 14:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-14 18:35 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-14 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-14 18:35 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-14 14:45 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-14 14:39 - 2019-07-08 13:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-14 14:38 - 2019-07-08 13:27 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 13:08 - 2021-08-20 12:23 - 000000000 ____D C:\Program Files\LibreOffice
2021-10-14 13:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-11 22:59 - 2019-07-08 13:32 - 000002497 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-10 07:20 - 2020-09-03 14:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-10 07:20 - 2020-09-03 14:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-09 08:05 - 2020-09-03 14:14 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3365570366-2328952219-2946547156-1001
2021-10-09 08:05 - 2020-09-03 14:09 - 000002378 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-06 10:40 - 2020-10-24 16:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-10-06 10:39 - 2020-10-24 16:33 - 1416861256 _____ C:\WINDOWS\MEMORY.DMP
2021-10-06 10:39 - 2019-08-08 09:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-06 08:27 - 2019-07-08 13:27 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-10-06 07:05 - 2019-07-08 10:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-05 19:45 - 2019-08-08 09:11 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-01 17:30 - 2020-12-04 22:07 - 000003736 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA
2021-10-01 17:30 - 2020-12-04 22:07 - 000003468 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core
2021-09-30 08:53 - 2021-06-30 12:24 - 000000000 ____D C:\Program Files\HP
2021-09-26 11:39 - 2021-02-20 13:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:18
od VitaP73
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2021
Ran by VitaP (19-10-2021 13:03:32)
Running from C:\Users\User\OneDrive\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2020-09-03 12:14:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3365570366-2328952219-2946547156-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3365570366-2328952219-2946547156-503 - Limited - Disabled)
Guest (S-1-5-21-3365570366-2328952219-2946547156-501 - Limited - Disabled)
VitaP (S-1-5-21-3365570366-2328952219-2946547156-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-3365570366-2328952219-2946547156-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.10.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.8.0.0 - Canon Inc.)
Google Chrome (HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
GPSPlayer version 1.9 (HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\...\{2FD398BA-4DB9-4960-87F1-BAB45944F028}_is1) (Version: 1.9 - BlackView, Inc.)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1029-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
K-Lite Codec Pack 15.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.5.0 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D18FE9D2-2F54-4C68-A2DE-A59D4A80A9BC}) (Version: 3.1.2109.29003 - Microsoft Corporation)
LibreOffice 7.2.2.2 (HKLM\...\{51F1B587-D4A5-41C0-A4E8-A64BBD343F23}) (Version: 7.2.2.2 - The Document Foundation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 93.0 (x64 cs)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
NVIDIA nView 149.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 149.77 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 425.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.91 - NVIDIA Corporation)
NVIDIA WMI 2.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.33.0 - NVIDIA Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Polar FlowSync verze 3.0.0.1337 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 3.0.0.1337 - Polar Electro Oy)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8108 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
USB Bridge Installer (HKLM\...\USB Bridge Installer_is1) (Version: - )
Veroval® medi.connect (HKLM-x32\...\{88E3B7B5-7B07-4A3F-8999-E33C36477714}) (Version: 1.9.5.8 - Název společnosti:) Hidden
Veroval® medi.connect (HKLM-x32\...\Veroval MediConnect) (Version: 1.9.5.8 - Název společnosti:)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-19] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_131.1.242.0_x64__v10z8vjag6ke6 [2021-09-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.9.58.0_x64__v10z8vjag6ke6 [2021-09-30] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_7.0.15.0_x64__v10z8vjag6ke6 [2019-10-03] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-09] (Microsoft Studios) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.33\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\User\AppData\Local\Google\Chrome\Application\94.0.4606.81\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.83\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-19] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2019-10-20] (NVIDIA Corporation -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-19] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-09 07:22 - 2018-09-17 03:26 - 001348096 _____ () [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2019-08-09 07:22 - 2018-05-29 01:27 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\zlib.dll
2019-08-09 07:22 - 2018-09-17 03:27 - 000381440 _____ (Polar Electro Oy) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\wslib.dll
2019-08-09 07:22 - 2015-04-30 02:20 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\icudt54.dll
2019-08-09 07:22 - 2015-04-30 02:20 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\icuin54.dll
2019-08-09 07:22 - 2015-04-30 02:20 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\icuuc54.dll
2019-08-09 07:22 - 2015-10-12 12:20 - 000991232 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2019-08-09 07:22 - 2018-05-29 08:46 - 004621312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Core.dll
2019-08-09 07:22 - 2015-10-12 12:15 - 004860928 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Gui.dll
2019-08-09 07:22 - 2015-10-12 12:32 - 000563712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Multimedia.dll
2019-08-09 07:22 - 2015-10-12 12:34 - 000082432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5MultimediaWidgets.dll
2019-08-09 07:22 - 2015-10-12 12:14 - 000845312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Network.dll
2019-08-09 07:22 - 2015-10-12 12:19 - 000272896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5OpenGL.dll
2019-08-09 07:22 - 2015-10-12 12:34 - 000166400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Positioning.dll
2019-08-09 07:22 - 2015-10-12 12:19 - 000267264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5PrintSupport.dll
2019-08-09 07:22 - 2015-10-12 12:24 - 002588672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Qml.dll
2019-08-09 07:22 - 2015-10-12 12:26 - 002430976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Quick.dll
2019-08-09 07:22 - 2015-10-12 16:03 - 001144832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Script.dll
2019-08-09 07:22 - 2015-10-12 12:31 - 000148480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Sensors.dll
2019-08-09 07:22 - 2015-10-12 12:13 - 000154112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Sql.dll
2019-08-09 07:22 - 2015-10-12 12:39 - 000080384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5WebChannel.dll
2019-08-09 07:22 - 2015-10-12 13:55 - 017406464 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5WebKit.dll
2019-08-09 07:22 - 2015-10-12 14:10 - 000198656 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5WebKitWidgets.dll
2019-08-09 07:22 - 2015-10-12 12:17 - 004420096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Widgets.dll
2019-08-09 07:22 - 2015-10-12 12:13 - 000150016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Polar\Polar FlowSync\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2021-06-30] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2021-06-30] (HP Inc. -> HP Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3365570366-2328952219-2946547156-1001\Control Panel\Desktop\\Wallpaper -> D:\Obrázky\Fotky\2018\2018_03_25\UhlPozadiNotas.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD91D4C4-392A-410F-9D1C-C41DD0093BC1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{0D87C5CF-F938-4E80-BCDA-9101C0C515D7}] => (Allow) LPort=5354
FirewallRules: [{77E654FD-5212-4891-B53A-1566FCDDB1DA}] => (Allow) LPort=5354
FirewallRules: [{F9047E05-CCB7-4BDE-BC6E-25C6CC7FB877}] => (Allow) LPort=5354
FirewallRules: [{B8F47054-65CC-4640-B06B-A01BE48A2B66}] => (Allow) LPort=5354
FirewallRules: [{A2FC01A6-FC84-488E-AE09-923E26FB7BDC}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{13E71C6F-5CB4-42CF-A625-6375BF039364}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{B44C8C3B-FECF-43BA-93DD-8F61C86AA46C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5D9ABC44-C969-49DB-B2ED-32F5D741E113}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{76E54EB0-2F57-4CB2-9396-965C11E6DAEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2AB19CFA-D41E-41D8-806C-0E74E843261D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9CB9F2B4-ED0C-4085-800B-8496F9DC51C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B0A08C5-668F-4FF2-B2A1-BD992D8F3773}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D6B52FBF-A480-4208-9E54-BE2596D08201}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{724BDAFC-BE50-4414-A107-ACD617E93E31}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

03-10-2021 16:23:30 Naplánovaný kontrolní bod
06-10-2021 08:25:53 Installed Windows PC Health Check
14-10-2021 14:37:34 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2021 07:53:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/14/2021 06:35:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/14/2021 06:35:26 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/11/2021 07:24:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/04/2021 07:28:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/28/2021 10:43:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/27/2021 09:37:43 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/20/2021 01:03:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (10/18/2021 07:47:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/18/2021 07:47:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (10/18/2021 07:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/18/2021 07:47:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (10/18/2021 07:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/18/2021 07:47:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys

Error: (10/18/2021 07:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/18/2021 07:47:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2021-10-19 09:57:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F56E5A3D-22EF-423B-866F-42717B117AC9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-18 19:52:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2B4F4AC7-3306-4C6F-B685-D2B02612123F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-17 18:07:01
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DE661ED1-EDBC-44EF-AE72-902C85C4698A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-17 17:51:02
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {65514C9F-A1BF-409A-8946-2F75880B2871}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-14 11:34:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {06573DBE-C043-4604-9CCB-006826F84D4A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-10-19 12:32:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-19 12:32:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard M70 Ver. 01.26 03/03/2020
Motherboard: Hewlett-Packard 2253
Processor: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 20%
Total physical RAM: 32425.09 MB
Available physical RAM: 25842.5 MB
Total Virtual: 37289.09 MB
Available Virtual: 30275.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:474.67 GB) (Free:398.12 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:877.87 GB) NTFS

\\?\Volume{89cb27a3-156a-4c52-a72d-cb37427e75a7}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{b7575ee5-0133-4211-b473-af1ead6640fb}\ () (Fixed) (Total:0.6 GB) (Free:0.08 GB) NTFS
\\?\Volume{c7fe71f2-19f0-4d4c-a5a0-0d48418a34aa}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 12380713)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F0A54438)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:27
od Rudy
Zdravím!
Heslo k mailu si změňte a na výzvy o výkupném nereagujte. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:32
od VitaP73
Byl to služební mail a začaly tam lítat spamy a ajťáci ho blokli, heslo jsem změnil v práci, ale tvrdili, že jejich systém je čistý a mám zkontrolovat domací noťas.
****************************

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-19-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Scanned: 31990
# Detected: 9


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\User\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}


AdwCleaner[S00].txt - [2512 octets] - [19/10/2021 12:53:43]
AdwCleaner[S01].txt - [2573 octets] - [19/10/2021 12:56:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 12:39
od VitaP73
Ještě log z HIJACKTHIS
***************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:38:28, on 18.10.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1202)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\User\OneDrive\Dokumenty\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.50\BHO\ie_to_edge_bho.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [OneDrive] "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Polar FlowSync] C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe"
O4 - Startup: EOS Utility.lnk = C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
O9 - Extra button: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_1c26cc8 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @oem49.inf,%HP.HotKeyServiceUWP%;HP Hotkey UWP Service (HotKeyServiceUWP) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
O23 - Service: HP App Helper HSA Service (HPAppHelperCap) - HP Inc. - C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
O23 - Service: HP Diagnostics HSA Service (HPDiagsCap) - HP Inc. - C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
O23 - Service: HP Network HSA Service (HPNetworkCap) - HP Inc. - C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
O23 - Service: HP System Info HSA Service (HPSysInfoCap) - HP Inc. - C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
O23 - Service: @oem30.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @oem49.inf,%HP.LanWlanWwanSwitchingServiceUWP%;HP LAN/WLAN/WWAN Switching UWP Service (LanWlanWwanSwitchingServiceUWP) - HP Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\WINDOWS\system32\nvwmi64.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem26.inf,%ss_conn_launcher.SvcDesc%;SAMSUNG Mobile USB Connectivity Launcher (ss_conn_launcher_service) - Unknown owner - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10622 bytes

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 14:08
od Rudy
V ADW jen preinstalled, jde o utility od HP, neškodné. Log HJT nepotřebuji, není s desítkami plně kompatibilní. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.33\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.83\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\...\RunOnce: [auup697] => C:\Program Files\Avast Software\Avast\setup\auup697.exe [161560 2021-10-19] (Avast Software s.r.o. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0F34549C-1D93-44E7-9327-7E9692FE0963} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
Task: {CA8C48C4-31B9-4B2A-B50B-4CA24F2071C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core

EmptyTemp:
End
Uložte do C:\Users\User\OneDrive\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 14:18
od VitaP73
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2021
Ran by VitaP (19-10-2021 15:14:06) Run:1
Running from C:\Users\User\OneDrive\Desktop
Loaded Profiles: VitaP
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.33\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.83\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\...\RunOnce: [auup697] => C:\Program Files\Avast Software\Avast\setup\auup697.exe [161560 2021-10-19] (Avast Software s.r.o. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0F34549C-1D93-44E7-9327-7E9692FE0963} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
Task: {CA8C48C4-31B9-4B2A-B50B-4CA24F2071C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [155592 2020-12-04] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-3365570366-2328952219-2946547156-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\auup697" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F34549C-1D93-44E7-9327-7E9692FE0963}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F34549C-1D93-44E7-9327-7E9692FE0963}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA8C48C4-31B9-4B2A-B50B-4CA24F2071C6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA8C48C4-31B9-4B2A-B50B-4CA24F2071C6}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA" => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001UA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3365570366-2328952219-2946547156-1001Core" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 72839486 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 14852094 B
Edge => 5127312 B
Chrome => 159466984 B
Firefox => 205033663 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4178 B
NetworkService => 628812 B
User => 18024263 B

RecycleBin => 0 B
EmptyTemp: => 455.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:15:16 ====

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 14:59
od Rudy
Smazáno, log by již měl být OK.

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 15:22
od VitaP73
Jsem bývalý ajťák, akorát to se Win vlezly na pár disket 3,5", takže tohle už je pro mě španělská vesnice. I tak bych poprosil o stručný popis toho, co bylo s notebookem na začátku, co se provedlo a proč...
Moc děkuji

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 16:09
od Rudy
ADW nalezl jen neškodné utility od HP. OS je od nich a tak obsehuje předistalovaný firemní sw a ADW jej detekuje. Můžete je sice smazat (po zaškrtnutí v seznamu nálezů), je to ale zbytečné. Ve FRST jsem nenalezl nic, s vyjímkou:
HKLM\...\RunOnce: [auup697] => C:\Program Files\Avast Software\Avast\setup\auup697.exe
Soubor je podezřelý, k Avastu nepatří a Google jej nezná. Může být škodlivý, ale nemusí. Dal jsem ho do mazacího skriptu. Jinak nebylo nic nalezeno.
Hacker zřejmě použil brute force utilitu ke zjištění hesla. To se může opakovat i po jeho změně. Je třeba mít "silné" heslo (malá i velká písmena, číslice i diakritické znak, nejméně 8 místné.

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 16:24
od VitaP73
Hesla jsme museli hromadně změnit před x měsíci, právě, aby byla silná. Nikde jinde ho, pochopitelně, nepoužívám a ani na ten mail nechodím, nechávám si přeposílat zprávy na soukromý. Jdu tam možná 4x do roka udělat pouze pořádek. Takže kdybych měl "pod dozorem" domácí notebook, určitě by chtěl výkupné za úplně jiné přístupy. Ale jistota je jistota. A děkuji za kontrolu a pomoc!

Re: Kontrola po mailu od hackera

Napsal: 19 říj 2021 16:58
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz