VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Phishing - kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=158418

Stránka 1 z 1

Phishing - kontrola logu

Napsal: 10 pro 2021 11:45
od Lamík
Dobrý den,

prosím o kontrolu logu, outlook v PC již několikátý den odesílá mým kontaktům email se zavirovaným excelovým souborem. Děkuji!

FRST log zde (addition log pod ním):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2021
Ran by JB (administrator) on TOM (10-12-2021 11:25:07)
Running from C:\Users\JB\Desktop
Loaded Profiles: JB
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(Gaijin Network LTD -> Gaijin) C:\Users\JB\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.2336\SSScheduler.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\McAfee Security Scan\3.11.2336\McUICnt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TimoCom Soft- und Hardware GmbH) [File not signed] C:\TCCARGO\tccargo.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\Run: [TC Login] => c:\tccargo\tccargo.exe [1215488 2018-11-05] (TimoCom Soft- und Hardware GmbH) [File not signed]
HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\Run: [Gaijin.Net Updater] => C:\Users\JB\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-04] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Windows x64\Print Processors\Canon iP2700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA4.DLL [30208 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP2700 series: C:\Windows\system32\CNMLMA4.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-29] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor3: C:\Windows\system32\CNAS0MMK.DLL [32768 2006-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [110264 2013-04-09] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-09-09] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-11-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2336\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2DE9E82D-DC86-4302-84B3-F2CD23E2240D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4469000 2019-01-31] (McAfee, Inc. -> McAfee, Inc.)
Task: {4178AA58-2994-4AA6-902F-31B243AB55B0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_pepper.exe -check pepperplugin (No File)
Task: {512069B8-2428-498D-A2AE-4FED3A106646} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [3661072 2017-01-05] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {6BBAAB3E-C939-4EBC-A76A-15CF4494EB85} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1826800 2018-10-29] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {7957471E-104A-4858-A187-48E362E5EF3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
Task: {8B9D92A0-E9B5-4EC8-A671-5BA30C79CE8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4505368 2014-02-20] (Piriform Ltd -> Piriform Ltd)
Task: {AD145E24-C0C6-4525-B1F1-C124EA4F4867} - System32\Tasks\GoogleUpdateTaskMachineCore1cfe9379221fb76 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {C6BE89C7-693D-4E22-8F6D-6325BFD1F913} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {E545E086-9C43-48DD-8A02-E709F64E3784} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {FAAD875D-EC3C-498C-8E4B-0078E6F164C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 160.218.161.54
Tcpip\..\Interfaces\{C6BA2507-95D9-4093-A356-EB5BAA329479}: [DhcpNameServer] 160.218.161.54

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\JB\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-24]

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default [2021-12-10]
CHR Notifications: Default -> hxxps://my.timocom.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR NewTab: Default -> Not-active:"chrome-extension://niojcggonafbneajjmkpkcigabaobmge/newtabproduct.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/newtabproduct.html"
CHR Extension: (Podepisovací komponenta Signer) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\alldahcdhngmcjagmefklhhecboiigni [2019-03-18]
CHR Extension: (Dokumenty) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Disk Google) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-06]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF (BETA)) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2021-05-10]
CHR Extension: (FilmFanatic (BETA)) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2021-04-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\JB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\elevation_service.exe [1492824 2021-11-11] (Google LLC -> Google LLC) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2336\McCHSvc.exe [416752 2021-11-12] (McAfee, LLC -> McAfee, LLC)
S2 pfmjxbmqasi.aqv; C:\Windows\SysWOW64\Xkscbrekazjopts\pfmjxbmqasi.aqv [264192 2021-12-02] () [File not signed]
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-10 11:25 - 2021-12-10 11:26 - 000019541 _____ C:\Users\JB\Desktop\FRST.txt
2021-12-10 11:24 - 2021-12-10 11:25 - 000000000 ____D C:\FRST
2021-12-10 10:20 - 2021-12-10 10:09 - 005659583 _____ (Swearware) C:\Users\JB\Desktop\ComboFix.exe
2021-12-10 10:20 - 2021-12-10 10:06 - 002311168 _____ (Farbar) C:\Users\JB\Desktop\FRST64.exe
2021-12-08 12:11 - 2021-12-09 08:17 - 000000000 ____D C:\Windows\SysWOW64\Xkscbrekazjopts
2021-11-18 08:35 - 2021-12-07 10:18 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-11-18 08:35 - 2021-11-18 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2021-11-11 11:15 - 2021-11-11 14:02 - 000000000 ____D C:\Users\JB\AppData\Roaming\TeamViewer
2021-11-11 11:15 - 2021-11-11 11:16 - 000000000 ____D C:\Users\JB\AppData\Local\TeamViewer
2021-11-11 11:15 - 2021-11-11 11:15 - 023552720 _____ (TeamViewer) C:\Users\JB\Desktop\TeamViewerQS.exe
2021-11-08 08:31 - 2021-11-08 08:31 - 000155895 _____ C:\Users\JB\Desktop\fvmuyvip.pdf
2021-09-27 10:15 - 2021-09-27 10:15 - 000047521 _____ C:\Users\JB\Desktop\Informace o splatnosti ke smlouve cislo 8089736815.zip

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-10 11:23 - 2014-04-10 08:12 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-10 10:22 - 2011-04-12 09:34 - 000671796 _____ C:\Windows\system32\perfh005.dat
2021-12-10 10:22 - 2011-04-12 09:34 - 000142392 _____ C:\Windows\system32\perfc005.dat
2021-12-10 10:22 - 2009-07-14 06:13 - 001591814 _____ C:\Windows\system32\PerfStringBackup.INI
2021-12-10 10:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-12-10 09:59 - 2009-07-14 05:45 - 000032656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-12-10 09:59 - 2009-07-14 05:45 - 000032656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-12-10 09:54 - 2014-11-06 11:50 - 000000000 ____D C:\ProgramData\MFAData
2021-12-10 07:45 - 2014-04-10 08:12 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2021-12-10 07:45 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-09 13:02 - 2014-05-06 07:57 - 000012953 _____ C:\Users\JB\intlname.ols
2021-12-08 16:11 - 2020-09-09 12:46 - 000000000 ____D C:\Users\JB\Desktop\Skener
2021-12-08 12:48 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-12-08 12:11 - 2014-04-10 07:56 - 000000000 ____D C:\Users\JB
2021-12-08 10:10 - 2019-12-09 12:07 - 000000000 ____D C:\WarThunder
2021-12-07 08:32 - 2018-11-16 12:20 - 000000000 ____D C:\Users\JB\Desktop\Fotky
2021-11-18 08:35 - 2016-05-19 14:31 - 000001973 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2021-11-18 08:35 - 2016-05-19 14:31 - 000000000 ____D C:\Program Files\McAfee Security Scan
2021-11-18 08:35 - 2016-05-12 14:31 - 000000000 ____D C:\ProgramData\McAfee
2021-11-16 08:24 - 2014-04-10 08:12 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-16 08:24 - 2014-04-10 08:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-10 17:00 - 2014-04-10 08:35 - 000000000 ____D C:\Windows\system32\MRT
2021-11-10 16:55 - 2014-04-10 08:35 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2015-09-21 10:42 - 2016-11-16 11:04 - 000004096 ____H () C:\Users\JB\AppData\Local\keyfile3.drm

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-11-30 10:47
==================== End of FRST.txt ========================






***************************************************************** ADDITION LOG ************************************






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by JB (10-12-2021 11:28:24)
Running from C:\Users\JB\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2014-04-10 06:56:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3850937480-2948512283-2948898340-500 - Administrator - Disabled)
Guest (S-1-5-21-3850937480-2948512283-2948898340-501 - Limited - Enabled)
JB (S-1-5-21-3850937480-2948512283-2948898340-1000 - Administrator - Enabled) => C:\Users\JB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVG (HKLM\...\{DB04C4B3-6841-4BAA-9885-553D4B423424}) (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{C19A3151-EC41-4DF4-A2A9-14166CB8649E}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.4.1 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.4.1.40030 - CANON INC.)
Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.9.0.0 - CANON INC.)
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
Canon MF440 Series (HKLM\...\{54C446C2-E18C-47be-A1AF-E001373A55EB}) (Version: 6.6.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2336.1 - McAfee, LLC)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.50 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PDF Editor 5 (HKLM-x32\...\PDF Editor 5) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
TC Login (HKLM-x32\...\TC Login) (Version: - )
The Settlers Online - Standalone Client (HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\The Settlers Online) (Version: - )
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.3.200 (HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-10-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2016-10-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\JB\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) =============

2017-01-05 12:50 - 2017-01-05 12:50 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2021-12-02 08:17 - 2021-12-02 08:17 - 000264192 _____ () [File not signed] C:\Windows\SysWOW64\Xkscbrekazjopts\pfmjxbmqasi.aqv
2020-09-09 12:44 - 2018-01-26 07:24 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_cs-CZ.DLL
2020-09-09 12:40 - 2018-01-29 11:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2012-03-14 06:00 - 2012-03-14 04:00 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMA4.DLL
2014-05-05 16:00 - 2012-03-14 04:00 - 000030208 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPDA4.DLL
2019-03-27 22:34 - 2019-03-27 22:34 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2003-07-17 12:41 - 2003-07-17 12:41 - 000925696 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\office11\riched20.dll
2003-06-27 07:18 - 2003-06-27 07:18 - 000413184 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\office11\usp10.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKU\S-1-5-21-3850937480-2948512283-2948898340-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2021-11-18 08:35 - 000000941 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-3850937480-2948512283-2948898340-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-11-2021 16:54:53 Windows Update
19-11-2021 10:26:36 Naplánovaný kontrolní bod
01-12-2021 10:29:42 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/10/2021 07:46:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/09/2021 12:54:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/09/2021 08:18:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/08/2021 08:09:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2021 08:08:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/06/2021 08:12:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/03/2021 08:11:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/02/2021 08:21:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/10/2021 11:33:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/10/2021 07:45:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Prohledávání počítačů byla ukončena s následující chybou:
Zadaná služba není nainstalovaná služba.

Error: (12/10/2021 07:45:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby pfmjxbmqasi.aqv bylo dosaženo časového limitu (30000 ms).

Error: (12/10/2021 07:45:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (12/10/2021 07:45:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Service Installer TrueKey neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/10/2021 07:45:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (12/09/2021 01:30:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba AVG WatchDog se po přijetí pokynu pro vypnutí neukončila správně.

Error: (12/09/2021 01:28:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0607 11/29/2013
Motherboard: ASUSTeK COMPUTER INC. H61M-K
Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 94%
Total physical RAM: 3974.64 MB
Available physical RAM: 224.55 MB
Total Virtual: 7947.43 MB
Available Virtual: 3526.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:832.19 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:14.4 GB) (Free:10.5 GB) FAT32

\\?\Volume{b654a0aa-c07c-11e3-9e6c-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 73B8CD10)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 3E5E4CD3)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)

==================== End of Addition.txt =======================

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 12:06
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 12:56
od Lamík
Zdravím! Děkuji za opověď a posílám log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-10-2021
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1544 octets] - [10/12/2021 12:19:44]
AdwCleaner[C00].txt - [1694 octets] - [10/12/2021 12:20:21]
AdwCleaner[S01].txt - [1535 octets] - [10/12/2021 12:21:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 14:00
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: {AD145E24-C0C6-4525-B1F1-C124EA4F4867} - System32\Tasks\GoogleUpdateTaskMachineCore1cfe9379221fb76 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {C6BE89C7-693D-4E22-8F6D-6325BFD1F913} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {E545E086-9C43-48DD-8A02-E709F64E3784} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 14:13
od Lamík
Děkuji, posílám:

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by JB (10-12-2021 14:03:35) Run:1
Running from C:\Users\JB\Desktop
Loaded Profiles: JB
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: {AD145E24-C0C6-4525-B1F1-C124EA4F4867} - System32\Tasks\GoogleUpdateTaskMachineCore1cfe9379221fb76 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {C6BE89C7-693D-4E22-8F6D-6325BFD1F913} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
Task: {E545E086-9C43-48DD-8A02-E709F64E3784} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD145E24-C0C6-4525-B1F1-C124EA4F4867}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD145E24-C0C6-4525-B1F1-C124EA4F4867}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfe9379221fb76 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1cfe9379221fb76" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6BE89C7-693D-4E22-8F6D-6325BFD1F913}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BE89C7-693D-4E22-8F6D-6325BFD1F913}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E545E086-9C43-48DD-8A02-E709F64E3784}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E545E086-9C43-48DD-8A02-E709F64E3784}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41815757 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6781246004 B
Edge => 0 B
Chrome => 1028756720 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 7951028 B
systemprofile32 => 8017384 B
LocalService => 8083612 B
NetworkService => 8149840 B
JB => 711014824 B

RecycleBin => 0 B
EmptyTemp: => 8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:04:36 ====

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 14:53
od Rudy
Smazáno, log by již měl být OK. Doporučuji změnit si heslo na mail.

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 15:44
od Lamík
Mockrát děkuji!

Re: Phishing - kontrola logu

Napsal: 10 pro 2021 15:52
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz