VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezřelý odkaz v mailu

https://forum.viry.cz:443/viewtopic.php?t=158540

Stránka 1 z 1

Podezřelý odkaz v mailu

Napsal: 11 úno 2022 17:41
od akrob
Dobrý den. I přes neustálé varování manželka klikla na odkaz v mailu, který přišel z adresy kamarádky. V textové příloze posílám jak odkaz zobrazený v mailu, tak skutečný odkaz vytvořený "kopírovat adresu odkazu". Stalo se to na druhém ntb, který jsem ihned odpojil ze sítě. Bylo by nějakým způsobem možné zjistit, co spuštění uvedeného okazu způsobilo? Dotčený ntb nechci zatím připojovat do sítě.
Děkuji
Petr

Re: Podezřelý odkaz v mailu

Napsal: 11 úno 2022 18:05
od Rudy
Zdravím!
https://jytadu.page.link je podle mne nesmyslný odkaz. Po zadání celeého odkazu jste přesměrován na web Novy, kde je článek o P. Kellerovi. Pro jistotu dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 z onoho NB.

Re: Podezřelý odkaz v mailu

Napsal: 11 úno 2022 18:22
od akrob
Jenom pro úplnost, té kamarádce od které přišel ten odkaz někdo ovládl mailovou schránku a teď z ní odesílá tyto odkazy...Adwcleaner nic nenašel, windowsovský antivir jenom nějaké blbosti...
Odkaz manželka otevřela pod "místním účtem", posílám logy vytvořené pod účtem admina:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by PR-NTB-LenovoIP100 (administrator) on NTB-LENOVOIP100 (LENOVO 80QQ) (11-02-2022 18:06:38)
Running from C:\Users\PR-NTB-LenovoIP100\Desktop
Loaded Profiles: PR-NTB-LenovoIP100
Platform: Microsoft Windows 10 Home Version 21H2 19044.1526 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\OneDrive\22.002.0103.0004\FileCoAuth.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => c:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\Run: [Svátky a výročí] => C:\Program Files (x86)\OKsoftware\Svátky a výročí\Vyroci.exe [1019904 2006-04-28] (Igor Gottwald - OKsoftware) [File not signed]
HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\Run: [Opera Browser Assistant] => C:\Users\PR-NTB-LenovoIP100\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3366040 2021-01-14] (Opera Software AS -> Opera Software)
HKLM\...\Windows x64\Print Processors\Canon TS6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDP.DLL [482816 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6100 series: C:\WINDOWS\system32\CNMLMDP.DLL [1302016 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.82\Installer\chrmstp.exe [2022-02-04] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008433F1-2854-42E9-A0FA-C6461318CAB0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {0674DB5C-1C29-43DD-804D-81667C55BA4D} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {06942BC4-EC2F-47E2-9B35-0616B320459F} - \Lenovo\ImController\TimeBasedEvents\0c04dec6-bc8a-4a2e-a45f-fe1a0eeac299 -> No File <==== ATTENTION
Task: {0AD51585-5781-4285-9232-1090550EE838} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {0C8CB8E1-DCA7-4446-A414-F486FB301278} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {2222F697-C3E5-4EB8-A691-E06A187EE19F} - System32\Tasks\CCleanerSkipUAC - PR-NTB-LenovoIP100 => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2A219CA9-6364-40BE-9377-C127B50D1572} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {2C652CB8-6F02-4B5F-A6CE-B00490FA5474} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2F7202BB-E430-4527-943D-1060C8819B4B} - \Lenovo\ImController\TimeBasedEvents\1af3368d-fc82-40dd-88d7-12a37ac2a62e -> No File <==== ATTENTION
Task: {41DF370A-ED44-4E1D-86E7-7ADB3BF5458E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {4593F3DD-0F10-4336-AFDE-FD3BCF239E6D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-13] (Adobe Inc. -> Adobe)
Task: {4F35A000-A7CD-439E-8712-1DFB58A20599} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4190296 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {59936154-7C29-43F8-8E7B-83633B022093} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {60C74B0F-00DF-435F-BE96-F8BBA4793E4E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {6255A011-E944-47F2-894C-30070863067A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-13] (Adobe Inc. -> Adobe)
Task: {6A9D4B22-5ECE-487A-8676-FB6FCE58B0E3} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (No File)
Task: {74FD8FBD-9B24-45D6-AC3F-505A3912E358} - \Lenovo\ImController\TimeBasedEvents\f5582b1c-44d4-4c75-896d-2efe1b15da55 -> No File <==== ATTENTION
Task: {7C71414E-5315-43C0-9616-6BF23067C7CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880112 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F944121-492B-4C74-9634-F79D916E98FD} - System32\Tasks\Opera scheduled assistant Autoupdate 1611073437 => C:\Users\PR-NTB-LenovoIP100\AppData\Local\Programs\Opera\launcher.exe [2333904 2022-01-26] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PR-NTB-LenovoIP100\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {830519E8-F5FB-4A38-83A9-95087A184656} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8400C71B-02BB-4F45-B174-820842EB48F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8CA7A606-E7B6-4DBC-87FE-E68A3B97DEA4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1172360 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {8EC8D043-DBB4-42A4-A303-9860A6F0BA0C} - \Lenovo\ImController\TimeBasedEvents\5f903869-39ee-431b-b5ff-4aa8a94a1d8b -> No File <==== ATTENTION
Task: {90ED3879-6959-4C5A-8303-75179C22D158} - System32\Tasks\Opera scheduled Autoupdate 1611073430 => C:\Users\PR-NTB-LenovoIP100\AppData\Local\Programs\Opera\launcher.exe [2333904 2022-01-26] (Opera Software AS -> Opera Software)
Task: {A8C2597E-3E9B-4079-B320-7A279AE83E3B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAA36B05-5224-493E-B80E-753D2F5B5DF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAE1E0FD-016A-489E-8630-A1A536BA18BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFA9517C-FDC7-4DB4-BD2E-2E54E289BF91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B55B3728-58D6-452B-A467-DBED288E9DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {B7E31196-AFC0-42BF-A596-E709F4644B72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CAB16740-BB7F-4D0C-80D3-1E4ACBFA5A4E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {D1FE494C-7C62-42A7-B7C6-A7440C060E75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {D56363DE-E251-4583-AB64-EB1878DD61B4} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {EC6C738A-311F-4DFA-AB13-1CAEAA82D930} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\ScheduleEventAction.exe [26408 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
Task: {FDAF2470-A751-4E68-8C9C-7F3D78C5FC16} - \Lenovo\ImController\TimeBasedEvents\8bc15486-59e6-43fc-a4e1-eb8af6a89904 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{78a3737b-d430-4d41-9e10-0a4a830ab5a4}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{89015597-8503-41ae-ba5c-459ae7832d0b}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{b41bb53d-0be6-41e5-99f2-beadbe2369fa}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{ee9d9e02-2b4e-4606-b860-46597fc95a40}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-09]
Edge HomePage: Default -> hxxps://google.cz/
Edge StartupUrls: Default -> "hxxps://www.google.cz/?hl=cs","hxxps://www.seznam.cz/"
Edge Extension: (Outlook) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-12]
Edge Extension: (I don't care about cookies) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2022-01-22]
Edge Extension: (Word) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-12]
Edge Extension: (Excel) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-12]
Edge Extension: (uBlock Origin) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-01-24]
Edge Extension: (PowerPoint) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-12]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-13] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default [2022-02-11]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://meeting.policie.cz
CHR HomePage: Default -> hxxps://google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.cz/?hl=cs","hxxps://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-07]
CHR Extension: (Dokumenty) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-07]
CHR Extension: (Disk Google) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-07]
CHR Extension: (uBlock Origin) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-02-11]
CHR Extension: (Tabulky) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-07]
CHR Extension: (I don't care about cookies) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2022-01-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\PR-NTB-LenovoIP100\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]

Opera:
=======
OPR Profile: C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Opera Software\Opera Stable [2022-02-09]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-02-09]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-13] (Adobe Inc. -> Adobe)
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.10.26.0\LenovoVantageService.exe [31016 2021-12-14] (Lenovo -> Lenovo Group Ltd.)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-09] (Microsoft Windows -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13341480 2021-11-06] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 glavcam; C:\WINDOWS\system32\DRIVERS\glavcam.sys [3476736 2015-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
R3 MpKsl3f891f56; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AA44A71-2C12-41C9-89DE-3C2498E99D30}\MpKslDrv.sys [135440 2022-02-11] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-09] (Microsoft Windows -> Microsoft Corporation)
S3 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-11 18:06 - 2022-02-11 18:08 - 000023008 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\FRST.txt
2022-02-11 18:05 - 2022-02-11 18:07 - 000000000 ____D C:\FRST
2022-02-11 17:45 - 2022-02-11 17:42 - 002311680 _____ (Farbar) C:\Users\PR-NTB-LenovoIP100\Desktop\FRST64.exe
2022-02-11 16:45 - 2022-02-11 16:45 - 099352576 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-10 12:59 - 2022-02-10 12:59 - 000068704 _____ C:\Users\Rodina\Downloads\Kalkulačka-simulace_přelom_21-22_291221_V1-zamknuto (1).xlsm
2022-02-10 12:58 - 2022-02-10 12:58 - 000068704 _____ C:\Users\Rodina\Downloads\Kalkulačka-simulace_přelom_21-22_291221_V1-zamknuto.xlsm
2022-02-09 19:35 - 2022-02-09 19:35 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-09 19:23 - 2022-02-09 19:23 - 000000000 ___HD C:\$WinREAgent
2022-02-04 15:04 - 2022-02-04 15:04 - 001574524 _____ C:\Users\PR-NTB-LenovoIP100\Documents\IMG_20220204_0001.pdf
2022-02-04 13:17 - 2022-02-04 15:08 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\Desktop\Elekřina 2022-přechod k LAMA
2022-02-04 10:37 - 2022-02-04 10:37 - 000696094 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\smlouva p. Riedl.pdf
2022-02-04 10:37 - 2022-02-04 10:37 - 000217353 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\plná moc p. Riedl ml.pdf
2022-02-04 10:37 - 2022-02-04 10:37 - 000217352 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\plná moc p. Riedl st.pdf
2022-02-04 10:37 - 2022-02-04 10:37 - 000195844 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\INDIVIDUAL_elektřina_VIP_LE_2022.pdf
2022-02-02 18:14 - 2022-02-02 18:16 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\Desktop\2022-01-29-Ovar Ve Dvoře - leden 2022
2022-01-30 21:35 - 2022-01-30 21:35 - 000660522 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\priznani-k-dani-z-nemovitych-veci-list-k-dani-z-pozemku.pdf
2022-01-30 21:32 - 2022-01-30 21:32 - 000328124 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Daň z nemovitosti.rar
2022-01-30 21:30 - 2022-01-30 21:31 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\Desktop\Daň z nemovitosti
2022-01-30 16:04 - 2022-01-30 16:04 - 000001582 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\DNEDP4-7210094595-20220130-155729-pracovni.xml
2022-01-27 18:49 - 2022-01-27 18:49 - 000146049 _____ C:\Users\PR-NTB-LenovoIP100\Downloads\OckovaciCertifikat (1).pdf
2022-01-27 17:46 - 2022-01-27 17:46 - 000463439 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\EON-nabídka Polešovice.pdf
2022-01-26 18:06 - 2022-01-26 18:06 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-01-26 18:06 - 2022-01-26 18:06 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-01-26 18:06 - 2022-01-26 18:06 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-01-26 18:06 - 2022-01-26 18:06 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-01-24 19:46 - 2022-01-24 19:54 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\Desktop\2022-01-21-chata Vrbno pod Pradědem
2022-01-24 14:35 - 2022-01-13 01:06 - 000109312 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2022-01-24 10:19 - 2022-01-24 10:19 - 000376066 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Pojisteni_vozidla_6331956768.PDF
2022-01-23 18:05 - 2022-01-23 18:05 - 000145996 _____ C:\Users\Rodina\Downloads\OckovaciCertifikat (4).pdf
2022-01-23 18:04 - 2022-01-23 18:04 - 000145996 _____ C:\Users\Rodina\Downloads\OckovaciCertifikat (3).pdf
2022-01-23 18:02 - 2022-01-23 18:02 - 000147038 _____ C:\Users\Rodina\Downloads\CertifikatTestu.pdf
2022-01-21 20:29 - 2022-01-21 20:29 - 000000070 _____ C:\Users\Rodina\Desktop\Míša registrace Ski Karlov.txt
2022-01-21 20:28 - 2022-01-21 20:28 - 000000000 _____ C:\Users\Rodina\Desktop\Nový textový dokument.txt
2022-01-15 20:35 - 2022-01-15 20:35 - 006901672 _____ C:\Users\Rodina\Downloads\MATEMATICKÁ PREGRAMOTNOST (1).pptx
2022-01-15 15:45 - 2022-01-15 16:06 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\Desktop\2022-01-14-Chata Lhota u Vsetína-leden 2022
2022-01-15 08:36 - 2022-01-15 08:36 - 000067494 _____ C:\Users\Rodina\Downloads\pravovni nastroje.pdf
2022-01-15 08:32 - 2022-01-15 08:32 - 000127031 _____ C:\Users\Rodina\Downloads\zrakove vnimani-images.zip
2022-01-15 08:31 - 2022-01-15 08:31 - 000055047 _____ C:\Users\Rodina\Downloads\zrakove vnimani.pdf
2022-01-15 08:26 - 2022-01-15 08:26 - 005778264 _____ C:\Users\Rodina\Downloads\vnimani prostoru-images.zip
2022-01-15 08:24 - 2022-01-15 08:24 - 002898049 _____ C:\Users\Rodina\Downloads\vnimani prostoru.pdf
2022-01-14 13:18 - 2022-01-14 13:18 - 000029044 _____ C:\Users\Rodina\Desktop\Riedlová_-_výkaz_12-21.xlsx
2022-01-14 13:17 - 2022-01-14 13:17 - 000029125 _____ C:\Users\Rodina\Downloads\Riedlová_-_výkaz_12-21.xlsx
2022-01-13 15:56 - 2022-01-13 15:56 - 000000000 ____D C:\Users\Rodina\AppData\Local\CEF
2022-01-12 02:39 - 2022-01-12 02:39 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-12 02:39 - 2022-01-12 02:39 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-11 17:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-11 17:50 - 2020-10-24 03:13 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-02-11 17:45 - 2020-09-27 06:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-11 16:50 - 2020-10-24 03:16 - 001837734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-11 16:50 - 2019-12-07 15:41 - 000764800 _____ C:\WINDOWS\system32\perfh005.dat
2022-02-11 16:50 - 2019-12-07 15:41 - 000170408 _____ C:\WINDOWS\system32\perfc005.dat
2022-02-11 16:50 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-11 16:46 - 2021-02-15 21:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-02-11 16:46 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-11 16:46 - 2020-09-07 15:39 - 000000000 ____D C:\Program Files\CCleaner
2022-02-11 16:46 - 2020-09-07 13:27 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-11 16:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-11 16:45 - 2020-09-17 15:31 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-11 16:38 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-02-11 16:35 - 2021-04-06 14:57 - 000000000 ____D C:\Users\Rodina\AppData\Local\Lenovo
2022-02-11 16:35 - 2021-04-05 19:45 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\AppData\Local\Lenovo
2022-02-11 16:35 - 2021-04-05 19:44 - 000000000 ____D C:\WINDOWS\Lenovo
2022-02-11 16:35 - 2021-04-05 19:23 - 000000000 ____D C:\ProgramData\Lenovo
2022-02-11 16:35 - 2021-04-05 19:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-02-10 13:00 - 2020-09-07 14:58 - 000000000 ____D C:\Users\Rodina\AppData\Local\Packages
2022-02-10 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-09 21:37 - 2020-09-27 08:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-09 21:30 - 2020-09-27 06:50 - 000437000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-09 21:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-09 21:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-09 21:29 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-02-09 19:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-09 19:23 - 2020-09-07 14:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-09 19:19 - 2020-09-07 15:54 - 000000400 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Nastavení sítě.txt
2022-02-09 19:19 - 2020-09-07 14:07 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-04 17:38 - 2021-09-11 06:36 - 000000153 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Česká pošta.txt
2022-02-04 17:38 - 2020-09-17 05:05 - 000013861 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Kopie-nová-2021.txt
2022-02-04 16:15 - 2020-09-07 13:33 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\AppData\Local\Packages
2022-02-04 16:14 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-04 15:57 - 2020-09-27 08:53 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-04 11:25 - 2020-09-07 14:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-04 11:25 - 2020-09-07 14:31 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-02 05:07 - 2020-09-07 16:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-01 18:02 - 2021-01-19 17:23 - 000004310 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1611073430
2022-02-01 18:02 - 2021-01-19 17:23 - 000001524 _____ C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-30 15:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-01-28 16:42 - 2020-09-27 08:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-28 16:42 - 2020-09-27 08:53 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-26 18:17 - 2021-12-13 04:40 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-46483122-774113591-3416330832-1001
2022-01-26 18:17 - 2020-10-24 03:13 - 000003400 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-46483122-774113591-3416330832-1001
2022-01-26 18:17 - 2020-10-24 02:55 - 000002412 _____ C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-01-26 18:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-26 18:06 - 2020-09-27 08:53 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-01-24 10:15 - 2021-08-28 05:40 - 000000893 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\WizTree.lnk
2022-01-24 10:15 - 2021-03-18 18:33 - 000001914 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\grping.lnk
2022-01-24 10:15 - 2021-01-13 17:08 - 000002656 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Windows 7 USB DVD Download Tool.lnk
2022-01-24 10:15 - 2020-11-01 16:43 - 000001120 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Plane Arcade.lnk
2022-01-24 10:15 - 2020-10-25 10:57 - 000001096 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Adobe Photoshop 2020.lnk
2022-01-24 10:15 - 2020-10-24 08:25 - 000001924 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\FreeRapid 0.9u4.lnk
2022-01-24 10:15 - 2020-10-20 21:25 - 000001982 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Vistumbler.lnk
2022-01-24 10:15 - 2020-09-08 13:07 - 000001116 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\Rajče.lnk
2022-01-24 10:15 - 2020-09-07 18:36 - 000000984 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\XnView.lnk
2022-01-24 10:15 - 2020-09-07 17:42 - 000002279 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\IJ Network Scanner Selector EX2.lnk
2022-01-24 10:15 - 2020-09-07 17:42 - 000002156 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\IJ Scan Utility.lnk
2022-01-24 10:15 - 2020-09-07 17:42 - 000002083 _____ C:\Users\PR-NTB-LenovoIP100\Desktop\IJ Printer Assistant Tool.lnk
2022-01-16 07:51 - 2021-11-15 20:43 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\AppData\Local\CrashDumps
2022-01-16 05:23 - 2021-12-23 07:43 - 000000000 ____D C:\Users\Rodina\AppData\Local\CrashDumps
2022-01-15 21:10 - 2022-01-08 13:46 - 003189976 _____ C:\Users\Rodina\Downloads\2.A_PORTFOLIO_INF_2_rocnik_2021 (1).pdf
2022-01-15 21:10 - 2022-01-08 12:35 - 029020962 _____ C:\Users\Rodina\Downloads\2.A_PORTFOLIO_INF_2_rocnik_2021 (1).pptx
2022-01-14 03:12 - 2020-09-07 18:47 - 000000000 ____D C:\Users\PR-NTB-LenovoIP100\AppData\Local\Adobe
2022-01-13 15:56 - 2020-09-07 19:03 - 000000000 ____D C:\Users\Rodina\AppData\Local\Adobe
2022-01-13 01:07 - 2021-06-16 23:28 - 000064248 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2022-01-13 01:06 - 2021-04-05 19:44 - 000109312 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2022-01-13 01:06 - 2020-09-24 22:19 - 000431016 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2022-01-12 20:11 - 2020-10-24 03:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-12 20:11 - 2020-09-07 18:49 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-12 03:10 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-12 03:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-12 03:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe

==================== Files in the root of some directories ========

2020-11-16 17:23 - 2020-11-16 17:23 - 000000106 _____ () C:\Users\PR-NTB-LenovoIP100\AppData\Local\fusioncache.dat
2021-09-29 03:48 - 2021-09-29 03:48 - 000007597 _____ () C:\Users\PR-NTB-LenovoIP100\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by PR-NTB-LenovoIP100 (11-02-2022 18:12:29)
Running from C:\Users\PR-NTB-LenovoIP100\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1526 (X64) (2020-10-24 02:14:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-46483122-774113591-3416330832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-46483122-774113591-3416330832-503 - Limited - Disabled)
Guest (S-1-5-21-46483122-774113591-3416330832-501 - Limited - Disabled)
PR-NTB-LenovoIP100 (S-1-5-21-46483122-774113591-3416330832-1001 - Administrator - Enabled) => C:\Users\PR-NTB-LenovoIP100
Rodina (S-1-5-21-46483122-774113591-3416330832-1002 - Limited - Enabled) => C:\Users\Rodina
WDAGUtilityAccount (S-1-5-21-46483122-774113591-3416330832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.453 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2) (Version: 21.2.0.225 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
calibre 64bit (HKLM\...\{86456E34-59FB-4AFC-9325-109AEB0728A8}) (Version: 5.31.1 - Kovid Goyal)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.00.1.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.)
Canon TS6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6100_series) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.29.53 - Conexant)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
Excel (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.82 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GrPing 1.3 (HKLM-x32\...\GrPing) (Version: - )
IBM i2 Chart Reader 9 (HKLM-x32\...\{BEE6A754-0667-465D-9653-A07BFA82E517}) (Version: 9.2.0 - IBM)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E8266049-8C7B-4A09-9E11-8BD100E0076A}) (Version: 8.0.1.2376 - GenesysLogic)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.10.26.0 - Lenovo Group Ltd.)
MediaInfo 20.09 (HKLM\...\MediaInfo) (Version: 20.09 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14827.20158 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-46483122-774113591-3416330832-1002\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 83.0.4254.27 (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\Opera 83.0.4254.27) (Version: 83.0.4254.27 - Opera Software)
Outlook (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Plane Arcade (HKLM-x32\...\Plane Arcade) (Version: - 3D Games Development)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
PowerPoint (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Rajče verze 2.6.2 sestavení 292 (HKLM-x32\...\Rajče.net_is1) (Version: - rajče.net)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0031 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
Svátky a výročí (HKLM-x32\...\{CB28705C-ED60-499A-90DE-E8BC41F75B65}) (Version: 2.09.0115 - Igor Gottwald - OKsoftware)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.13565 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: 10.6.5 - Vistumbler.net)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WizTree v4.01 (HKLM\...\WizTree_is1) (Version: 4.01 - Antibody Software)
Word (HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-18] (LENOVO INC.)
Mapy.cz -> C:\Program Files\WindowsApps\949FFEAB.Mapy.cz_8.1.1.0_x64__refxrrjvvv3cw [2021-06-30] (Seznam.cz a.s.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-08] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.57.43142.0_x64__8wekyb3d8bbwe [2021-11-17] (Microsoft Corporation) [Startup Task]
Pantone Color of the Year 2022 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PantoneColoroftheYear2022_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-14] (Microsoft Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-46483122-774113591-3416330832-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-46483122-774113591-3416330832-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PR-NTB-LenovoIP100\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\PR-NTB-LenovoIP100\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\sharepoint.com -> hxxps://pcrcz-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2022-02-11 16:35 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\
HKU\S-1-5-21-46483122-774113591-3416330832-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-46483122-774113591-3416330832-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX2"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-46483122-774113591-3416330832-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-46483122-774113591-3416330832-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-02-2022 19:45:10 Naplánovaný kontrolní bod
09-02-2022 19:23:16 Instalační služba modulů systému Windows
09-02-2022 19:26:08 Instalační služba modulů systému Windows
11-02-2022 16:34:48 AdwCleaner_BeforeCleaning_11/02/2022_16:34:48

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mikrofon (Conexant SmartAudio HD)
Description: Zvukový koncový bod
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lenovo EasyCamera
Description: Lenovo EasyCamera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: AzureWave
Service: glavcam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/10/2022 11:50:04 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/09/2022 02:01:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/07/2022 04:52:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/06/2022 08:09:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/06/2022 02:01:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/04/2022 02:01:02 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/02/2022 04:58:20 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/01/2022 04:43:34 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/11/2022 05:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:47:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:46:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:46:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ImControllerService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:36:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/11/2022 04:35:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2022-02-11 18:12:13
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\NokiaE52-oživení\Phoenix_Service_Software_2012.50.001.49220\Phoenix_Service_Software_2012.50.001.49220_Cracked.exe; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\NokiaE52-oživení\Phoenix_Service_Software_2012.50.001.49220\Phoenix_Service_Software_2012.50.001.49220_Cracked.exe->(inno#000010)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: NTB-LENOVOIP100\PR-NTB-LenovoIP100
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.12.0, AS: 1.359.12.0, NIS: 1.359.12.0
Verze modulu: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-02-11 18:12:13
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Passview!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\pstpassword.zip->PstPassword.exe; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\pstpassword\PstPassword.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: NTB-LENOVOIP100\PR-NTB-LenovoIP100
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.12.0, AS: 1.359.12.0, NIS: 1.359.12.0
Verze modulu: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-02-11 18:12:13
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Netpass
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\netpass.zip->netpass.exe->(UPX); file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\netpass\netpass.exe->(UPX)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: NTB-LENOVOIP100\PR-NTB-LenovoIP100
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.12.0, AS: 1.359.12.0, NIS: 1.359.12.0
Verze modulu: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-02-11 18:12:13
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/PasswordRevealer
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\mspass.zip->mspass.exe->(UPX); file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\mspass\mspass.exe->(UPX)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: NTB-LENOVOIP100\PR-NTB-LenovoIP100
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.12.0, AS: 1.359.12.0, NIS: 1.359.12.0
Verze modulu: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-02-11 18:12:13
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Mailpassview
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: containerfile:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\mailpv.zip->mailpv.exe; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\mailpv\mailpv.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: NTB-LENOVOIP100\PR-NTB-LenovoIP100
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.359.12.0, AS: 1.359.12.0, NIS: 1.359.12.0
Verze modulu: AM: 1.1.18900.3, NIS: 1.1.18900.3

==================== Memory info ===========================

BIOS: LENOVO E0CN63WW 10/21/2016
Motherboard: LENOVO Nano 5B6
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 80%
Total physical RAM: 4011.01 MB
Available physical RAM: 796.74 MB
Total Virtual: 5675.01 MB
Available Virtual: 2422.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.96 GB) (Free:140.08 GB) NTFS
Drive d: () (Fixed) (Total:464.61 GB) (Free:189.43 GB) NTFS
Drive f: (MISA) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32

\\?\Volume{4642eafb-7433-45af-bb02-19e265c77043}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{10e5f934-7d3e-4ec5-8640-bb4661ef310a}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{1a0b2e34-0c70-4bf2-ba09-26c2fbe18392}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS
\\?\Volume{5b345a1d-e75c-4caa-9b36-d80f0d29d1b6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{34cc2b9d-8eb8-4f7f-b663-c06461d3e71f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: DEF33161)

Partition: GPT.

==========================================================
Disk: 2 (Size: 984 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=984 MB) - (Type=0C)

==================== End of Addition.txt =======================

Re: Podezřelý odkaz v mailu

Napsal: 11 úno 2022 19:01
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {008433F1-2854-42E9-A0FA-C6461318CAB0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {06942BC4-EC2F-47E2-9B35-0616B320459F} - \Lenovo\ImController\TimeBasedEvents\0c04dec6-bc8a-4a2e-a45f-fe1a0eeac299 -> No File <==== ATTENTION
Task: {2A219CA9-6364-40BE-9377-C127B50D1572} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {2F7202BB-E430-4527-943D-1060C8819B4B} - \Lenovo\ImController\TimeBasedEvents\1af3368d-fc82-40dd-88d7-12a37ac2a62e -> No File <==== ATTENTION
Task: {41DF370A-ED44-4E1D-86E7-7ADB3BF5458E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {74FD8FBD-9B24-45D6-AC3F-505A3912E358} - \Lenovo\ImController\TimeBasedEvents\f5582b1c-44d4-4c75-896d-2efe1b15da55 -> No File <==== ATTENTION
ask: {8EC8D043-DBB4-42A4-A303-9860A6F0BA0C} - \Lenovo\ImController\TimeBasedEvents\5f903869-39ee-431b-b5ff-4aa8a94a1d8b -> No File <==== ATTENTION
Task: {B55B3728-58D6-452B-A467-DBED288E9DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {D56363DE-E251-4583-AB64-EB1878DD61B4} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {FDAF2470-A751-4E68-8C9C-7F3D78C5FC16} - \Lenovo\ImController\TimeBasedEvents\8bc15486-59e6-43fc-a4e1-eb8af6a89904 -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\NokiaE52-oživení\Phoenix_Service_Software_2012.50.001.49220\Phoenix_Service_Software_2012.50.001.49220_Cracked.exe
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\pstpassword\PstPassword.exe


EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Podezřelý odkaz v mailu

Napsal: 11 úno 2022 22:05
od akrob
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by PR-NTB-LenovoIP100 (11-02-2022 21:59:46) Run:1
Running from C:\Users\PR-NTB-LenovoIP100\Desktop
Loaded Profiles: PR-NTB-LenovoIP100 & Rodina
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
Task: {008433F1-2854-42E9-A0FA-C6461318CAB0} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {06942BC4-EC2F-47E2-9B35-0616B320459F} - \Lenovo\ImController\TimeBasedEvents\0c04dec6-bc8a-4a2e-a45f-fe1a0eeac299 -> No File <==== ATTENTION
Task: {2A219CA9-6364-40BE-9377-C127B50D1572} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {2F7202BB-E430-4527-943D-1060C8819B4B} - \Lenovo\ImController\TimeBasedEvents\1af3368d-fc82-40dd-88d7-12a37ac2a62e -> No File <==== ATTENTION
Task: {41DF370A-ED44-4E1D-86E7-7ADB3BF5458E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {74FD8FBD-9B24-45D6-AC3F-505A3912E358} - \Lenovo\ImController\TimeBasedEvents\f5582b1c-44d4-4c75-896d-2efe1b15da55 -> No File <==== ATTENTION
ask: {8EC8D043-DBB4-42A4-A303-9860A6F0BA0C} - \Lenovo\ImController\TimeBasedEvents\5f903869-39ee-431b-b5ff-4aa8a94a1d8b -> No File <==== ATTENTION
Task: {B55B3728-58D6-452B-A467-DBED288E9DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-07] (Google LLC -> Google LLC)
Task: {D56363DE-E251-4583-AB64-EB1878DD61B4} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {FDAF2470-A751-4E68-8C9C-7F3D78C5FC16} - \Lenovo\ImController\TimeBasedEvents\8bc15486-59e6-43fc-a4e1-eb8af6a89904 -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\NokiaE52-oživení\Phoenix_Service_Software_2012.50.001.49220\Phoenix_Service_Software_2012.50.001.49220_Cracked.exe
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar
D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\pstpassword\PstPassword.exe


EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{008433F1-2854-42E9-A0FA-C6461318CAB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{008433F1-2854-42E9-A0FA-C6461318CAB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06942BC4-EC2F-47E2-9B35-0616B320459F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06942BC4-EC2F-47E2-9B35-0616B320459F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\0c04dec6-bc8a-4a2e-a45f-fe1a0eeac299" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A219CA9-6364-40BE-9377-C127B50D1572}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A219CA9-6364-40BE-9377-C127B50D1572}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7202BB-E430-4527-943D-1060C8819B4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7202BB-E430-4527-943D-1060C8819B4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1af3368d-fc82-40dd-88d7-12a37ac2a62e" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41DF370A-ED44-4E1D-86E7-7ADB3BF5458E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41DF370A-ED44-4E1D-86E7-7ADB3BF5458E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74FD8FBD-9B24-45D6-AC3F-505A3912E358}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74FD8FBD-9B24-45D6-AC3F-505A3912E358}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\f5582b1c-44d4-4c75-896d-2efe1b15da55" => removed successfully
ask: {8EC8D043-DBB4-42A4-A303-9860A6F0BA0C} - \Lenovo\ImController\TimeBasedEvents\5f903869-39ee-431b-b5ff-4aa8a94a1d8b -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B55B3728-58D6-452B-A467-DBED288E9DE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B55B3728-58D6-452B-A467-DBED288E9DE0}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D56363DE-E251-4583-AB64-EB1878DD61B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56363DE-E251-4583-AB64-EB1878DD61B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDAF2470-A751-4E68-8C9C-7F3D78C5FC16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDAF2470-A751-4E68-8C9C-7F3D78C5FC16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\8bc15486-59e6-43fc-a4e1-eb8af6a89904" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\NokiaE52-oživení\Phoenix_Service_Software_2012.50.001.49220\Phoenix_Service_Software_2012.50.001.49220_Cracked.exe" => not found
"D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar; file:_D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar" => not found
"D:\Záloha-reinstalace-W10-08-2015\Co bys hledal na ploše\Prolomeni hesel.rar->Prolomení hesel\pstpassword\PstPassword.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 287105157 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20378427 B
Edge => 38400 B
Chrome => 683782716 B
Firefox => 0 B
Opera => 27952833 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 522994 B
PR-NTB-LenovoIP100 => 318044361 B
Rodina => 319199460 B

RecycleBin => 1419547321 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-02-2022 22:03:08)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 22:03:08 ====

Re: Podezřelý odkaz v mailu

Napsal: 12 úno 2022 06:55
od akrob
Pořád mám obavy, že ten odkaz mohl spustit něco špatného - viz. příloha - scan na sucuri.net
NTB jsem nechal zkontrolovat online scanery - Eset, KVRT, Adwcleaner...vše OK

Re: Podezřelý odkaz v mailu

Napsal: 12 úno 2022 11:14
od Rudy
Sice myslím, že ne, ale pro klid na duši proskenujte PC pomocí AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co eventuálně najde. Popis v odkazu je na starší verzi.

Re: Podezřelý odkaz v mailu

Napsal: 13 úno 2022 05:26
od akrob
Proskenováno podle návodu, nic to nenašlo, takže snad to bude v pořádku. Alespoň mě to donutilo změnit si hesla a vyčistit počítač...
Díky za pomoc.

Re: Podezřelý odkaz v mailu

Napsal: 13 úno 2022 11:13
od Rudy
OK a rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz