Prosím o kontrolu - napadeno Ransomware Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Brabenecsiafu
nováček
Příspěvky: 28
Registrován: červenec 22
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware  Vyřešeno

Příspěvekod Brabenecsiafu » 09 srp 2022 20:27

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by drjan (administrator) on DESKTOP-17RTQ1L (LENOVO 20351) (09-08-2022 18:33:38)
Running from C:\Users\drjan\OneDrive\Plocha
Loaded Profiles: drjan
Platform: Microsoft Windows 10 Home Version 21H2 19044.1865 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\drjan\AppData\Local\Microsoft\OneDrive\22.141.0703.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.554.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKU\S-1-5-21-1504615263-2154095078-1380061987-1001\...\Run: [MicrosoftEdgeAutoLaunch_13EAA4211EFB414858420240490B61ED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827112 2022-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-09] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {079EB0FA-F5FB-4D65-83EF-706497C79233} - System32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {185ED2FF-0632-45FD-B92C-5DF3B1DE5D86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {21A02C3D-95E6-488F-9582-AFBD91D580B8} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-07-31] (Microsoft Windows -> Microsoft Corporation)
Task: {322BB54A-E43F-4DEA-8643-E814550B4AD0} - System32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {39FB9E64-573C-4931-AA63-577AEB13F05E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-17RTQ1L-drjan DESKTOP-17RTQ1L => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [470720 2016-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {80F9DD1A-576B-41ED-ABF1-D2E52659CECC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\drjan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-08-01] (ESET, spol. s r.o. -> ESET)
Task: {9E01CB1E-F240-4B64-B1E3-0B0488C06B38} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADD7678C-F20F-4A26-A327-17B1844C24A5} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-07-31] (Microsoft Windows -> Microsoft Corporation)
Task: {FB9C90CA-223E-462A-BA02-74C5A9E03A58} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF29D128-607D-42F1-BF1D-AD97182045D1} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\drjan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-08-01] (ESET, spol. s r.o. -> ESET)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{976fe41c-1e11-4952-b885-9cf86326247a}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\drjan\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-09]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Default [2022-08-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-02]
CHR Profile: C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-08-09]
CHR Profile: C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-08-09]
CHR HomePage: Profile 1 -> hxxp://www.centrum.cz/
CHR Extension: (Překladač Google) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-08-02]
CHR Extension: (Dictanote) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aomjekmpappghadlogpigifkghlmebjk [2022-08-02]
CHR Extension: (Tipli do prohlížeče) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-08-02]
CHR Extension: (Sumo) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlgipkaoljiajmolhibpngjppeckkjjp [2022-08-02]
CHR Extension: (Facebook Pixel Helper) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2022-08-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-02]
CHR Extension: (Tlačítko Uložit pro Pinterest) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2022-08-02]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2022-08-02]
CHR Extension: (Grepsr - Web Scraping Tool) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjdijkhlfpeafghibmiabeofkiicdnjm [2022-08-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2022-08-02]
CHR Extension: (Voice Recognition) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2022-08-02]
CHR Extension: (FormApps Extension) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-08-02]
CHR Extension: (Screen Recorder) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jdopnakmnlnccgpfpmjmdjjohmcdgabp [2022-08-02]
CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2022-08-04]
CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2022-08-02]
CHR Extension: (AirDroid Remote Control Plugin) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\macmgoeeggnlnmpiojbcniblabkdjphe [2022-08-02]
CHR Extension: (Morpheon Dark) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-08-02]
CHR Extension: (Scraper) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2022-08-02]
CHR Extension: (Amz Superman Seller tool) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndhncndbgnmheelpkdmldlcdhmieiagm [2022-08-02]
CHR Extension: (Sklik plugin) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nidaimoaiogijcjpfjgkbhooeghpgklf [2022-08-02]
CHR Extension: (Video Downloader PLUS) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2022-08-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-03]
CHR Extension: (AliRadar - помощник в покупках) - C:\Users\drjan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfjibkklgpfcfdlhijfglamdnkjnpdeg [2022-08-02]
CHR Profile: C:\Users\drjan\AppData\Local\Google\Chrome\User Data\System Profile [2022-08-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-07-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-07-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-06 08:10 - 2022-08-06 08:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-08-03 22:27 - 2022-08-03 22:27 - 000000000 ____D C:\Users\drjan\AppData\Local\OneDrive
2022-08-03 17:25 - 2022-08-03 17:25 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2022-08-02 16:54 - 2022-08-02 16:54 - 000000000 ____D C:\Users\drjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2022-08-02 16:47 - 2022-08-09 12:53 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-02 16:47 - 2022-08-02 16:47 - 000000000 ____D C:\Program Files\Google
2022-08-02 16:46 - 2022-08-09 17:52 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-02 16:46 - 2022-08-02 16:54 - 000000000 ____D C:\Users\drjan\AppData\Local\Google
2022-08-02 16:46 - 2022-08-02 16:46 - 001414600 _____ (Google LLC) C:\Users\drjan\Downloads\ChromeSetup.exe
2022-08-02 16:46 - 2022-08-02 16:46 - 000003550 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7}
2022-08-02 16:46 - 2022-08-02 16:46 - 000003426 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1}
2022-08-02 13:27 - 2022-08-02 13:41 - 000000000 ____D C:\Users\drjan\OneDrive\Dokumenty\Soubory aplikace Outlook
2022-08-02 07:33 - 2022-08-02 07:33 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-08-02 07:33 - 2022-08-02 07:33 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-08-02 02:42 - 2022-08-05 15:53 - 000005264 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-17RTQ1L-drjan DESKTOP-17RTQ1L
2022-08-01 21:13 - 2022-08-01 21:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2022-08-01 19:46 - 2022-08-06 10:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2022-08-01 19:45 - 2022-08-01 21:12 - 000000000 ____D C:\Windows\SHELLNEW
2022-08-01 19:45 - 2022-08-01 19:45 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-08-01 19:43 - 2022-08-01 19:43 - 000000000 ____D C:\Windows\PCHEALTH
2022-08-01 19:39 - 2022-08-01 19:43 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-01 19:39 - 2022-08-01 19:39 - 000000000 ____D C:\Users\drjan\AppData\Local\Microsoft Help
2022-08-01 19:39 - 2022-08-01 19:39 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2022-08-01 19:39 - 2022-08-01 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-08-01 19:39 - 2022-08-01 19:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-08-01 14:10 - 2022-08-01 14:10 - 000000000 ____D C:\Users\drjan\AppData\Local\D3DSCache
2022-08-01 07:43 - 2022-08-01 12:14 - 000001382 _____ C:\Users\drjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-08-01 07:43 - 2022-08-01 07:43 - 000000000 ____D C:\Users\drjan\AppData\Local\ESET
2022-08-01 07:42 - 2022-08-01 07:42 - 015274968 _____ (ESET) C:\Users\drjan\Downloads\esetonlinescanner.exe
2022-08-01 07:40 - 2022-08-01 07:40 - 000000000 ____D C:\Users\drjan\AppData\Local\Comms
2022-07-31 21:30 - 2022-08-09 17:44 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-31 21:15 - 2022-07-31 21:15 - 000000000 ____D C:\Windows\SystemTemp
2022-07-31 20:35 - 2022-07-31 20:35 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-31 20:35 - 2022-07-31 20:35 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-07-31 20:35 - 2022-07-31 20:35 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-07-31 20:35 - 2022-07-31 20:35 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-31 20:35 - 2022-07-31 20:35 - 000104448 _____ C:\Windows\system32\nettraceex.dll
2022-07-31 20:35 - 2022-07-31 20:35 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-31 20:35 - 2022-07-31 20:35 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-31 20:35 - 2022-07-31 20:35 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-31 20:35 - 2022-07-31 20:35 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-31 20:34 - 2022-07-31 20:34 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-31 20:34 - 2022-07-31 20:34 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-31 20:34 - 2022-07-31 20:34 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-31 20:34 - 2022-07-31 20:34 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-31 20:34 - 2022-07-31 20:34 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-31 20:34 - 2022-07-31 20:34 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-31 20:34 - 2022-07-31 20:34 - 000011797 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-31 20:33 - 2022-07-31 20:33 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2022-07-31 20:33 - 2022-07-31 20:33 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-07-31 20:32 - 2022-07-31 20:32 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-07-31 20:31 - 2022-07-31 20:31 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-31 20:31 - 2022-07-31 20:31 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-31 20:30 - 2022-07-31 20:30 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2022-07-31 20:30 - 2022-07-31 20:30 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-07-31 20:30 - 2022-07-31 20:30 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-07-31 20:29 - 2022-07-31 20:29 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-31 20:29 - 2022-07-31 20:29 - 000232288 _____ C:\Windows\system32\containerdevicemanagement.dll
2022-07-31 20:29 - 2022-07-31 20:29 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-07-31 20:29 - 2022-07-31 20:29 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-31 20:28 - 2022-07-31 20:28 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-31 20:28 - 2022-07-31 20:28 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-31 20:28 - 2022-07-31 20:28 - 000272896 _____ C:\Windows\system32\TpmTool.exe
2022-07-31 20:28 - 2022-07-31 20:28 - 000162304 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-07-31 20:28 - 2022-07-31 20:28 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-07-31 20:28 - 2022-07-31 20:28 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-07-31 20:11 - 2022-07-31 20:11 - 000000000 ___HD C:\OneDriveTemp
2022-07-31 20:11 - 2020-10-21 10:16 - 000000173 ____R C:\Users\drjan\OneDrive\Dokumenty\Poznámkový blok uživatele Jan.url
2022-07-31 20:11 - 2016-04-19 06:59 - 006582678 _____ C:\Users\drjan\OneDrive\Dokumenty\Navod_na_zarabanie_cez_Amazon.pdf
2022-07-31 20:11 - 2015-11-29 14:28 - 001129595 _____ C:\Users\drjan\OneDrive\Dokumenty\CopyPasteCommission CZ.pdf
2022-07-31 20:10 - 2022-08-01 20:12 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1504615263-2154095078-1380061987-1001
2022-07-31 20:10 - 2022-08-01 20:12 - 000002381 _____ C:\Users\drjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-31 20:06 - 2022-08-09 17:48 - 000000000 ___RD C:\Users\drjan\OneDrive
2022-07-31 20:06 - 2022-08-01 20:12 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1504615263-2154095078-1380061987-1001
2022-07-31 20:00 - 2022-07-31 20:00 - 000000000 ___HD C:\$WinREAgent
2022-07-31 19:52 - 2022-07-31 19:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-31 19:40 - 2022-08-04 16:10 - 000000000 ____D C:\Users\drjan\AppData\Local\PlaceholderTileLogoFolder
2022-07-31 19:35 - 2022-07-31 19:43 - 000000000 ____D C:\Windows\system32\MRT
2022-07-31 19:34 - 2022-07-31 19:34 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-07-31 19:34 - 2022-07-31 19:34 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-07-31 19:28 - 2022-07-31 19:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-31 19:26 - 2022-08-02 06:08 - 000000000 ____D C:\ProgramData\Packages
2022-07-31 19:26 - 2022-07-31 19:26 - 000000000 ____D C:\Users\drjan\AppData\Local\Publishers
2022-07-31 19:25 - 2022-08-09 17:44 - 000000000 __SHD C:\Users\drjan\IntelGraphicsProfiles
2022-07-31 19:25 - 2022-08-01 14:25 - 000000000 ____D C:\Users\drjan\AppData\Local\Packages
2022-07-31 19:25 - 2022-07-31 21:30 - 000000000 ____D C:\Users\drjan\AppData\Local\ConnectedDevicesPlatform
2022-07-31 19:25 - 2022-07-31 19:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-31 19:25 - 2022-07-31 19:25 - 000000000 ___RD C:\Users\drjan\3D Objects
2022-07-31 19:25 - 2022-07-31 19:25 - 000000000 ____D C:\Users\drjan\AppData\Roaming\Adobe
2022-07-31 19:25 - 2022-07-31 19:25 - 000000000 ____D C:\Users\drjan\AppData\Local\VirtualStore
2022-07-31 19:22 - 2022-07-31 19:22 - 000000020 ___SH C:\Users\drjan\ntuser.ini
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Šablony
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Soubory cookie
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Poslední
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Okolní tiskárny
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Okolní síť
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Nabídka Start
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Dokumenty
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\Data aplikací
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2022-07-31 19:22 - 2022-07-31 19:22 - 000000000 _SHDL C:\Users\drjan\AppData\Local\Data aplikací
2022-07-31 19:21 - 2022-08-09 17:43 - 000000000 ____D C:\Users\drjan
2022-07-31 19:12 - 2022-07-31 19:12 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2022-07-31 19:12 - 2022-07-31 19:12 - 000000000 ____D C:\Program Files\Elantech
2022-07-31 19:12 - 2022-07-31 19:12 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2022-07-31 19:12 - 2017-06-12 01:56 - 000103888 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2022-07-31 19:12 - 2017-06-12 01:56 - 000099792 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2022-07-31 19:11 - 2022-07-31 19:11 - 000000000 ____D C:\Program Files\Intel
2022-07-31 19:10 - 2022-07-31 19:10 - 000000000 ____D C:\Windows\SysWOW64\sda
2022-07-31 19:10 - 2022-07-31 19:10 - 000000000 ____D C:\ProgramData\Realtek
2022-07-31 19:09 - 2022-07-31 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2022-07-31 19:08 - 2022-07-31 19:08 - 000000000 ____D C:\Program Files\Dolby Digital Plus
2022-07-31 19:08 - 2015-04-18 10:26 - 000427224 _____ (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
2022-07-31 19:08 - 2014-11-26 11:01 - 000004664 _____ C:\Windows\system32\Drivers\CxSfPt.dat
2022-07-31 19:08 - 2013-09-30 14:54 - 000001520 _____ C:\Windows\system32\Drivers\SamSfPa.dat
2022-07-31 19:08 - 2013-07-25 14:39 - 000206552 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2022-07-31 19:07 - 2022-07-31 19:08 - 000000000 ____D C:\ProgramData\Conexant
2022-07-31 19:07 - 2022-07-31 19:08 - 000000000 ____D C:\Program Files\CONEXANT
2022-07-31 19:07 - 2022-07-31 19:07 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2022-07-31 18:12 - 2022-08-09 17:50 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Šablony
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Poslední
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Okolní síť
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Dokumenty
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\Data aplikací
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Šablony
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Plocha
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Dokumenty
2022-07-31 18:04 - 2022-07-31 18:04 - 000000000 _SHDL C:\ProgramData\Data aplikací
2022-07-31 17:43 - 2022-08-02 19:47 - 000000000 ____D C:\Windows\Panther
2022-07-31 17:32 - 2022-08-03 21:47 - 000000000 ____D C:\Windows.old
2022-07-31 16:49 - 2022-08-07 04:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-31 16:46 - 2022-08-01 07:38 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-31 16:46 - 2022-08-01 07:38 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-31 16:45 - 2022-07-31 16:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-07-31 16:44 - 2022-08-09 17:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-31 16:44 - 2022-08-09 17:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-31 16:44 - 2022-07-31 21:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-07-31 16:44 - 2022-07-31 16:44 - 000000000 ____D C:\Windows\ServiceProfiles
2022-07-31 16:43 - 2022-08-09 17:43 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-31 16:43 - 2022-08-08 07:15 - 000385264 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-31 09:29 - 2022-08-09 18:34 - 000000000 ____D C:\FRST
2022-07-31 08:15 - 2022-07-31 08:57 - 000000000 ___HD C:\$SysReset
2022-07-30 13:16 - 2022-07-30 13:17 - 000000000 ____D C:\KRD2018_Data
2022-07-28 16:09 - 2022-07-29 15:50 - 000000000 ____D C:\zoek_backup
2022-07-27 11:10 - 2022-07-27 11:10 - 000000000 _____ C:\SophosBootTasks.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-09 18:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-09 18:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-08-09 18:15 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-09 17:50 - 2019-12-07 16:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2022-08-09 17:50 - 2019-12-07 16:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2022-08-09 17:50 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-08-06 10:41 - 2019-12-07 11:14 - 000000167 _____ C:\Windows\win.ini
2022-08-06 08:28 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-05 16:23 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-08-01 21:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-08-01 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-01 07:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2022-07-31 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-31 21:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-07-31 21:15 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-31 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-31 21:15 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2022-07-31 21:01 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-31 19:54 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2022-07-31 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-07-31 19:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-31 18:07 - 2019-12-07 16:42 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-07-31 18:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool
2022-07-31 18:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2022-07-31 17:42 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-07-31 16:46 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-07-26 22:59 - 2017-01-26 12:02 - 000000000 ____D C:\AdwCleaner

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Reklama
Brabenecsiafu
nováček
Příspěvky: 28
Registrován: červenec 22
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware

Příspěvekod Brabenecsiafu » 09 srp 2022 20:29

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by drjan (09-08-2022 18:39:44)
Running from C:\Users\drjan\OneDrive\Plocha
Microsoft Windows 10 Home Version 21H2 19044.1865 (X64) (2022-07-31 16:06:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1504615263-2154095078-1380061987-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1504615263-2154095078-1380061987-503 - Limited - Disabled)
drjan (S-1-5-21-1504615263-2154095078-1380061987-1001 - Administrator - Enabled) => C:\Users\drjan
Guest (S-1-5-21-1504615263-2154095078-1380061987-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1504615263-2154095078-1380061987-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Access MUI (Czech) 2013 (HKLM\...\{90150000-0015-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0015-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Czech) 2013 (HKLM\...\{90150000-0090-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0090-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.47 - Microsoft Corporation)
Microsoft Excel MUI (Czech) 2013 (HKLM\...\{90150000-0016-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0016-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2013 (HKLM\...\{90150000-00BA-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00BA-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Czech) 2013 (HKLM\...\{90150000-0044-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0044-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Czech) 2013 (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office O MUI (Czech) 2013 (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2013 (HKLM\...\{90150000-00E1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00E1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2013 (HKLM\...\{90150000-00E2-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00E2-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing (Czech) 2013 (HKLM\...\{90150000-002C-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-002C-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Czech) 2013 (HKLM\...\{90150000-00C1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00C1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2013 (HKLM\...\{90150000-006E-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-006E-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1504615263-2154095078-1380061987-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2013 (HKLM\...\{90150000-00A1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00A1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2013 (HKLM\...\{90150000-001A-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-001A-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2013 (HKLM\...\{90150000-0018-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0018-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2013 (HKLM\...\{90150000-0019-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0019-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (Czech) 2013 (HKLM\...\{90150000-0017-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2013 (HKLM\...\{90150000-001B-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Word MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-001B-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft X MUI (Czech) 2013 (HKLM\...\{90150000-0101-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{85EB11C5-7793-4386-8F93-3D15494EC269}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1E8252A7-D489-4BB6-9694-93799FFD33ED}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{DABB9E2A-F054-4F97-9EB2-6992316C6EC7}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}_Office15.PROPLUS_{72C9E028-F9E7-4172-AC45-0C8029B591D5}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{4601BD00-BC9B-4CA2-940C-2552782C7347}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{EC915383-0457-4D83-BE7A-009D7841E9C5}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0416-1000-0000000FF1CE}_Office15.PROPLUS_{84C4718D-C949-454F-B6D0-E77C212DBF11}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{3F685A71-DF4A-4AC0-A110-0FA0B7FFD86C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0416-1000-0000000FF1CE}_Office15.PROPLUS_{67811A68-6D8B-4316-8ACB-4AEADC838509}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{6E88843F-58F2-45EB-8C4A-0DDFE45366E1}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{05DE08FE-96EE-4BFE-A731-AE2985231632}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0101-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-08-01] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\drjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\AirDroid Remote Control Plugin.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=macmgoeeggnlnmpiojbcniblabkdjphe
ShortcutWithArgument: C:\Users\drjan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Honza - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2021-08-17] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1504615263-2154095078-1380061987-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows.old\Users\drjan_000\Pictures\wMdk9.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EF2C32F3-DB30-4CA2-8EC7-348342FD60F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{16B9F0F0-B8A9-4877-8EF1-FBB2E383E55E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC80DCBD-7DF6-473D-8A03-9F1BA3B40E32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{386DCD75-9120-4F52-AAA7-B388A4F91EBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{29B8397C-60CE-48DE-88F2-F8208439B312}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9C9A4CF-EFB2-45BB-ABE2-EBF1A565B0CB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7CA9828-5579-4B29-BE94-2D4ACD513E12}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A761DE6C-B900-4C31-9093-8E5DECC4D70F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E7C34B7-0ADB-45A7-9950-1C24A3770CB7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92B5A1EB-1FBE-4EA7-B44A-687144CEEE38}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-08-2022 09:16:10 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Řadič jednoduché komunikace pro sběrnici PCI
Description: Řadič jednoduché komunikace pro sběrnici PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/09/2022 06:33:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 4.8.2022.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 5dc

Čas spuštění: 01d8ac0c926ea0df

Čas ukončení: 19

Cesta k aplikaci: C:\Users\drjan\OneDrive\Plocha\FRST64.exe

ID hlášení: bd1c96fa-7eae-4ba5-99c6-eaf43d8d668f

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (08/09/2022 07:43:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/08/2022 10:14:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/03/2022 10:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.19041.1865 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 21c

Čas spuštění: 01d8a73c0cc20a96

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: ed7bc5c4-8533-47b1-924d-0b3794f454a9

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (07/31/2022 09:14:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/31/2022 07:12:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxTray.exe, verze: 0.0.0.0, časové razítko: 0x58dabd92
Název chybujícího modulu: igfxTray.exe, verze: 0.0.0.0, časové razítko: 0x58dabd92
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000001de48
ID chybujícího procesu: 0x1814
Čas spuštění chybující aplikace: 0x01d8a500aa25d053
Cesta k chybující aplikaci: C:\Windows\system32\igfxTray.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxTray.exe
ID zprávy: 0f450ef8-7b63-4f89-8938-d4320873c245
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/31/2022 06:10:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x8007139F
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent

Error: (07/31/2022 04:49:19 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (08/09/2022 06:19:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200b): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.373.24.0).

Error: (08/09/2022 06:16:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (08/09/2022 05:51:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (08/09/2022 05:50:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime přestala během spouštění reagovat.

Error: (08/09/2022 05:48:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (08/09/2022 05:43:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (08/09/2022 05:43:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/09/2022 05:43:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:18:47, ‎09.‎08.‎2022) bylo neočekávané.


==================== Memory info ===========================

BIOS: LENOVO 9ACN29WW 10/20/2014
Motherboard: LENOVO Lancer 5A2
Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 8100.27 MB
Available physical RAM: 3318.7 MB
Total Virtual: 9380.27 MB
Available Virtual: 4201.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.2 GB) (Free:209.25 GB) (Model: ST1000LM024 HN-M101MBB) NTFS
Drive d: () (Removable) (Total:3.8 GB) (Free:3.29 GB) NTFS

\\?\Volume{5922363b-3d8f-4844-8c32-3b78de90dfa8}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.06 GB) NTFS
\\?\Volume{8ad169b1-e419-4830-b1a3-f2a8dd7673ae}\ () (Fixed) (Total:0.79 GB) (Free:0.3 GB) NTFS
\\?\Volume{21b46fe0-8e42-41f7-8a61-98a9c225f336}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware

Příspěvekod jaro3 » 09 srp 2022 22:58

Vše přeneseno z té zálohy už dříve?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Task: {079EB0FA-F5FB-4D65-83EF-706497C79233} - System32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {322BB54A-E43F-4DEA-8643-E814550B4AD0} - System32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1}
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Brabenecsiafu
nováček
Příspěvky: 28
Registrován: červenec 22
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware

Příspěvekod Brabenecsiafu » 11 srp 2022 16:51

Přenesl jsem si celou plochu, kde jsem měl všechna data. Ostatní programy si nainstaluji dle potřeby z nového zdroje.

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by drjan (11-08-2022 13:06:59) Run:2
Running from C:\Users\drjan\OneDrive\Plocha
Loaded Profiles: drjan
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {079EB0FA-F5FB-4D65-83EF-706497C79233} - System32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
Task: {322BB54A-E43F-4DEA-8643-E814550B4AD0} - System32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-08-02] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1}
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{079EB0FA-F5FB-4D65-83EF-706497C79233}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{079EB0FA-F5FB-4D65-83EF-706497C79233}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{322BB54A-E43F-4DEA-8643-E814550B4AD0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322BB54A-E43F-4DEA-8643-E814550B4AD0}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7}" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{6416D6BA-ECA7-4B31-ABA1-4A8FF04CA0A7}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{70C10BAB-4774-4ADF-B1FD-72805C7FD7F1}" => not found
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 116642370 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 484691 B
Edge => 0 B
Chrome => 497521921 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27418 B
NetworkService => 29340 B
drjan => 301234703 B

RecycleBin => 55174 B
EmptyTemp: => 874.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:09:06 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware

Příspěvekod jaro3 » 11 srp 2022 17:48

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Brabenecsiafu
nováček
Příspěvky: 28
Registrován: červenec 22
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - napadeno Ransomware

Příspěvekod Brabenecsiafu » 12 srp 2022 16:58

Tak asi ok.

Děkuji za čas a rady.

# DelFix v1.013 - Logfile created 12/08/2022 at 16:44:22
# Updated 17/04/2016 by Xplode
# Username : drjan - DESKTOP-17RTQ1L
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\drjan\OneDrive\Plocha\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2022-07-28-160416.log
Deleted : C:\zoek-results2022-07-29-134659.log
Deleted : C:\Users\drjan\OneDrive\Plocha\Addition.txt
Deleted : C:\Users\drjan\OneDrive\Plocha\Fixlog.txt
Deleted : C:\Users\drjan\OneDrive\Plocha\FRST.txt
Deleted : C:\Users\drjan\OneDrive\Plocha\FRST64.exe
Deleted : C:\Users\drjan\OneDrive\Plocha\JRT.txt
Deleted : C:\Users\drjan\OneDrive\Plocha\RogueKiller_setup.exe
Deleted : C:\Users\drjan\OneDrive\Plocha\zoek (1).exe

~ Cleaning system restore ...

Deleted : RP #9 [Naplánovaný kontrolní bod | 08/07/2022 07:16:10]
Deleted : RP #10 [Instalační služba modulů systému Windows | 08/09/2022 17:59:58]
Deleted : RP #11 [Instalační služba modulů systému Windows | 08/11/2022 10:43:46]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů