Napadený email, prosím o kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 23 bře 2023 17:15

Zdravím. Moc prosím o kontrolu. Nabourali se mi do emailu na seznam.cz a ukradli socialní sítě. Po týdnu se nabourali manželce do gmailu, což asi náhoda nebude. Systém jsem přeinstaloval, nicméně mám k PC připojeny další 3 disky, kde vir může být. Prosím tedy o kontrolu. Mockrát díky

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.22621.525 (ReleaseId: 2009), Service Pack: 0
Time: 23.03.2023 - 17:12 (UTC+01:00)
Language: OS: Czech (0x405). Display: Czech (0x405). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: urban (group: Administrator) on LACKOVOPÖSÖ, FirstRun: yes

Chrome: 111.0.5563.110
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\steamservice.exe
12 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.44\msedgewebview2.exe
8 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
26 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
1 C:\Program Files\WindowsApps\MicrosoftTeams_23047.400.1873.7204_x64__8wekyb3d8bbwe\msteams.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.5900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.5900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
1 C:\Users\urban\AppData\Local\FluxSoftware\Flux\flux.exe
1 C:\Users\urban\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0376355.inf_amd64_dfcd6eafe67ad90c\B375758\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0376355.inf_amd64_dfcd6eafe67ad90c\B375758\atiesrxx.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\Sgrm\SgrmBroker.exe
1 C:\Windows\System32\Taskmgr.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
72 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.51\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.51\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_71ACF99E3915FFAEC8629BFDDF63CDF0] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\Run: [f.lux] = C:\Users\urban\AppData\Local\FluxSoftware\Flux\flux.exe /noshow
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\urban\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2023/03/21)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O10 - Unknown file in Winsock LSP: C:\Windows\system32\nlansp_c.dll
O17 - DHCP DNS 1: 62.129.50.20
O17 - DHCP DNS 2: 85.135.32.100
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (Microsoft)
O22 - Task: AMHelper - C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /UPDATE
O22 - Task: GoogleUpdateTaskMachineCore{C3CF0321-A0D1-4579-BCD6-AC4ED0F3DD8C} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA{12CBB96D-839C-40CE-824C-0E89B739E489} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Reporting Task-S-1-5-21-787714756-762683333-2715394478-1001 - C:\Users\urban\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Restore - {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} - C:\Windows\system32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DiskCleanup\SilentCleanup - C:\Windows\system32\cleanmgr.exe /autocleanstoragesense /d C: (Microsoft)
O22 - Task: \Microsoft\Windows\Kernel\La57Cleanup - C:\Windows\system32\la57setup.exe (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\Windows\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrintJobCleanupTask - {8ABCE260-32B6-476C-AE13-B34D0C91292D} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\RetailDemo\CleanupOfflineContent - {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} - C:\Windows\System32\RDXTaskFactory.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask - {8702A841-D5CA-47C3-812D-9CEDC304C200} - C:\Windows\system32\IntelligentPwdlessTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\Windows\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Start Oobe Expedite Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScanAfterUpdate - C:\Windows\system32\usoclient.exe StartOobeAppsScanAfterUpdate (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\Windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\Windows\system32\usoclient.exe HandleUusFailoverSignal (Microsoft)
O22 - Task: \Microsoft\Windows\WlanSvc\MoProfileManagement - {085EDA12-CF4A-4944-8222-8ADCADE137CB} - C:\Windows\System32\WlanMediaManager.dll (Microsoft)
O22 - Task: \Microsoft\Windows\capabilityaccessmanager\maintenancetasks - C:\Windows\system32\rundll32.exe C:\Windows\system32\CapabilityAccessManager.dll,CapabilityAccessManagerDoStoreMaintenance (Microsoft)
O23 - Service R2: AMD Crash Defender Service - C:\Windows\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0376355.inf_amd64_dfcd6eafe67ad90c\B375758\atiesrxx.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: SpyHunter 5 Kernel - (EsgShKernel) - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service R2: SpyHunter 5 Kernel Monitor - (ShMonitor) - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service R2: Thrustmaster® Device Driver Installer - (tmInstall) - C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S2: Služba Aktualizace Google (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\111.0.5563.110\elevation_service.exe
O23 - Service S3: Služba Aktualizace Google (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 8,6 sec. - 22664 bytes, CRC32: FFFFFFFF. Sign: ƫꓬ

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod jaro3 » 23 bře 2023 21:04

SpyHunter odinstaluj , jaký máš antivir?

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome ,Edge , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
https://www.bleepingcomputer.com/download/tfc/

Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako) C:\AdwCleaner\Logs, jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 24 bře 2023 18:05

Adw Cleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-24-2023
# Duration: 00:00:03
# OS: Windows 11 (Build 22621.1413)
# Scanned: 32100
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1419 octets] - [22/03/2023 20:34:03]
AdwCleaner[C00].txt - [1609 octets] - [22/03/2023 20:34:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 24 bře 2023 18:06

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 24.03.23
Čas skenování: 18:01
Logovací soubor: 8f81f73c-ca65-11ed-90ba-00d86116bb97.json

-Informace o softwaru-
Verze: 4.5.25.256
Verze komponentů: 1.0.1957
Aktualizovat verzi balíku komponent: 1.0.67087
Licence: Zkušební

-Systémová informace-
OS: Windows 11 (Build 22621.1413)
CPU: x64
Systém souborů: NTFS
Uživatel: LackovoPísí\urban

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 255697
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 32 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 24 bře 2023 18:07

Antivir jsem doposud používal vestavěný Denender ve Win 11. Ale rád si nechám poradit a budu používat jiný.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod jaro3 » 24 bře 2023 19:48

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
https://www.majorgeeks.com/mg/getmirror ... ool,1.html
https://www.majorgeeks.com/mg/get/sopho ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- - klikni na „Scan“. V novém okně nic neměň a klikni dole na „Start“ ve sloupci „Quick Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Results “ , v dalším okně pak levým t. na „Export“ a vyber : „Text File“ , log nazvi třeb RK a ulož do dokumentů nebo na plochu. Otevři soubor a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků


Stáhni si CrystalDiskInfo
https://www.stahuj.cz/utility_a_ostatni ... ldiskinfo/
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 26 bře 2023 12:15

JRT :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by urban (Administrator) on 26.03.2023 at 11:18:41,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2023 at 11:19:50,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 26 bře 2023 12:21

Roguekiller:

Program : RogueKiller Anti-Malware
Version : 15.8.2.0
x64 : Yes
Program Date : Mar 21 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22621) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : urban
User is Admin : Yes
Date : 2023/03/26 10:04:24
Type : Scan
Aborted : No
Scan Mode : Quick
Duration : 6
Found items : 0
Total scanned : 904
Signatures Version : 20230320_084621
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize

************************* Warnings *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : N/A


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 26 bře 2023 12:22

CrystalDiskInfo:

----------------------------------------------------------------------------
CrystalDiskInfo 8.17.14 (C) 2008-2022 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 11 Professional [10.0 Build 22621] (x64)
Date : 2023/03/26 12:21:53

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- WDC WD20EZBX-00AYRA0
- WDC WDS240G1G0A-00SS50
- WDC WD20EZBX-00AYRA0
- Standardní řadič SATA AHCI [ATA]
- Řadič prostorů úložišť [SCSI]
+ Řadič Standard NVM Express [SCSI]
- Samsung SSD 980 500GB

-- Disk List ---------------------------------------------------------------
(01) WDC WD20EZBX-00AYRA0 : 2000,3 GB [0/0/0, pd1]
(02) WDC WDS240G1G0A-00SS50 : 240,0 GB [1/0/0, pd1] - wd
(03) WDC WD20EZBX-00AYRA0 : 2000,3 GB [2/0/0, pd1]
(04) Samsung SSD 980 500GB : 500,1 GB [3/2/0, sq] - nv

----------------------------------------------------------------------------
(01) WDC WD20EZBX-00AYRA0
----------------------------------------------------------------------------
Model : WDC WD20EZBX-00AYRA0
Firmware : 01.01A01
Serial Number : WD-WXT2AC0N1F1H
Disk Size : 2000,3 GB (8,4/137,4/2000,3/2000,3)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 5
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 2994 hodin
Power On Count : 1164 krát
Temperature : 26 C (78 F)
Health Status : Dobrý
Features : S.M.A.R.T., NCQ, TRIM, GPL
APM Level : ----
AAM Level : ----
Drive Letter : D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 150 149 _21 000000000D93 Čas na roztočení ploten
04 _98 _98 __0 0000000009A5 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _96 _96 __0 000000000BB2 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 00000000048C Počet cyklů zapnutí zařízení
C0 200 200 __0 000000000088 Počet vypnutí disku
C1 198 198 __0 000000001A9F Počet cyklů načítání/vymazání
C2 117 108 __0 00000000001A Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 5432 4143 304E 3146 3148
020: 0000 0000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3230 455A 4258 2D30 3041 5952 4130 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0006 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D08
070: 0000 0000 0000 0000 0000 001F 970E 0006 004C 0040
080: 07FE 006D 706B 7461 4123 7069 B441 4123 407F 0062
090: 0062 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 88B0 E8E0 0000 0000 0000 000A 6003 0000 5001 4EE2
110: BE70 A33B 0000 0000 0000 0000 0000 0000 0000 411C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 2020 2020 2020
140: 2020 0000 0004 8160 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 88B0 E8E0 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 4BA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 96 95 93 0D 00 00 00 00 00 04 32 00 62 62 A5
020: 09 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 60 60 B2 0B 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 8C 04 00 00 00 00 00 C0 32
070: 00 C8 C8 88 00 00 00 00 00 00 C1 32 00 C6 C6 9F
080: 1A 00 00 00 00 00 C2 22 00 75 6C 1A 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 D0 7A 01 7B
170: 03 00 01 00 02 73 02 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 D0 7A 01 7B
170: 03 00 01 00 02 73 02 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59

----------------------------------------------------------------------------
(02) WDC WDS240G1G0A-00SS50
----------------------------------------------------------------------------
Model : WDC WDS240G1G0A-00SS50
Firmware : Z3311000
Serial Number : 172100440212
Disk Size : 240,0 GB (8,4/137,4/240,0/240,0)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 468862128
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-2 Revision 3
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 10865 hodin
Power On Count : 4249 krát
Host Reads : 67850 GB
Host Writes : 17109 GB
NAND Writes : 16474 GB
Temperature : 30 C (86 F)
Health Status : Dobrý (97 %)
Features : S.M.A.R.T., APM, NCQ, TRIM, DevSleep, GPL
APM Level : 0080h [ON]
AAM Level : ----
Drive Letter : E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
05 100 100 __0 000000000000 Reassigned Block Count
09 __0 100 __0 000000002A71 Power On Hours
0C 100 100 __0 000000001099 Power Cycle Count
A5 100 100 __0 08A20B0C0AC3 Block Erase Count (SLC)
A6 100 100 __0 000000000022 Minimum P/E Cycles
A7 100 100 __0 000000000000 Maximum Bad Blocks per die
A8 100 100 __0 00000000005C Maximum P/E Cycles
A9 100 100 __0 000000000000 Total Bad Block
AA 100 100 __0 000000000000 Grown Bad Blocks
AB 100 100 __0 000000000000 Program Fail Count
AC 100 100 __0 000000000000 Erase Fail Count
AD 100 100 __0 000000000045 Average P/E Cycles
AE 100 100 __0 00000000018E Unexpected Power Loss Count
BB 100 100 __0 000000000000 Reported Uncorrectable Errors
BC 100 100 __0 000000000000 Command Timeout Count
C2 _70 _35 __0 00410000001E Temperature
C7 100 100 __0 000000000004 CRC Error Count
E6 100 100 __0 039603E103E1 Media Wearout Indicator
E8 100 100 __4 000000000064 Available Reserve Space
E9 100 100 __0 00000000405A NAND GB Written
EA 100 100 __0 0000000064B1 NAND GB Written (SLC)
F1 253 253 __0 0000000042D5 Total GB Written
F2 253 253 __0 00000001090A Total GB Read
F4 __0 100 __0 000000000000 Temperature Throttle Status

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0000 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3137 3231 3030 3434 3032 3132 2020 2020 2020 2020
020: 0000 0000 0000 5A33 3331 3130 3030 5744 4320 5744
030: 5332 3430 4731 4730 412D 3030 5353 3530 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 9101
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D20
070: 0000 0000 0000 0000 0000 001F 850E 0086 014C 0040
080: 03F0 0110 346B 7D09 4163 3469 BC09 4163 407F 0001
090: 0001 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 44B0 1BF2 0000 0000 0000 0008 4000 0000 5001 B444
110: A942 57C7 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0001
170: 0000 0000 0000 0000 0000 0000 2020 2020 2020 2020
180: 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020
190: 2020 2020 2020 2020 2020 2020 2020 2020 2020 2020
200: 2020 2020 2020 2020 2020 2020 0000 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 10FF 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0020 0020 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 13A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 05 32 00 64 64 00 00 00 00 00 00 00 09 32
010: 00 00 64 71 2A 00 00 00 00 00 0C 32 00 64 64 99
020: 10 00 00 00 00 00 A5 32 00 64 64 C3 0A 0C 0B A2
030: 08 00 A6 32 00 64 64 22 00 00 00 00 00 00 A7 32
040: 00 64 64 00 00 00 00 00 00 00 A8 32 00 64 64 5C
050: 00 00 00 00 00 00 A9 32 00 64 64 00 00 00 00 00
060: 00 00 AA 32 00 64 64 00 00 00 00 00 00 00 AB 32
070: 00 64 64 00 00 00 00 00 00 00 AC 32 00 64 64 00
080: 00 00 00 00 00 00 AD 32 00 64 64 45 00 00 00 00
090: 00 00 AE 32 00 64 64 8E 01 00 00 00 00 00 BB 32
0A0: 00 64 64 00 00 00 00 00 00 00 BC 32 00 64 64 00
0B0: 00 00 00 00 00 00 C2 22 00 46 23 1E 00 00 00 41
0C0: 00 00 C7 32 00 64 64 04 00 00 00 00 00 00 E6 32
0D0: 00 64 64 E1 03 E1 03 96 03 00 E8 33 00 64 64 64
0E0: 00 00 00 00 00 00 E9 32 00 64 64 5A 40 00 00 00
0F0: 00 00 EA 32 00 64 64 B1 64 00 00 00 00 00 F1 30
100: 00 FD FD D5 42 00 00 00 00 00 F2 30 00 FD FD 0A
110: 09 01 00 00 00 00 F4 32 00 00 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 11
170: 03 00 01 00 02 0A 00 00 00 00 00 00 00 00 00 00
180: 00 00 86 57 01 00 5C 4E 06 00 04 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 80 70 D5 11 00 00 00 00 B8 6A 01 3C 00 00 00 00
1D0: 55 00 00 00 B1 23 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 05 00 00 00 00 00 00 00 00 00 00 00 09 00
010: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
020: 00 00 00 00 00 00 A5 00 00 00 00 00 00 00 00 00
030: 00 00 A6 00 00 00 00 00 00 00 00 00 00 00 A7 00
040: 00 00 00 00 00 00 00 00 00 00 A8 00 00 00 00 00
050: 00 00 00 00 00 00 A9 00 00 00 00 00 00 00 00 00
060: 00 00 AA 00 00 00 00 00 00 00 00 00 00 00 AB 00
070: 00 00 00 00 00 00 00 00 00 00 AC 00 00 00 00 00
080: 00 00 00 00 00 00 AD 00 00 00 00 00 00 00 00 00
090: 00 00 AE 00 00 00 00 00 00 00 00 00 00 00 BB 00
0A0: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
0B0: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 E6 00
0D0: 00 00 00 00 00 00 00 00 00 00 E8 04 00 00 00 00
0E0: 00 00 00 00 00 00 E9 00 00 00 00 00 00 00 00 00
0F0: 00 00 EA 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 F4 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CA

----------------------------------------------------------------------------
(03) WDC WD20EZBX-00AYRA0
----------------------------------------------------------------------------
Model : WDC WD20EZBX-00AYRA0
Firmware : 01.01A01
Serial Number : WD-WXG2A71P9XST
Disk Size : 2000,3 GB (8,4/137,4/2000,3/2000,3)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 3907029168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 5
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 977 hodin
Power On Count : 476 krát
Temperature : 26 C (78 F)
Health Status : Dobrý
Features : S.M.A.R.T., NCQ, TRIM, GPL
APM Level : ----
AAM Level : ----
Drive Letter : F:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 148 147 _21 000000000DFF Čas na roztočení ploten
04 _99 _99 __0 000000000410 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _99 _99 __0 0000000003D1 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 0000000001DC Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000003D Počet vypnutí disku
C1 200 200 __0 000000000B32 Počet cyklů načítání/vymazání
C2 117 107 __0 00000000001A Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4732 4137 3150 3958 5354
020: 0000 0000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3230 455A 4258 2D30 3041 5952 4130 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0006 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D08
070: 0000 0000 0000 0000 0000 001F 970E 0006 004C 0040
080: 07FE 006D 706B 7461 4123 7069 B441 4123 407F 0063
090: 0063 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 88B0 E8E0 0000 0000 0000 000A 6003 0000 5001 4EE2
110: 1495 BB14 0000 0000 0000 0000 0000 0000 0000 411C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 2020 2020 2020
140: 2020 0000 0004 8160 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 88B0 E8E0 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 ABA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 94 93 FF 0D 00 00 00 00 00 04 32 00 63 63 10
020: 04 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 63 63 D1 03 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 64 64 DC 01 00 00 00 00 00 C0 32
070: 00 C8 C8 3D 00 00 00 00 00 00 C1 32 00 C8 C8 32
080: 0B 00 00 00 00 00 C2 22 00 75 6B 1A 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 50 64 01 7B
170: 03 00 01 00 02 58 01 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 50 64 01 7B
170: 03 00 01 00 02 58 01 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0B

----------------------------------------------------------------------------
(04) Samsung SSD 980 500GB
----------------------------------------------------------------------------
Model : Samsung SSD 980 500GB
Firmware : 2B4QFXO7
Serial Number : S64DNL0T960310M
Disk Size : 500,1 GB
Interface : NVM Express
Standard : NVM Express 1.4
Transfer Mode : PCIe 3.0 x4 | PCIe 3.0 x4
Power On Hours : 8 hodin
Power On Count : 12 krát
Host Reads : 723 GB
Host Writes : 603 GB
Temperature : 29 C (84 F)
Health Status : Dobrý (100 %)
Features : S.M.A.R.T., TRIM, VolatileWriteCache
Drive Letter : C: X:

-- S.M.A.R.T. --------------------------------------------------------------
ID RawValues(6) Attribute Name
01 000000000000 Kritické varování
02 00000000012E Složená teplota
03 000000000064 Rezerva k dispozici
04 00000000000A Dostupná náhradní prahová hodnota
05 000000000000 Použité procento
06 0000001728D5 Čtení datových jednotek
07 000000135192 Zapsané datové jednotky
08 000000BC1ED8 Příkazy pro hostitelské čtení
09 000000BAF48F Příkazy pro zápis hostitele
0A 000000000015 Čas obsazení řadiče
0B 00000000000C Napájecí cykly
0C 000000000008 Hodiny napájení
0D 000000000000 Nebezpečné vypnutí
0E 000000000000 Chyby v médiích a integritě dat
0F 000000000000 Počet položek protokolu chybových informací

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 144D 144D 3653 4434 4C4E 5430 3639 3330 3031 204D
010: 2020 2020 6153 736D 6E75 2067 5353 2044 3839 2030
020: 3035 4730 2042 2020 2020 2020 2020 2020 2020 2020
030: 2020 2020 4232 5134 5846 374F 3802 0025 0900 0005
040: 0400 0001 A120 0007 1200 007A 0200 0000 0010 0000
050: 0000 0000 0000 0000 0000 0100 0000 0000 0000 0000
060: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
090: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
100: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0017 0307
130: 0F16 043F 0101 0163 0166 0000 4000 0000 1000 0000
140: 6000 70C0 0074 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0023 0400
160: 0000 0001 013E 0165 0003 6000 0010 0000 0400 0000
170: 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0000

-- SMART_NVME --------------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 00 2E 01 64 0A 00 00 00 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
020: D5 28 17 00 00 00 00 00 00 00 00 00 00 00 00 00
030: 92 51 13 00 00 00 00 00 00 00 00 00 00 00 00 00
040: D8 1E BC 00 00 00 00 00 00 00 00 00 00 00 00 00
050: 8F F4 BA 00 00 00 00 00 00 00 00 00 00 00 00 00
060: 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
070: 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
080: 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 2E 01 39 01 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

maxik900
nováček
Příspěvky: 13
Registrován: prosinec 09
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod maxik900 » 26 bře 2023 12:23

Sophos byl čistý

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Napadený email, prosím o kontrolu

Příspěvekod jaro3 » 27 bře 2023 17:13

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni zoek:
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe

(posuvník dolu na download)
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Seznam[Bot] a 14 hostů