Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Keylogger

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Keylogger

#1 Příspěvek od michal88 »

Ahoj, bylo by prosím možné pomoci mi zjistit , jestli nemám v PC keyloggera?

stalo se mi , že mi bylo vyhrožováno zprávami , ke kterým se nikdo neměl jak dostat , nikoho k pc nepouštím.

zkoušel jsem soubor Hijackthis a vyjelo mi toto :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:38, on 17.09.19
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
\Mac\Home\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O8 - Extra context menu item: Sdílet - about:blank
O8 - Extra context menu item: Volat na toto číslo - about:blank
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sluzba Parallels Coherence (Parallels Coherence Service) - Parallels Holdings, Ltd. and its affiliates. - C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
O23 - Service: Parallels Tools Service - Parallels Holdings, Ltd. and its affiliates. - C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7324 bytes

děkuji za odpověd!
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Keylogger

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . HijackThis je už dávno za zenitem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#3 Příspěvek od michal88 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2019
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe
(Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\WoW\coherence.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [556136 2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [403048 2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.211.55.1
Tcpip\..\Interfaces\{376DC7FF-938F-4E4B-9DE2-3624A8A26BDA}: [DhcpNameServer] 10.211.55.1

Internet Explorer:
==================
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{7796F29F-3A69-4DC7-9005-A22B773F41CE} [9728 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{7796F29F-3A69-4DC7-9005-A22B773F41CE} [9728 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 prl_uprof; C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll [118472 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; system32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 amdxata; system32\drivers\amdxata.sys [27008 2010-11-21] (Microsoft Windows -> Advanced Micro Devices)
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 atapi; system32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Microsoft Windows -> Broadcom Corporation)
R1 blbdrive; system32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 bowser; system32\DRIVERS\bowser.sys [90624 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S4 cdfs; system32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 cdrom; system32\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 CLFS; System32\CLFS.sys [367696 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 CmBatt; system32\DRIVERS\CmBatt.sys [17664 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 CNG; System32\Drivers\cng.sys [459248 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 Compbatt; system32\DRIVERS\compbatt.sys [21584 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 CompositeBus; system32\DRIVERS\CompositeBus.sys [38912 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 CSC; system32\drivers\csc.sys [514560 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 ctxusbm; system32\DRIVERS\ctxusbm.sys [189832 2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R1 DfsC; System32\Drivers\dfsc.sys [102400 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 discache; System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 Disk; system32\drivers\disk.sys [73280 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 drmkaud; system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 E1G60; system32\DRIVERS\E1G6032E.sys [145792 2009-06-10] (Microsoft Windows -> Intel Corporation)
R3 fdc; system32\DRIVERS\fdc.sys [29696 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 FileInfo; system32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 Filetrace; system32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 flpydisk; system32\DRIVERS\flpydisk.sys [24576 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 FltMgr; system32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 FsDepends; System32\drivers\FsDepends.sys [55376 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 fvevol; System32\DRIVERS\fvevol.sys [223248 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 HidUsb; system32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 HTTP; system32\drivers\HTTP.sys [753664 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 hwpolicy; System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 i8042prt; system32\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 intelide; system32\drivers\intelide.sys [16960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 intelppm; system32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 IPNAT; System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 IRENUM; system32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 kbdclass; system32\DRIVERS\kbdclass.sys [50768 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 KSecDD; System32\Drivers\ksecdd.sys [95616 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 KSecPkg; System32\Drivers\ksecpkg.sys [152960 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 lltdio; system32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 Modem; system32\drivers\modem.sys [40448 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 monitor; system32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 mouclass; system32\DRIVERS\mouclass.sys [49216 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 mouhid; system32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 mountmgr; System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 mpsdrv; System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb; system32\DRIVERS\mrxsmb.sys [158208 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [287744 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [128000 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 msahci; system32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 msisadrv; system32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 MSKSSRV; system32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 MSPQM; system32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 mssmbios; system32\DRIVERS\mssmbios.sys [32320 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 MSTEE; system32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 Mup; System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 NDIS; system32\drivers\ndis.sys [951680 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 NdisCap; system32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 NdisTapi; system32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 Ndisuio; system32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 NdisWan; system32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 NetBIOS; system32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 NetBT; System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 nsiproxy; system32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 partmgr; System32\drivers\partmgr.sys [75136 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 pci; system32\drivers\pci.sys [184704 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 pcw; System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 PEAUTH; system32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 PptpMiniport; system32\DRIVERS\raspptp.sys [111104 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 prl_boot; System32\Drivers\prl_boot.sys [49352 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R3 prl_dd; system32\DRIVERS\prl_kmdd.sys [158920 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R1 prl_fs; system32\DRIVERS\prl_fs.sys [199368 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R3 prl_memdev; system32\DRIVERS\prl_memdev.sys [21704 2016-07-15] (Parallels International GmbH -> )
R3 prl_mouf; system32\DRIVERS\prl_mouf.sys [22216 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R0 prl_pv64; system32\DRIVERS\prl_pv64.sys [120520 2019-07-29] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R3 prl_sound; system32\DRIVERS\prl_sound.sys [56008 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R0 prl_strg; system32\DRIVERS\prl_strg.sys [43208 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R0 prl_tg; system32\DRIVERS\prl_tg.sys [28872 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R1 prl_time; system32\DRIVERS\prl_time.sys [19144 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R1 Psched; system32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 RasAcd; System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 RasAgileVpn; system32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 RasPppoe; system32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 RasSstp; system32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 rdbss; system32\DRIVERS\rdbss.sys [309248 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 rdpbus; system32\DRIVERS\rdpbus.sys [24064 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 RDPCDD; System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 RDPDR; System32\drivers\rdpdr.sys [165888 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 RDPENCDD; system32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 RDPREFMP; system32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 RdpVideoMiniport; System32\drivers\rdpvideominiport.sys [20992 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 rdyboost; System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R2 rspndr; system32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 scfilter; System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 Smb; system32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 srv; System32\DRIVERS\srv.sys [468992 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 srv2; System32\DRIVERS\srv2.sys [413184 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 srvnet; System32\DRIVERS\srvnet.sys [167936 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 storflt; system32\drivers\vmstorfl.sys [46464 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 swenum; system32\DRIVERS\swenum.sys [12496 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [88960 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 Tcpip; System32\drivers\tcpip.sys [1903552 2019-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 TCPIP6; system32\DRIVERS\tcpip.sys [1903552 2019-07-30] (Microsoft Windows -> Microsoft Corporation)
R2 tcpipreg; System32\drivers\tcpipreg.sys [45056 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 TDPIPE; system32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 TDTCP; system32\drivers\tdtcp.sys [23552 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 tdx; system32\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 TermDD; system32\DRIVERS\termdd.sys [63360 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [59392 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 tsusbhub; system32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 tunnel; system32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R4 udfs; system32\DRIVERS\udfs.sys [328192 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 umbus; system32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 usbccgp; system32\DRIVERS\usbccgp.sys [98816 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 usbehci; system32\DRIVERS\usbehci.sys [52224 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 usbhub; system32\DRIVERS\usbhub.sys [343040 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 usbprint; system32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 usbuhci; system32\DRIVERS\usbuhci.sys [30720 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 usbvideo; System32\Drivers\usbvideo.sys [184960 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 vdrvroot; system32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 vga; system32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R0 volmgr; system32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 volmgrx; System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 volsnap; system32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WANARP; system32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R1 Wanarpv6; system32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R0 Wdf01000; system32\drivers\Wdf01000.sys [654928 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 WfpLwf; system32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; system32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 WudfPf; system32\drivers\WudfPf.sys [112128 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFRd; system32\DRIVERS\WUDFRd.sys [172544 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: prl_uprof -> C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll (Parallels Holdings, Ltd. and its affiliates.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 16:05 - 2019-09-17 16:05 - 000000000 ____D C:\FRST

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 16:00 - 2019-08-09 10:26 - 000000000 ____D C:\Users\michaldobysar\AppData\Local\Citrix
2019-09-17 15:57 - 2009-07-14 06:45 - 000017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-17 15:57 - 2009-07-14 06:45 - 000017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-17 15:55 - 2019-08-09 10:27 - 000000000 ____D C:\Users\michaldobysar\AppData\Roaming\ICAClient
2019-09-17 10:30 - 2019-07-29 13:15 - 000000000 ____D C:\Users\michaldobysar\AppData\Local\VirtualStore
2019-09-13 15:44 - 2011-04-12 10:34 - 000622660 _____ C:\Windows\system32\perfh005.dat
2019-09-13 15:44 - 2011-04-12 10:34 - 000118810 _____ C:\Windows\system32\perfc005.dat
2019-09-13 15:44 - 2009-07-14 07:13 - 001445734 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-13 15:44 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories ================

2019-07-29 14:17 - 2019-09-17 16:04 - 000008147 _____ () C:\Users\michaldobysar\AppData\Local\parallels.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-27 14:48
==================== End of FRST.txt ============================
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#4 Příspěvek od michal88 »

a addition :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by michaldobysar (17-09-2019 16:08:33)
Running from \\Mac\Home\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2019-07-29 11:14:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3024977625-112752252-4095136754-500 - Administrator - Disabled)
Guest (S-1-5-21-3024977625-112752252-4095136754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3024977625-112752252-4095136754-1002 - Limited - Enabled)
michaldobysar (S-1-5-21-3024977625-112752252-4095136754-1000 - Administrator - Enabled) => C:\Users\michaldobysar

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Citrix Receiver 4.9 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.9.0.2539 - Citrix Systems, Inc.)
Online Plug-in (HKLM-x32\...\{5C38E4A7-9778-4C51-8021-61759600D96A}) (Version: 14.9.0.2539 - Citrix Systems, Inc.) Hidden
Parallels Tools (HKLM\...\{98B9E832-A348-46D1-9A02-6591446D97D9}) (Version: 11.2.1.32626 - Parallels Software International Inc)
Self-service Plug-in (HKLM-x32\...\{C7E328BE-E4FF-4D07-B848-1179C42C8AD4}) (Version: 4.9.0.2528 - Citrix Systems, Inc.) Hidden
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers1: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============
Nahoru
Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Keylogger

#5 Příspěvek od Conder »

Pardon za jednorazovy vstup :)

michal88: Tie logy nie su kompletne. Urob sken este raz a posli nove logy.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Keylogger

#6 Příspěvek od Rudy »

To je pravda. Logy musíte dát kompletní.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#7 Příspěvek od michal88 »

mám MAC, zbytek mi víceméně pouze píše něco o Parallels tak jsem to umazal , i tak to mám sem dát prosím? :)
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#8 Příspěvek od michal88 »

FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-08-02] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{7796F29F-3A69-4DC7-9005-A22B773F41CE} [9728 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{7796F29F-3A69-4DC7-9005-A22B773F41CE} [9728 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 prl_uprof; C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll [118472 2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [21704 2016-07-15] (Parallels International GmbH -> )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: prl_uprof -> C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll (Parallels Holdings, Ltd. and its affiliates.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 16:05 - 2019-09-18 10:05 - 000000000 ____D C:\FRST

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-18 09:37 - 2009-07-14 06:45 - 000017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-18 09:37 - 2009-07-14 06:45 - 000017264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-18 09:36 - 2011-04-12 10:34 - 000622660 _____ C:\Windows\system32\perfh005.dat
2019-09-18 09:36 - 2011-04-12 10:34 - 000118810 _____ C:\Windows\system32\perfc005.dat
2019-09-18 09:36 - 2009-07-14 07:13 - 001445734 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-18 09:36 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-09-18 09:33 - 2019-08-09 10:26 - 000000000 ____D C:\Users\michaldobysar\AppData\Local\Citrix
2019-09-18 09:31 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-18 09:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Registration
2019-09-17 15:55 - 2019-08-09 10:27 - 000000000 ____D C:\Users\michaldobysar\AppData\Roaming\ICAClient
2019-09-17 10:30 - 2019-07-29 13:15 - 000000000 ____D C:\Users\michaldobysar\AppData\Local\VirtualStore

==================== Files in the root of some directories ================

2019-07-29 14:17 - 2019-09-18 09:31 - 000009985 _____ () C:\Users\michaldobysar\AppData\Local\parallels.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-18 09:55
==================== End of FRST.txt ============================
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#9 Příspěvek od michal88 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by michaldobysar (18-09-2019 10:06:40)
Running from \\Mac\Home\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2019-07-29 11:14:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3024977625-112752252-4095136754-500 - Administrator - Disabled)
Guest (S-1-5-21-3024977625-112752252-4095136754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3024977625-112752252-4095136754-1002 - Limited - Enabled)
michaldobysar (S-1-5-21-3024977625-112752252-4095136754-1000 - Administrator - Enabled) => C:\Users\michaldobysar

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Citrix Receiver 4.9 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.9.0.2539 - Citrix Systems, Inc.)
Online Plug-in (HKLM-x32\...\{5C38E4A7-9778-4C51-8021-61759600D96A}) (Version: 14.9.0.2539 - Citrix Systems, Inc.) Hidden
Parallels Tools (HKLM\...\{98B9E832-A348-46D1-9A02-6591446D97D9}) (Version: 11.2.1.32626 - Parallels Software International Inc)
Self-service Plug-in (HKLM-x32\...\{C7E328BE-E4FF-4D07-B848-1179C42C8AD4}) (Version: 4.9.0.2528 - Citrix Systems, Inc.) Hidden
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers1: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2016-07-15] (Parallels International GmbH -> Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2016-11-10 05:48 - 2016-11-10 05:48 - 001129472 _____ () [File not signed] C:\Program Files (x86)\Citrix\ICA Client\avcodec-57.dll
2016-11-10 05:48 - 2016-11-10 05:48 - 000552448 _____ () [File not signed] C:\Program Files (x86)\Citrix\ICA Client\avutil-55.dll
2016-11-10 05:48 - 2016-11-10 05:48 - 000486400 _____ () [File not signed] C:\Program Files (x86)\Citrix\ICA Client\swscale-4.dll
2017-05-19 01:03 - 2017-05-19 01:03 - 000118784 _____ (Accusoft Corporation.) [File not signed] C:\Program Files (x86)\Citrix\ICA Client\picn20.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-07-29 13:15 - 000000888 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0 .psf
0.0.0.0 Mac
0.0.0.0 psf

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Parallels\Parallels Tools\Applications;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3024977625-112752252-4095136754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\michaldobysar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.211.55.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-07-2019 13:15:01 Installed Parallels Tools.
30-07-2019 09:17:13 Instalační služba modulů systému Windows
30-07-2019 09:27:30 Windows Update
09-08-2019 10:26:45 Nainstalováno rozhraní DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2019 09:33:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/30/2019 09:26:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/29/2019 02:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/29/2019 02:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/29/2019 01:15:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
.

Error: (07/29/2019 01:15:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
.

Error: (07/29/2019 01:15:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
.

Error: (07/29/2019 01:15:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
.


System errors:
=============
Error: (09/18/2019 09:31:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (9:30:43, ‎18.‎09.‎19) bylo neočekávané.

Error: (09/18/2019 09:23:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (09/17/2019 03:52:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (09/17/2019 10:30:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (09/13/2019 03:37:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (09/12/2019 08:45:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (09/09/2019 01:15:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.

Error: (08/27/2019 01:45:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024d00e): Windows Update Core.


==================== Memory info ===========================

BIOS: Parallels Software International Inc. 11.2.1 (32626) 07/15/2016
Motherboard: Parallels Software International Inc. Parallels Virtual Platform
Processor: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
Percentage of memory in use: 92%
Total physical RAM: 1023.54 MB
Available physical RAM: 79.7 MB
Total Virtual: 4127.54 MB
Available Virtual: 320.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.66 GB) (Free:113.71 GB) NTFS
Drive d: (GSP1RMCPRXFRER_CS_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF

\\?\Volume{14f6f4e3-b1fa-11e9-b4fc-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 128 GB) (Disk ID: 3145B9D8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Keylogger

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION

EmptyTemp:
Hists:
End
Uložte do \\Mac\Home\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Vzhledem k tomu, že máte Mac, nemohu zaručit správnou funkci utilit, které spoouštíme. Fórum viry.cz se specializuje na běžné pracovní stanice (x86 a x64). Měl jste to hlásit předem. I logy vypadají poněkud jinak, než jsme zvyklí.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#11 Příspěvek od michal88 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by michaldobysar (18-09-2019 10:41:24) Run:1
Running from \\Mac\Home\Downloads
Loaded Profiles: michaldobysar (Available Profiles: michaldobysar)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION

EmptyTemp:
Hists:
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
Hists: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17867731 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11015688 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
michaldobysar => 308911589 B

RecycleBin => 0 B
EmptyTemp: => 322.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:41:33 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Keylogger

#12 Příspěvek od Rudy »

PC vyčištěno, chcete-li hloubkový sken, spusťte AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#13 Příspěvek od michal88 »

Velice děkuji , znamená to tedy, že by tam žádný šmejdil být neměl ?(keylogger ani podobné hnusy?)AVP stáhnu!
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Keylogger

#14 Příspěvek od Rudy »

Nemáte zač. Keylogger, ani jiný šmejd jsem tam neviděl. Logy jsou ovšm nestandardní, proto vám doporučuji ten hlkoubkový sken.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
michal88
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 17 zář 2019 10:03

Re: Keylogger

#15 Příspěvek od michal88 »

Moc Vám děkuji Rudy , pomohl jste mi ! Hloubkový scan už běží
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“