VIRY.CZ

Dobrý den.. Potřeboval bych nutnou pomoc .. Používám program steam který mi nedávno ukradli a po 5dnech zase vrátili, ale dnes mi ho ukradli znovu .. Takže jsem usoudil že v počítači musím něco mít .. Začal mi blbnout i email a další veci .. Myslím si že mám v počítači Keyloggra .. Jak nato ?

Zdravím

Pro začátek vložte log z tohoto programu

http://forum.viry.cz/viewtopic.php?f=13&t=130786

info.txt logfile of random's system information tool 1.10 2014-08-01 16:14:49

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A8401840100008020210007BE122C0008000000F00A0000BE132C07FEFFFF00F80A0000E85E1800FEFFFF0FFEFFFF98E5691829F1D80C0000000000000000000000000000000055AA

======Uninstall list======

Ace of Spades-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/224540
Adobe Flash Player 14 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -maintain plugin
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ashampoo Burning Studio 2010-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2010\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
Battlelog Web Plugins-->C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
Borderlands 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/49520
CDBurnerXP-->MsiExec.exe /X{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files (x86)\Codec Pack - All In 1\irunin.ini"
Counter-Strike: Global Offensive-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730
Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
Cross Fire En-->"C:\Program Files (x86)\Z8Games\CrossFire\unins000.exe"
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DayZ-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221100
Driver Booster-->"C:\Program Files (x86)\IObit\Driver Booster\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Garry's Mod-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hi-Rez Studios Authenticate and Update Service-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=all
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java 7 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
K-Lite Mega Codec Pack 9.6.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
League of Legends-->msiexec.exe /x {6B84E528-9705-4D36-9C97-97B8E23DAB75}
League of Legends-->MsiExec.exe /X{6B84E528-9705-4D36-9C97-97B8E23DAB75}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {BDA0EB29-8B31-4BF4-8B05-04AA52340AC4} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{BDA0EB29-8B31-4BF4-8B05-04AA52340AC4}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Mozilla Firefox (3.5.2)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
Opera 11.61-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Opera Stable 23.0.1522.60-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
Overwolf-->"C:\Program Files (x86)\Overwolf\\\OWUninstaller.exe" /S
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\Program Files (x86)\Origin Games\Battlefield 3\pbsvc.exe -u
RIFT™-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/39120
Rust-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/252490
Skype™ 6.16-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
Smite-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=17
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
Terraria-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/105600
Unturned-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304930
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======System event log======

Computer Name: BOSS
Event Code: 219
Message: The driver \Driver\WudfRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_109&REV_PMAP#6CF049E0FBE2BBA0700000AD&0#.
Record Number: 143
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20120725172650.379185-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: BOSS
Event Code: 7000
Message: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Record Number: 140
Source Name: Service Control Manager
Time Written: 20120725172645.979943-000
Event Type: Error
User:

Computer Name: windows-uj49s6b
Event Code: 7023
Message: The Network List Service service terminated with the following error:
The device is not ready.
Record Number: 38
Source Name: Service Control Manager
Time Written: 20120725172350.693168-000
Event Type: Error
User:

Computer Name: windows-uj49s6b
Event Code: 7000
Message: The UAC File Virtualization service failed to start due to the following error:
This driver has been blocked from loading
Record Number: 33
Source Name: Service Control Manager
Time Written: 20120725172345.295512-000
Event Type: Error
User:

Computer Name: windows-uj49s6b
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 15
Source Name: volmgr
Time Written: 20120725172314.063991-000
Event Type: Error
User:

=====Application event log=====

Computer Name: BOSS
Event Code: 1014
Message: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
Record Number: 46
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120725172824.000000-000
Event Type: Error
User:

Computer Name: BOSS
Event Code: 8200
Message: License acquisition failure details.
hr=0x80072F8F
Record Number: 45
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120725172824.000000-000
Event Type: Error
User:

Computer Name: BOSS
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0x80072F8F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=TimerEvent
Record Number: 15
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120725172654.000000-000
Event Type: Error
User:

Computer Name: BOSS
Event Code: 1014
Message: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
Record Number: 13
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120725172653.000000-000
Event Type: Error
User:

Computer Name: BOSS
Event Code: 8200
Message: License acquisition failure details.
hr=0x80072F8F
Record Number: 12
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120725172653.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: windows-uj49s6b
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: WINDOWS-UJ49S6B$
Account Domain: WORKGROUP
Logon ID: 0x3E7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120725172335.264610-000
Event Type: Audit Success
User:

Computer Name: windows-uj49s6b
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: WINDOWS-UJ49S6B$
Account Domain: WORKGROUP
Logon ID: 0x3E7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120725172335.264610-000
Event Type: Audit Success
User:

Computer Name: windows-uj49s6b
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x39D96
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120725172335.093008-000
Event Type: Audit Success
User:

Computer Name: windows-uj49s6b
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

Impersonation Level: -

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120725172334.110198-000
Event Type: Audit Success
User:

Computer Name: windows-uj49s6b
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120725172334.110198-000
Event Type: Audit Success
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=21
"PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=1001
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1

-----------------EOF-----------------

Ještě je tam druhý log s názvem log.txt, poprosím i o něj

Až po logu proveďte

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[INFO] Version 1.0.7 (07. 17. 2014 19:48:32.172)
[INFO] Version 1.0.7 (07. 17. 2014 19:48:45.293)
[INFO] Startup Completed (07. 17. 2014 19:48:45.441)
[ERROR] Access is denied [Toolhelp32Snapshot] [U3lzdGVtLkV4Y2VwdGlvbjogQWNjZXNzIGlzIGRlbmllZCBbVG9vbGhlbHAzMlNuYXBzaG90XSAtLS0+IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbjogQWNjZXNzIGlzIGRlbmllZA0KICAgYXQgRWxvcGhhbnRDbGllbnQuVXRpbC5Qcm9jZXNzTWVtb3J5Li5jdG9yKEludDMyIGlkKQ0KICAgYXQgRWxvcGhhbnRDbGllbnQuVXRpbC5Qcm9jZXNzSW5qZWN0b3IuSW5qZWN0KCkNCiAgIGF0IEVsb3BoYW50Q2xpZW50LlV0aWwuUHJvY2Vzc0luamVjdG9yLkNoZWNrTG9vcCgpDQogICAtLS0gRW5kIG9mIGlubmVyIGV4Y2VwdGlvbiBzdGFjayB0cmFjZSAtLS0=] (07. 17. 2014 19:48:45.619)
[FATAL] Access is denied [U3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uICgweDgwMDA0MDA1KTogQWNjZXNzIGlzIGRlbmllZA0KICAgYXQgU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3NNYW5hZ2VyLk9wZW5Qcm9jZXNzKEludDMyIHByb2Nlc3NJZCwgSW50MzIgYWNjZXNzLCBCb29sZWFuIHRocm93SWZFeGl0ZWQpDQogICBhdCBTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2Vzcy5HZXRQcm9jZXNzSGFuZGxlKEludDMyIGFjY2VzcywgQm9vbGVhbiB0aHJvd0lmRXhpdGVkKQ0KICAgYXQgU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MuZ2V0X0hhc0V4aXRlZCgpDQogICBhdCBFbG9waGFudENsaWVudC5VdGlsLlByb2Nlc3NNb25pdG9yLkNoZWNrTG9vcCgpDQogICBhdCBTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZEhlbHBlci5UaHJlYWRTdGFydF9Db250ZXh0KE9iamVjdCBzdGF0ZSkNCiAgIGF0IFN5c3RlbS5UaHJlYWRpbmcuRXhlY3V0aW9uQ29udGV4dC5SdW5JbnRlcm5hbChFeGVjdXRpb25Db250ZXh0IGV4ZWN1dGlvbkNvbnRleHQsIENvbnRleHRDYWxsYmFjayBjYWxsYmFjaywgT2JqZWN0IHN0YXRlLCBCb29sZWFuIHByZXNlcnZlU3luY0N0eCkNCiAgIGF0IFN5c3RlbS5UaHJlYWRpbmcuRXhlY3V0aW9uQ29udGV4dC5SdW4oRXhlY3V0aW9uQ29udGV4dCBleGVjdXRpb25Db250ZXh0LCBDb250ZXh0Q2FsbGJhY2sgY2FsbGJhY2ssIE9iamVjdCBzdGF0ZSwgQm9vbGVhbiBwcmVzZXJ2ZVN5bmNDdHgpDQogICBhdCBTeXN0ZW0uVGhyZWFkaW5nLkV4ZWN1dGlvbkNvbnRleHQuUnVuKEV4ZWN1dGlvbkNvbnRleHQgZXhlY3V0aW9uQ29udGV4dCwgQ29udGV4dENhbGxiYWNrIGNhbGxiYWNrLCBPYmplY3Qgc3RhdGUpDQogICBhdCBTeXN0ZW0uVGhyZWFkaW5nLlRocmVhZEhlbHBlci5UaHJlYWRTdGFydCgp] (07. 17. 2014 19:48:46.121)
[FATAL] Access is denied [U3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uICgweDgwMDA0MDA1KTogQWNjZXNzIGlzIGRlbmllZA0KICAgYXQgU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3NNYW5hZ2VyLk9wZW5Qcm9jZXNzKEludDMyIHByb2Nlc3NJZCwgSW50MzIgYWNjZXNzLCBCb29sZWFuIHRocm93SWZFeGl0ZWQpDQogICBhdCBTeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2Vzcy5HZXRQcm9jZXNzSGFuZGxlKEludDMyIGFjY2VzcywgQm9vbGVhbiB0aHJvd0lmRXhpdGVkKQ0KICAgYXQgU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MuZ2V0X0hhc0V4aXRlZCgpDQogICBhdCBFbG9waGFudENsaWVudC5VdGlsLlByb2Nlc3NJbmplY3Rvci5DaGVja0xvb3AoKQ0KICAgYXQgU3lzdGVtLlRocmVhZGluZy5UaHJlYWRIZWxwZXIuVGhyZWFkU3RhcnRfQ29udGV4dChPYmplY3Qgc3RhdGUpDQogICBhdCBTeXN0ZW0uVGhyZWFkaW5nLkV4ZWN1dGlvbkNvbnRleHQuUnVuSW50ZXJuYWwoRXhlY3V0aW9uQ29udGV4dCBleGVjdXRpb25Db250ZXh0LCBDb250ZXh0Q2FsbGJhY2sgY2FsbGJhY2ssIE9iamVjdCBzdGF0ZSwgQm9vbGVhbiBwcmVzZXJ2ZVN5bmNDdHgpDQogICBhdCBTeXN0ZW0uVGhyZWFkaW5nLkV4ZWN1dGlvbkNvbnRleHQuUnVuKEV4ZWN1dGlvbkNvbnRleHQgZXhlY3V0aW9uQ29udGV4dCwgQ29udGV4dENhbGxiYWNrIGNhbGxiYWNrLCBPYmplY3Qgc3RhdGUsIEJvb2xlYW4gcHJlc2VydmVTeW5jQ3R4KQ0KICAgYXQgU3lzdGVtLlRocmVhZGluZy5FeGVjdXRpb25Db250ZXh0LlJ1bihFeGVjdXRpb25Db250ZXh0IGV4ZWN1dGlvbkNvbnRleHQsIENvbnRleHRDYWxsYmFjayBjYWxsYmFjaywgT2JqZWN0IHN0YXRlKQ0KICAgYXQgU3lzdGVtLlRocmVhZGluZy5UaHJlYWRIZWxwZXIuVGhyZWFkU3RhcnQoKQ==] (07. 17. 2014 19:48:46.121)
[INFO] Version 1.0.7 (07. 17. 2014 19:48:50.823)
[INFO] Startup Completed (07. 17. 2014 19:48:51.062)
[INFO] Client 127.0.0.1:53604 connected (07. 17. 2014 19:49:01.963)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Underground 2013 x64 x64
Ran by Pepa on so 02. 08. 2014 at 12:45:53,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DynamicPricer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 02. 08. 2014 at 12:55:16,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.302 - Report created 02/08/2014 at 13:46:33
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8 Underground 2013 x64 (64 bits)
# Username : Pepa - BOSS
# Running from : C:\Users\Pepa\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Surftastic
[#] Service Deleted : Util Surftastic

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\7u81c25g.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
File Deleted : C:\Windows\System32\drivers\wStLibG64.sys
File Deleted : C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384

-\\ Mozilla Firefox v3.5.2 (cs)

[ File : C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\7u81c25g.default\prefs.js ]

Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=402027&p={searchTerms}");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3704 octets] - [12/05/2014 07:12:53]
AdwCleaner[R1].txt - [2019 octets] - [02/08/2014 13:46:15]
AdwCleaner[S0].txt - [3598 octets] - [12/05/2014 07:13:24]
AdwCleaner[S1].txt - [1968 octets] - [02/08/2014 13:46:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2028 octets] ##########

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

To je vše ?

Jestli ano tak děkuji za pomoc ..

Ještě bych chtěla vidět log z combofixu

Tady je

ComboFix 14-08-02.02 - Pepa . 08. 2014 16:34:38.1.4 - x64
Microsoft Windows® 8 Underground™ 2013 x64 6.2.9200.0.1250.420.1033.18.7648.6490 [GMT 2:00]
Spuštěný z: c:\users\Pepa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20140624.txt
C:\install.exe
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-02 do 2014-08-02 )))))))))))))))))))))))))))))))
.
.
2014-08-02 14:40 . 2014-08-02 14:40 -------- d-----w- c:\users\Pepa\AppData\Local\temp
2014-08-02 14:40 . 2014-08-02 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-02 11:45 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-02 10:45 . 2014-08-02 10:45 -------- d-----w- c:\windows\ERUNT
2014-08-01 13:14 . 2014-08-01 13:14 -------- d-----w- C:\rsit
2014-08-01 13:14 . 2014-08-01 13:14 -------- d-----w- c:\program files (x86)\trend micro
2014-07-31 13:03 . 2014-07-31 13:03 -------- d-----w- c:\users\Pepa\AppData\Roaming\Apple Computer
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\users\Pepa\AppData\Local\Apple
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\programdata\Apple
2014-07-29 12:31 . 2014-07-29 12:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-21 15:08 . 2014-07-21 15:08 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-07-17 14:01 . 2014-07-17 14:01 -------- d-----w- c:\programdata\Riot Games
2014-07-13 12:31 . 2014-07-14 16:16 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2014-07-13 12:30 . 2014-07-13 12:30 -------- d-----w- C:\UpdateChromeLinksLogs
2014-07-13 12:29 . 2014-07-13 12:29 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-13 12:29 . 2014-07-13 12:29 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-07-13 12:23 . 2014-07-13 12:23 -------- d-----w- c:\users\Pepa\AppData\Local\Comodo
2014-07-13 12:19 . 2014-07-13 12:39 -------- d-----w- c:\program files (x86)\FreeTime
2014-07-13 10:47 . 2014-07-22 11:51 -------- d-----w- c:\users\Pepa\AppData\Local\WMTools Downloaded Files
2014-07-13 10:22 . 2014-07-13 10:23 -------- d-----w- C:\Fraps
2014-07-11 16:08 . 2014-07-11 16:08 -------- d-----w- c:\users\Pepa\AppData\Roaming\Curse
2014-07-09 13:09 . 2014-07-09 13:09 -------- d-----w- c:\users\Pepa\AppData\Roaming\Awesomium
2014-07-09 13:09 . 2014-07-09 13:09 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-07-09 13:08 . 2014-07-09 13:09 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2014-07-05 21:10 . 2014-07-05 21:13 -------- d-----w- c:\users\Pepa\AppData\Roaming\RIFT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-01 08:15 . 2014-07-01 08:15 257704 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-17 14:52 . 2014-06-17 14:52 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-17 14:52 . 2014-06-02 09:08 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-17 14:52 . 2014-06-17 14:52 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-02 09:13 . 2014-05-31 10:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-05-19 18:57 . 2014-05-19 18:58 107040 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-05-12 11:55 . 2014-05-12 11:55 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-12 11:55 . 2014-05-12 11:55 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-12 11:55 . 2014-05-12 11:55 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-01-05 03:45 . 2013-01-25 09:20 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2013-01-26 . EE52CE3FC612D6F2E6CE0554DED47FC3 . 381440 . . [6.2.9200.16384] .. c:\windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.2.9200.16384_none_4cf85cc9659cdc8e\regedit.exe
[-] 2013-01-26 . EE52CE3FC612D6F2E6CE0554DED47FC3 . 355328 . . [6.2.9200.16384] .. c:\windows\regedit.exe
.
c:\windows\system32\cngaudit.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-06-10 39712]
"uTorrent"="c:\users\Pepa\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-31 1936720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ConfirmFileDelete"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R4 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 17:46 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 17:36]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 17:29]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 04:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\7u81c25g.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=402027&ilc=12&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
.
**************************************************************************
.
Celkový čas: 2014-08-02 16:45:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-02 14:45
.
Před spuštěním: 48 756 584 448 bytes free
Po spuštění: 49 760 227 328 bytes free
.
- - End Of File - - 71458BC6F716B318DAB8DE99ED0CD276
A36C5E4F47E84449FF07ED3517B43A31

Otestujte na www.virustotal.com
c:\windows\regedit.exe

SHA256: 7d163d87285d51c69467d3dc144f7e3fc0f1d48307efa0c97fd527c9bb544322
File name: REGEDIT.EXE.Muestra EliStartPage v28.65
Detection ratio: 0 / 47
Analysis date: 2013-10-30 04:54:25 UTC ( 9 months, 1 week ago )

Omlouvám se za zpoždění

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Driver::
X6va022

File:: 
c:\windows\SysWOW64\Drivers\X6va022

Restore::
c:\windows\regedit.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 14-08-02.02 - Pepa . 08. 2014 9:22.2.4 - x64
Microsoft Windows® 8 Underground™ 2013 x64 6.2.9200.0.1250.420.1033.18.7648.6413 [GMT 2:00]
Spuštěný z: c:\users\Pepa\Desktop\Evidence\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pepa\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-06 do 2014-08-06 )))))))))))))))))))))))))))))))
.
.
2014-08-06 07:28 . 2014-08-06 07:28 -------- d-----w- c:\users\Pepa\AppData\Local\temp
2014-08-06 07:28 . 2014-08-06 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-02 11:45 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-02 10:45 . 2014-08-02 10:45 -------- d-----w- c:\windows\ERUNT
2014-08-01 13:14 . 2014-08-01 13:14 -------- d-----w- C:\rsit
2014-08-01 13:14 . 2014-08-01 13:14 -------- d-----w- c:\program files (x86)\trend micro
2014-07-31 13:03 . 2014-07-31 13:03 -------- d-----w- c:\users\Pepa\AppData\Roaming\Apple Computer
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\users\Pepa\AppData\Local\Apple
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-07-31 08:17 . 2014-07-31 08:17 -------- d-----w- c:\programdata\Apple
2014-07-29 12:31 . 2014-07-29 12:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-21 15:08 . 2014-07-21 15:08 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-07-17 14:01 . 2014-07-17 14:01 -------- d-----w- c:\programdata\Riot Games
2014-07-13 12:31 . 2014-07-14 16:16 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2014-07-13 12:30 . 2014-07-13 12:30 -------- d-----w- C:\UpdateChromeLinksLogs
2014-07-13 12:29 . 2014-07-13 12:29 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-13 12:29 . 2014-07-13 12:29 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-07-13 12:23 . 2014-07-13 12:23 -------- d-----w- c:\users\Pepa\AppData\Local\Comodo
2014-07-13 12:19 . 2014-07-13 12:39 -------- d-----w- c:\program files (x86)\FreeTime
2014-07-13 10:47 . 2014-07-22 11:51 -------- d-----w- c:\users\Pepa\AppData\Local\WMTools Downloaded Files
2014-07-13 10:22 . 2014-07-13 10:23 -------- d-----w- C:\Fraps
2014-07-11 16:08 . 2014-07-11 16:08 -------- d-----w- c:\users\Pepa\AppData\Roaming\Curse
2014-07-09 13:09 . 2014-07-09 13:09 -------- d-----w- c:\users\Pepa\AppData\Roaming\Awesomium
2014-07-09 13:09 . 2014-07-09 13:09 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-07-09 13:08 . 2014-07-09 13:09 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-01 08:15 . 2014-07-01 08:15 257704 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-17 14:52 . 2014-06-17 14:52 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-17 14:52 . 2014-06-02 09:08 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-17 14:52 . 2014-06-17 14:52 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-02 09:13 . 2014-05-31 10:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-05-19 18:57 . 2014-05-19 18:58 107040 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-05-12 11:55 . 2014-05-12 11:55 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-12 11:55 . 2014-05-12 11:55 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-12 11:55 . 2014-05-12 11:55 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-01-05 03:45 . 2013-01-25 09:20 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-01-26 . EE52CE3FC612D6F2E6CE0554DED47FC3 . 381440 . . [6.2.9200.16384] .. c:\windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.2.9200.16384_none_4cf85cc9659cdc8e\regedit.exe
[-] 2013-01-26 . EE52CE3FC612D6F2E6CE0554DED47FC3 . 355328 . . [6.2.9200.16384] .. c:\windows\regedit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-07-28 39712]
"uTorrent"="c:\users\Pepa\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-31 1936720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ConfirmFileDelete"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R4 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 17:46 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 17:36]
.
2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 17:29]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 17:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 04:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\7u81c25g.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=402027&ilc=12&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: avast! Online Security: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-08-06 09:30:30
ComboFix-quarantined-files.txt 2014-08-06 07:30
ComboFix2.txt 2014-08-02 14:45
.
Před spuštěním: 46 589 247 488 bytes free
Po spuštění: 46 537 895 936 bytes free
.
- - End Of File - - 9E206603DDED19E10303541F88AF2DF5
A36C5E4F47E84449FF07ED3517B43A31

VIRY.CZ

Keylogger

Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger

Re: Keylogger