Stránka 1 z 1
Získání/hacknutí hesla
Napsal: 24 dub 2015 16:05
od Vejnis
Zravím,
pomáhám kamarádce vyřešit problém a už si nevím rady. Cca před měsícem ji někdo zjistil heslo na fb skype. Poradil jsem ji, ať si jej zmení, stalo se. Ani ne hodinu na to ji tam opět někdo vlezl a přeposílal zprávy přítely. Fb jsme vyřešili tím, že ji při každém přihlášení přijde na mobil sms, ale na skype ji stále někdo leze. Přes teamwiewer jsem ji koukal do pc, jestli tam něco nenajdu, já jsem nic nenašel. Přes týden je na intru a tzn. na "jejich" síti. Je možné nějak zjisti skrytý keylogger? Popřípadě jestli ji někdo sleduje přes síť? Nebo jak je možné, že pokaždé se dozví heslo, když si jej změní.
Byl bych rád za každou radu a předem děkuji za opovědi.
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 16:55
od Rudy
Zdravím!
To zda máte v PC keylogger, či ne, bych si musel prohlédnout některý log z kontrolní utiliy. Laik si může PC zkontrolovat skenem antiviru.
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 18:30
od Vejnis
A o který log by se mělo konkrétně jednat? Dle mého názoru to sleduje někdo přes síť pokud to je možné získávat hesla ze sítě a kort, když je to na intru.
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 19:19
od Rudy
Zakažte sdílení, máte-li ho povolené. Jinak dejte log FRST:
http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 20:55
od Vejnis
JEstli bylo myšleno vypnutí sdílení ve změně pokročilého nastavení sdílení, tak hotovo. Antivirem to projedu dnes večer a zítra napíši výsledek, ale log se mi jaksi nepodařilo udělat. Je možné, že je to způsobení teamwieverem, který byl při logu zapnutý? To co mi z logu vyšlo, je přiloženo.
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 21:00
od Vejnis
log
Re: Získání/hacknutí hesla
Napsal: 24 dub 2015 21:33
od Rudy
Log je v pořádku. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-04-06] (APN)
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\Run: [Facebook Update] => C:\Users\anet\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-01] (Facebook Inc.)
C:\Users\anet\AppData\Local\Facebook\Update
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\MountPoints2: {75e6aa4c-5455-11e4-826a-8086f2a19eb9} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\MountPoints2: {af9afffc-10f7-11e4-825b-8086f2a19eb9} - "E:\MafiaLauncher.EXE"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1084605704-4269871070-1596483951-1001 -> DefaultScope {1D21F059-C5E2-492A-B538-5C63856105FF} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1084605704-4269871070-1596483951-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
CHR Extension: (Google Slides) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-27]
CHR Extension: (Fruits Slice) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpkaagbcebgebfcangeibbcjangpgd [2015-01-27]
CHR Extension: (Oh, My Candy!) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgeajghmcjpegmbbdphnlgihgmmphcgb [2015-01-27]
CHR Extension: (Find your way to Oz) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2015-01-27]
CHR Extension: (A Journey through Middle-earth) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2015-01-27]
CHR Extension: (Cut the Rope) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-01-27]
cHR Extension: (Pin It Button) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-20]
CHR Extension: (Mini Putt) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpoeglfmgdiiphdfekphecmahbcblkef [2015-01-27]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2015-01-27]
CHR Extension: (Crazy Shooting) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood [2015-01-27]
CHR Extension: (Booktrack Studio) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog [2014-10-08]
CHR Extension: (Happy Friday!) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagckjdgadpknikjoegcibbollkafpid [2015-01-27]
CHR Extension: (iLivid) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-12-23]
CHR Extension: (ButtonBass HipHop Cube) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkbdcmcdlbnbidfbijmpmholgmidkef [2015-01-27]
CHR Extension: (Just A Reflektor) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\olaobhhcnfjbmecnfkicccgadipigdmj [2015-01-27]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-04-10]
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001UA1cf955dac62417f.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001Core1cf955dac4eee74.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\anet\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Na ploše máte příliš mnoho dat, která zpomalují start systému (>5GB). Přesuňte je do některého adresáře v C:\Users\anet a na plochu kvůli snazšímu přístupu dejte zástupce.
Re: Získání/hacknutí hesla
Napsal: 27 dub 2015 17:09
od Vejnis
Log, který jste chtěl vidět. Antivir neukázal žádné nejasnosti, jen problémy se sítí, tak jsem to dal automaticky vyřešit.
Re: Získání/hacknutí hesla
Napsal: 27 dub 2015 17:09
od Vejnis
Log, který jste chtěl vidět. Antivir neukázal žádné nejasnosti, jen problémy se sítí, tak jsem to dal automaticky vyřešit.
Vejnis píše:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by anet at 2015-04-27 18:00:31 Run:1
Running from C:\Users\anet\Desktop
Loaded Profiles: anet (Available profiles: anet)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-04-06] (APN)
C:\Program Files (x86)\AskPartnerNetwork
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\Run: [Facebook Update] => C:\Users\anet\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-01] (Facebook Inc.)
C:\Users\anet\AppData\Local\Facebook\Update
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\MountPoints2: {75e6aa4c-5455-11e4-826a-8086f2a19eb9} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\...\MountPoints2: {af9afffc-10f7-11e4-825b-8086f2a19eb9} - "E:\MafiaLauncher.EXE"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1084605704-4269871070-1596483951-1001 -> DefaultScope {1D21F059-C5E2-492A-B538-5C63856105FF} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1084605704-4269871070-1596483951-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
CHR Extension: (Google Slides) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-27]
CHR Extension: (Fruits Slice) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpkaagbcebgebfcangeibbcjangpgd [2015-01-27]
CHR Extension: (Oh, My Candy!) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgeajghmcjpegmbbdphnlgihgmmphcgb [2015-01-27]
CHR Extension: (Find your way to Oz) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2015-01-27]
CHR Extension: (A Journey through Middle-earth) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2015-01-27]
CHR Extension: (Cut the Rope) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-01-27]
cHR Extension: (Pin It Button) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-20]
CHR Extension: (Mini Putt) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpoeglfmgdiiphdfekphecmahbcblkef [2015-01-27]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2015-01-27]
CHR Extension: (Crazy Shooting) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood [2015-01-27]
CHR Extension: (Booktrack Studio) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog [2014-10-08]
CHR Extension: (Happy Friday!) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagckjdgadpknikjoegcibbollkafpid [2015-01-27]
CHR Extension: (iLivid) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-12-23]
CHR Extension: (ButtonBass HipHop Cube) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkbdcmcdlbnbidfbijmpmholgmidkef [2015-01-27]
CHR Extension: (Just A Reflektor) - C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\olaobhhcnfjbmecnfkicccgadipigdmj [2015-01-27]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-04-10]
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001UA1cf955dac62417f.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001Core1cf955dac4eee74.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\anet\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value deleted successfully.
"C:\Program Files (x86)\AskPartnerNetwork" directory move:
Could not move "C:\Program Files (x86)\AskPartnerNetwork" directory. => Scheduled to move on reboot.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
C:\Users\anet\AppData\Local\Facebook\Update => Moved successfully.
"HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75e6aa4c-5455-11e4-826a-8086f2a19eb9}" => Key deleted successfully.
HKCR\CLSID\{75e6aa4c-5455-11e4-826a-8086f2a19eb9} => Key not found.
"HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af9afffc-10f7-11e4-825b-8086f2a19eb9}" => Key deleted successfully.
HKCR\CLSID\{af9afffc-10f7-11e4-825b-8086f2a19eb9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => Key deleted successfully.
HKU\S-1-5-21-1084605704-4269871070-1596483951-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpkaagbcebgebfcangeibbcjangpgd => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgeajghmcjpegmbbdphnlgihgmmphcgb => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpoeglfmgdiiphdfekphecmahbcblkef => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagckjdgadpknikjoegcibbollkafpid => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkbdcmcdlbnbidfbijmpmholgmidkef => Moved successfully.
C:\Users\anet\AppData\Local\Google\Chrome\User Data\Default\Extensions\olaobhhcnfjbmecnfkicccgadipigdmj => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => Key deleted successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Directory not found.
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001UA1cf955dac62417f.job => Moved successfully.
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084605704-4269871070-1596483951-1001Core1cf955dac4eee74.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\anet\AppData\Local\Temp => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-27 18:02:22)<=
C:\Program Files (x86)\AskPartnerNetwork => Is moved successfully.
==== End of Fixlog 18:02:22 ====
Re: Získání/hacknutí hesla
Napsal: 27 dub 2015 18:16
od Rudy
Vše bylo smazáno. Keylogger jsem ale neobjevil. Ještě byste mohl spustit MBAM:
http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.