prosím o preventivní kontrolu- vyosek

Zpráva

frydas · #1 Příspěvek od **frydas** » 20 dub 2016 16:28

Zdravím, jelikož mám kladnou zkušenost s vyoskem, tak bych rád, kdyby si se mnou lámal hlavu zase on

Ve zkratce, PC se mi začala nehorázně sekat zhruba v době, kdy jsme se rozešel s přítelkyní, na ploše mám ikonu all in one, která nejde otevřít a nejde program odstranit, tak jsme to hledal na google a údajně by to měl být keylogger

Já sám bohužel netuším jak tyhle věci odstranit, nicméně zde jste zkušenější a spláchnu s tím snad zároveň i preventivku a třeba se to PC konečně přestane tak nehorázně zasekávat

Předem díky vyoskovi, že ze mě nevyletí z kůže

zde log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Lukáš (administrator) on FRYDASPC (20-04-2016 17:21:03)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš & MsDtsServer120 (Available Profiles: Lukáš & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MsDtsServer120 & MSSQLSERVER)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfSdkS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(KoshyJohn.com) C:\Users\Lukáš\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4140088 2016-02-16] (Connectify)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\...\MountPoints2: {3759dd0d-51e7-11e4-b97c-bcee7beb3d78} - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 147.229.190.143 147.229.191.143
Tcpip\..\Interfaces\{40FC2F5A-D0AE-4FC3-9B3C-7C0D328BAC7A}: [NameServer] 147.229.3.100 147.229.3.200
Tcpip\..\Interfaces\{D199C9D3-BD5D-4189-A676-D9C717DDDADA}: [DhcpNameServer] 147.229.190.143 147.229.191.143

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1562214965-3293025684-3177408804-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1562214965-3293025684-3177408804-1000 -> {52D3D164-11EA-4100-BCA7-46A4BFEC05BC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1562214965-3293025684-3177408804-1000: LWA64Plugin15.8 -> C:\Users\Lukáš\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8-x64.dll [2015-02-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1562214965-3293025684-3177408804-1000: LWAPlugin15.8 -> C:\Users\Lukáš\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.cz/
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406","hxxp://search.gb ... /?unqvl=23"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Adblock na Youtube™) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05]
CHR Extension: (ARC Welder) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-03-25]
CHR Extension: (ARC Welder) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-03-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-02-16] (Connectify)
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 kkybtvefjkbubt; c:\windows\SysWOW64\uhmmrmxc.exe [102400 2014-08-15] ( Company (R)) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2015-06-10] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\bin\msmdsrv.exe [51090624 2014-02-21] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3844640 2015-11-22] (INCA Internet Co., Ltd.)
R2 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe [223600 2015-05-18] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cfywlan1; C:\Windows\System32\DRIVERS\cfywlan1.sys [36736 2016-01-06] (Connectify)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [43872 2016-01-06] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:21 - 2016-04-20 17:22 - 00016212 _____ C:\Users\Lukáš\Desktop\FRST.txt
2016-04-20 17:20 - 2016-04-20 17:19 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
2016-04-10 22:40 - 2016-04-10 22:40 - 00004239 _____ C:\Users\Lukáš\Desktop\luhan skola.txt
2016-04-10 18:19 - 2016-04-10 18:28 - 00000000 ____D C:\Users\Lukáš\Desktop\databaze
2016-04-10 15:22 - 2016-04-10 15:22 - 00004232 _____ C:\Users\Lukáš\Desktop\luhan knihovna.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:23 - 2014-09-18 11:21 - 00000000 ____D C:\ProgramData\TEMP
2016-04-20 17:21 - 2016-02-02 19:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 17:21 - 2015-10-21 10:25 - 00000000 ____D C:\FRST
2016-04-20 17:18 - 2014-08-16 22:01 - 01566703 _____ C:\Windows\WindowsUpdate.log
2016-04-20 17:08 - 2014-10-14 16:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-04-20 17:06 - 2014-08-17 12:34 - 00000000 ____D C:\Windows\system32\MRT
2016-04-20 17:05 - 2015-12-02 18:46 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 16:53 - 2014-08-17 12:34 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-20 16:52 - 2015-01-05 16:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-20 16:26 - 2009-07-14 04:34 - 00000772 _____ C:\Windows\win.ini
2016-04-20 16:24 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 16:24 - 2009-07-14 06:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 16:21 - 2016-02-02 19:00 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-20 16:21 - 2016-02-02 19:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-20 16:21 - 2016-02-02 19:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-20 16:21 - 2016-02-02 19:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-20 16:21 - 2016-02-02 19:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-20 16:19 - 2014-10-14 15:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-20 16:06 - 2014-09-18 11:03 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-20 16:05 - 2015-12-02 18:46 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 16:05 - 2015-03-21 15:17 - 00000000 ____D C:\Users\MsDtsServer120
2016-04-20 16:04 - 2016-01-15 20:54 - 00005975 _____ C:\Windows\setupact.log
2016-04-20 16:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 16:03 - 2016-02-02 19:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-20 16:03 - 2016-01-17 21:06 - 00000000 ____D C:\Users\Lukáš\Desktop\MultiHack
2016-04-20 16:03 - 2015-11-14 02:33 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\vlc
2016-04-20 16:03 - 2015-04-17 03:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-20 16:03 - 2015-04-17 03:29 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-20 16:03 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-20 16:03 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-20 16:03 - 2015-03-21 15:18 - 00000000 ____D C:\Users\ReportServer
2016-04-20 16:03 - 2015-03-21 15:18 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2016-04-20 16:03 - 2015-03-21 15:16 - 00000000 ____D C:\Users\MSSQLSERVER
2016-04-20 16:03 - 2015-03-21 15:16 - 00000000 ____D C:\Users\MSSQLFDLauncher
2016-04-20 16:03 - 2014-10-14 16:18 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-04-20 16:03 - 2014-08-16 22:21 - 00000000 ____D C:\Users\Lukáš
2016-04-20 16:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-20 16:00 - 2016-01-06 20:51 - 00000000 ____D C:\ProgramData\Connectify
2016-04-20 16:00 - 2014-10-14 16:07 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-20 16:00 - 2014-09-16 16:02 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2016-04-20 16:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-11 20:05 - 2015-01-27 12:05 - 00000000 ____D C:\Users\Lukáš\Desktop\učení
2016-04-10 18:37 - 2015-03-21 17:34 - 00002076 ____H C:\Users\Lukáš\Documents\Default.rdp
2016-04-10 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-06 03:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-03-31 12:59 - 2009-07-14 07:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-30 22:13 - 2014-09-18 15:49 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 12:43 - 2009-07-14 07:13 - 01004536 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-25 00:46 - 2015-10-21 10:21 - 00000000 ____D C:\Users\Lukáš\Desktop\doc
2016-03-22 00:11 - 2014-09-01 12:51 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2015-05-28 11:05 - 2015-05-28 11:05 - 0000024 _____ () C:\Users\Lukáš\AppData\Roaming\appdataFr25.bin
2015-08-13 11:37 - 2015-08-13 11:37 - 0000001 _____ () C:\Users\Lukáš\AppData\Local\llftool.4.40.agreement
2015-05-28 16:50 - 2015-05-28 16:50 - 0000000 _____ () C:\Users\Lukáš\AppData\Local\Temp.dat
2016-01-17 18:51 - 2016-01-17 18:51 - 0000000 _____ () C:\Users\Lukáš\AppData\Local\{A74E4723-9062-4B86-AED9-0CFDF8D9EB4D}

Some files in TEMP:
====================
C:\Users\Lukáš\AppData\Local\Temp\MemClean.exe
C:\Users\Lukáš\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Luk��\Desktop" je 392787 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **JaRon** » 21 dub 2016 08:59

ahoj,
kedze vyosek ma tvorivu pauzu, tak sa toho ujmem

Velikost slozky "C:\Users\Luk��\Desktop" je 392787 MB.
poupratuj plochu

tento adresar by nemal presahovat 300MB
RESTART a prescanuj s ADWCleanerom

frydas · #3 Příspěvek od **frydas** » 21 dub 2016 15:52

Ahoj, je to škoda, vyosek se mnou mluvil jako s totálním bfu, což taky jsem

předpokládám, že chceš vidět nějakej log z toho adw cleaneru, vidím tma položku logfile tedy její obsah kopíruji sem, tu plochu jsem trochu uklidil, akorát složka filmy mi na ní zůstala, která má celkem 27gb, je nutné dávat to pryč, nebo ne ? Vždy jsme to tak míval a nevadilo to. Poroto jsem si myslel, že tímhle to není. Co mě ale víc trápí je ten keylogger a ještě, že nejde odinstalovat hra southpark stick of truth. Já na hry nejsem, takže moc nevím co a jak

log tedy zde :

# AdwCleaner v5.014 - Logfile created 21/10/2015 at 18:52:21
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lukáš - FRYDASPC
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Settings Manager
[-] Folder Deleted : C:\Program Files (x86)\DiigISoaaveer
[-] Folder Deleted : C:\ProgramData\{907b9e09-5a3a-5280-907b-b9e095a37825}
[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\IHlpr
[-] Folder Deleted : C:\Users\Public\Documents\Goobzo
[-] Folder Deleted : C:\Users\Public\Documents\YTAHelper

***** [ Files ] *****

[-] File Deleted : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update PodoWeb
[-] Key Deleted : HKLM\SOFTWARE\6135a49d-b85c-ac9e-9792-ffaa8ea02e3b
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Goobzo
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\Goobzo
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : industriya
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : virtual-wifi-router.en.softonic.com
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fpmeembnagmagppkgghhfjfdfajdfcah
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl

*************************

:: Winsock settings cleared

*************************

C:\AdwCleaner[R1].txt - [16664 bytes] - [25/06/2013 19:36:16]
C:\AdwCleaner[R2].txt - [16664 bytes] - [25/06/2013 21:49:25]
C:\AdwCleaner[S1].txt - [16152 bytes] - [25/06/2013 21:49:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6403 bytes] ##########
# AdwCleaner v5.112 - Logfile created 21/04/2016 at 16:54:21
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Lukáš - FRYDASPC
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\Installer\Installsense_10659
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\Solvusoft

***** [ Files ] *****

[-] File Deleted : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zynga2-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_zynga2-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
[-] Key Deleted : HKU\S-1-5-21-1562214965-3293025684-3177408804-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8202 bytes] - [21/10/2015 18:52:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [8206 bytes] - [21/10/2015 18:50:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8348 bytes] ##########

#4 Příspěvek od **JaRon** » 21 dub 2016 18:09

Zlozku filmy premiestni z plochy na c: a odtial vytvor link na plochu - zastupcu
Potom prescanuj PC s mbam - kompletna kontrola - log sem

frydas · #5 Příspěvek od **frydas** » 21 dub 2016 19:18

Problém je, že jakmile kliknu odstranit vybrané, tka program přestane pracovat, což asi dělá ten keylogger, ne ?

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.4.2016
Čas skenování: 20:03
Protokol: mbab.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.04.21.04
Databáze rootkitů: v2016.04.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 592597
Uplynulý čas: 12 min, 11 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
PUP.Optional.Goobzo, C:\Users\Lukáš\AppData\Local\Installer\Installiwebar_24579, , [e7915c55782141f5b76579bcc53e52ae],

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#6 Příspěvek od **JaRon** » 22 dub 2016 06:43

ja tam keylogger nevidim a nevidim tam ani antivir - doinstaluj AV podla vlastného vyberu a prescanuj nim PC

frydas · #7 Příspěvek od **frydas** » 22 dub 2016 07:53

já ho vidím na ploše

all in one a když to hledám ve složkách tak se tváří jako jiná složka, ale když ho najdu a dám unnistal, tak po mně chce nějaký heslo, jako kdybych nebyl správce PC, přitom jsem jedinej uživatel, dám esset online scan

#8 Příspěvek od **JaRon** » 22 dub 2016 08:08

+
pozri ci existuje adresar C:\Program Files\Relytec

frydas · #9 Příspěvek od **frydas** » 22 dub 2016 08:35

nene, neexistuje, scan pc pořád běží

#10 Příspěvek od **JaRon** » 22 dub 2016 09:04

spominany keylogger je viazany na uvedeny adresar ,,, takze predpokladam, ze neexistuje
preventivne prescanuj s NPE http://security.symantec.com/nbrt/npe.asp

frydas · #11 Příspěvek od **frydas** » 22 dub 2016 10:55

tu je log z toho essetu, teprve ted skončil test , jdu na ten druhej

C:\Program Files (x86)\Affkfqkzmrrwr\uhmmrmx.exe Win32/KeyLogger.AllInOneKeylogger.H aplikace vyléčen smazáním (po nejbližším restartu)
C:\Program Files (x86)\Southpark Stick of Truth\steam_api.dll varianta infiltrace Win32/HackTool.Crack.CS potenciálně zneužitelná aplikace vyléčen smazáním
C:\Program Files (x86)\Southpark Stick of Truth\Crack\steam_api.dll varianta infiltrace Win32/HackTool.Crack.CS potenciálně zneužitelná aplikace vyléčen smazáním
C:\Users\Lukáš\Downloads\GTA IV\GTA 4 crack\LaunchGTAIV.exe Win32/HackTool.Crack.BC potenciálně zneužitelná aplikace vyléčen smazáním
C:\Windows\SysWOW64\msyRnsern.dll varianta infiltrace Win32/Spy.KeyLogger.OSO trojský kůň vyléčen smazáním (po nejbližším restartu)
C:\Windows\SysWOW64\uhmmrmxc.exe varianta infiltrace Win32/KeyLogger.AllInOneKeylogger.L aplikace vyléčen smazáním (po nejbližším restartu)
Paměť varianta infiltrace Win32/Spy.KeyLogger.OSO trojský kůň obsahoval infikované soubory

#12 Příspěvek od **JaRon** » 22 dub 2016 11:04

nuz tal to vypada ked nemas AV

najdene ZMAZ a po restarte spust este NPE

frydas · #13 Příspěvek od **frydas** » 22 dub 2016 11:56

mno tak to něco odebralo, log to nevyhodilo, a ikona all in one stále zůstává

#14 Příspěvek od **JaRon** » 22 dub 2016 11:57

vloz aktualny log FRST

frydas · #15 Příspěvek od **frydas** » 22 dub 2016 12:19

frst byla jedna z věcí kterou to odebralo, takže launcher stáhnu znovu

VIRY.CZ

prosím o preventivní kontrolu- vyosek

prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek

Re: prosím o preventivní kontrolu- vyosek