Prosím o kontrolu - podezření na keylogger

[Gseek]

aswMBR



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 12:20:44
-----------------------------
12:20:44.465 OS Version: Windows x64 6.1.7601 Service Pack 1
12:20:44.465 Number of processors: 6 586 0x102
12:20:44.465 ComputerName: CALLER-PC UserName: CALLER
12:20:46.867 Initialize success
12:20:52.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
12:20:52.423 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
12:20:52.423 Disk 0 MBR read successfully
12:20:52.423 Disk 0 MBR scan
12:20:52.438 Disk 0 Windows 7 default MBR code
12:20:52.438 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:20:52.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150492 MB offset 206848
12:20:52.438 Disk 0 Partition - 00 0F Extended LBA 803273 MB offset 308415870
12:20:52.454 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 803273 MB offset 308415933
12:20:52.469 Disk 0 scanning C:\Windows\system32\drivers
12:20:56.494 Service scanning
12:21:08.007 Modules scanning
12:21:08.007 Disk 0 trace - called modules:
12:21:08.023 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:21:08.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d6a060]
12:21:08.023 3 CLASSPNP.SYS[fffff880013be43f] -> nt!IofCallDriver -> [0xfffffa8004af2ac0]
12:21:08.023 5 amd_xata.sys[fffff880011b88f7] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8004af0600]
12:21:08.038 Scan finished successfully
12:21:20.814 Disk 0 MBR has been saved successfully to "C:\Users\CALLER\Desktop\MBR.dat"
12:21:20.814 The log file has been saved successfully to "C:\Users\CALLER\Desktop\aswMBR.txt"

[Reklama]

[Gseek]

Ten antikeylogger mi nejde je totiž jen pro 32bit

[jaro3]

Máš pravdu je jen pro 32bit.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Stiskni tlačítko "windows klávesy" + "R" (mezi "Ctrl" tlačítko a "Alt" Button)
prosím napiš následující text do pole:

Kód: Vybrat vše

C:\Qoobox\Add-Remove Programs.txt

A dej OK.
zprávu , která se ukáže sem zkopíruj celou..

[Gseek]

Ty položky co mam fixnout v HJT nejdou.. nešli už to poprvé píše to viz.obrázek a když dam znovu udělat analýzu je to tam znovu.....

[Gseek]

3DMark06
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AI Suite II
AMD OverDrive
AMD VISION Engine Control Center
Asmedia ASM104x USB 3.0 Host Controller Driver
µTorrent
Borderlands 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CrystalDiskInfo 5.0.4
DAEMON Tools Lite
Diablo III
Disk Unlocker
Driver Genius Professional Edition
Entity Framework Designer for Visual Studio 2012 - enu
FileHippo.com Update Checker
Fraps (remove only)
Geeks3D.com FurMark 1.10.2
Google Chrome
Hide IP Easy
HiJackThis
JMicron JMB36X Driver
League of Legends
Malwarebytes Anti-Malware verze 1.65.0.1400
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office Access MUI (Czech) 2010
Microsoft Office Excel MUI (Czech) 2010
Microsoft Office Groove MUI (Czech) 2010
Microsoft Office InfoPath MUI (Czech) 2010
Microsoft Office OneNote MUI (Czech) 2010
Microsoft Office Outlook MUI (Czech) 2010
Microsoft Office PowerPoint MUI (Czech) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Czech) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Slovak) 2010
Microsoft Office Proofing (Czech) 2010
Microsoft Office Publisher MUI (Czech) 2010
Microsoft Office Shared MUI (Czech) 2010
Microsoft Office Word MUI (Czech) 2010
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
MiniTool Partition Wizard Home Edition 5.2
MSI Afterburner 1.6.1
Pando Media Booster
Prerequisites for SSDT
Prime95
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Skype™ 5.10
StarCraft II
Torchlight II (c) Runic Games version 1
Update for (KB2504637)
Windows Media Player Firefox Plugin
Windows Software Development Kit
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.20 (32-bit)

[jaro3]

Log OK.

HJT----píše to:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

[Gseek]

Měl sem vše zavřeny dokonce i vyplej antivir apod... a blbne mi to jen na mém PC na NTB mi to šlo v poho když sem dříve něco fixoval.. mam stím problémy i když vypojuji USB tak mi pořád píše že je používáno

[Orcus]

Vlož nám sem log z CrystalDiskInfo a otestuj paměti pomocí Goldmemory+(aspoň 2 celý průchody).

[Gseek]

Crystal disk vlozim ale neměl by být problém s diskem ani s RAM ... mám je CCA 1-2týdny

[Gseek]

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.4 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x64)
Date : 2012/10/09 16:41:46

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- ST310005 24AS SATA Disk Device
- JMicron JMB36X Controller [SCSI]
- JMicron JMB36X Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST31000524AS : 1000,2 GB [0/2/0, pd1] - st

----------------------------------------------------------------------------
(1) ST31000524AS
----------------------------------------------------------------------------
Model : ST31000524AS
Firmware : JC4B
Serial Number : 6VPKHD52
Disk Size : 1000,2 GB (8,4/137,4/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/600
Power On Hours : 133 hod.
Power On Count : 135 krát
Temparature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : D0D0h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 117 _99 __6 00000997D253 Počet chyb čtení
03 100 100 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000089 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _67 _60 _30 000000504DF4 Počet chybných hledání
09 100 100 __0 000000000085 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000087 Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Neznámý
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 _99 __0 000200020002 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _67 _52 _45 000021150021 Teplota toku vzduchu
C2 _33 _48 __0 001300000021 Teplota
C3 _48 _38 __0 00000997D253 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 66E40000019D Čas nastavování hlaviček - v hodinách
F1 100 253 __0 0000533AEAF8 Total LBAs Written
F2 100 253 __0 00004B1B50C3 Total LBAs Read

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3656 504B 4844 3532
020: 0000 0000 0004 4A43 3442 2020 2020 5354 3331 3030
030: 3035 3234 4153 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 850E 0006 0048 0040
080: 01F0 0029 346B 7F01 4163 3469 BE01 4163 407F 0052
090: 0052 0000 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 0000 0000 5000 C500
110: 4B4A A45E 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 004F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3F00 9800
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 1020 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 9FA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 75 63 53 D2 97 09 00 00 00 03 03
010: 00 64 64 00 00 00 00 00 00 00 04 32 00 64 64 89
020: 00 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 43 3C F4 4D 50 00 00 00 00 09 32
040: 00 64 64 85 00 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 87 00 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 BC 32 00 64 63 02 00 02 00 02
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 43 34 21 00 15 21 00 00 00 C2 22 00 21 30 21
0B0: 00 00 00 13 00 00 C3 1A 00 30 26 53 D2 97 09 00
0C0: 00 00 C5 12 00 64 64 00 00 00 00 00 00 00 C6 10
0D0: 00 64 64 00 00 00 00 00 00 00 C7 3E 00 C8 C8 00
0E0: 00 00 00 00 00 00 F0 00 00 64 FD 9D 01 00 00 E4
0F0: 66 23 F1 00 00 64 FD F8 EA 3A 53 00 00 00 F2 00
100: 00 64 FD C3 50 1B 4B 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 58 02 00 7B
170: 03 00 01 00 01 AB 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 11 17 00 00 06 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 1E 4A F1 3A 74 00 00 00
1B0: 00 00 00 00 01 00 27 00 F8 EA 3A 53 15 12 00 00
1C0: C3 50 1B 4B 49 B8 00 00 00 00 00 00 CB 94 8A 00
1D0: 00 00 00 00 00 00 00 00 0B 0C 00 00 1A 00 05 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C3

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00
0B0: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 F0 00 00 00 00 00 00 00 00 00
0F0: 00 00 F1 00 00 00 00 00 00 00 00 00 00 00 F2 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60

[jaro3]

Test RAM udělej taky , je jedno jestli jsou nové , mohou být nové a špatné.

[Gseek]

Udělám no ale když sem testoval cca 15 hodin v prime95 na Blend test + ktomu mi bežel Furmark na test GPU tak si myslím že ty ram projdou..