prosim o kontrolu

[svasik]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:02, on 14.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
E:\Program Files\Synaptics\SynTP\SynTPStart.exe
E:\WINDOWS\BisonCam\BisonHK.exe
E:\WINDOWS\BisonCam\DeLay.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
E:\Program Files\Protector Suite QL\psqltray.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\bpk.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\ICQ6.5\ICQ.exe
E:\Program Files\HotKey_Driver\HotKeyDriver.exe
E:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
E:\WINDOWS\system32\wbem\unsecapp.exe
E:\Program Files\CCleaner\CCleaner.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\PROGRA~1\MACROM~1\FLASH8~2\Flash.exe
E:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 92.240.237.20 l2authd.lineage2.com l2authd.lineage2.com
O1 - Hosts: 79.217.172.224 l2testauthd.lineage2.com
O1 - Hosts: 79.217.172.224 l2destination.servegame.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com nProtect.lineage2.com
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPStart] E:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonHK] E:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [DeLay] E:\WINDOWS\BisonCam\DeLay.exe
O4 - HKLM\..\Run: [PSQLLauncher] "E:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTBatteryMeter] E:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bpk] E:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] E:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "E:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = E:\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: HotKeyDriver.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = E:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Temporary Shortcut.lnk = D:\autorun.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - e:\xampp\apache\bin\apache.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11391 bytes
diky

[Reklama]

[jaro3]

TEN KEYLOGGER TAM MÁŠ SCHVÁLNĚ?

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[svasik]

o zadnym keyloggeru nevim...




ComboFix 09-04-14.09 - Kluci 14.04.2009 17:57.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1021.491 [GMT 2:00]
Spuštěný z: e:\documents and settings\Kluci\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-14 do 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-05 18:21 . 2009-04-05 18:21 -------- d-sh--w e:\documents and settings\Kluci\PrivacIE
2009-04-03 14:54 . 2008-10-16 12:06 268648 ----a-w e:\windows\system32\mucltui.dll
2009-04-03 14:54 . 2008-10-16 12:06 208744 ----a-w e:\windows\system32\muweb.dll
2009-04-03 14:54 . 2008-10-16 12:06 27496 ----a-w e:\windows\system32\mucltui.dll.mui
2009-04-03 14:52 . 2009-04-03 14:52 -------- d-sh--w e:\documents and settings\NetworkService\IETldCache
2009-04-03 14:51 . 2009-04-03 14:51 -------- d-sh--w e:\documents and settings\Kluci\IETldCache
2009-04-02 18:38 . 2009-04-02 18:38 -------- d-----w e:\windows\ie8updates
2009-04-02 18:32 . 2009-04-02 18:36 -------- dc-h--w e:\windows\ie8
2009-04-02 18:27 . 2009-02-28 04:55 105984 -c----w e:\windows\system32\dllcache\iecompat.dll
2009-03-23 19:35 . 2009-04-01 13:35 -------- d-----w E:\xampp
2009-03-22 18:52 . 2009-03-22 18:52 -------- d-----w e:\documents and settings\Kluci\Data aplikací\Remere's Map Editor
2009-03-22 18:20 . 2009-04-13 15:46 198428 ----a-w e:\windows\system32\bpkch.dat
2009-03-22 18:10 . 2009-04-14 15:38 2406128 ----a-w e:\windows\system32\bpk.dat
2009-03-19 21:57 . 2009-03-23 07:24 476 ----a-w e:\windows\my.ini
2009-03-18 14:25 . 2009-04-14 12:25 -------- d-----w e:\documents and settings\Kluci\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 16:03 . 2009-04-09 09:18 -------- d-----w e:\program files\Steam
2009-04-14 15:50 . 2008-09-17 10:29 -------- d-----w e:\documents and settings\Kluci\Data aplikací\Skype
2009-04-14 13:46 . 2009-04-14 13:46 -------- d-----w e:\program files\Trend Micro
2009-04-14 12:16 . 2009-04-14 12:16 -------- d-----w e:\program files\ConvertHelper
2009-04-09 11:52 . 2009-04-09 11:52 -------- d-----w e:\program files\Remere's Map Editor
2009-04-09 09:14 . 2009-04-09 09:00 -------- d-----w e:\program files\Left4Dead
2009-04-08 16:00 . 2008-11-29 22:48 -------- d-----w e:\program files\Norton Security Scan
2009-04-06 07:39 . 2008-09-17 16:43 -------- d-----w e:\program files\Tibia
2009-04-05 16:01 . 2008-11-29 22:48 -------- d-----w e:\program files\Common Files\Symantec Shared
2009-04-04 01:15 . 2008-11-08 14:28 -------- d-----w e:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-03 16:53 . 2008-09-17 16:44 -------- d-----w e:\documents and settings\Kluci\Data aplikací\Tibia
2009-04-02 22:11 . 2009-03-06 15:43 -------- d-----w e:\program files\FlashGet
2009-04-02 18:23 . 2009-04-02 18:23 -------- d-----w e:\program files\Microsoft Silverlight
2009-04-02 18:19 . 2008-10-27 11:36 -------- d-----w e:\documents and settings\Kluci\Data aplikací\PC Suite
2009-04-01 13:18 . 2009-02-20 09:22 -------- d-----w e:\program files\Java
2009-04-01 13:17 . 2006-03-02 12:00 79702 ----a-w e:\windows\system32\perfc005.dat
2009-04-01 13:17 . 2006-03-02 12:00 432966 ----a-w e:\windows\system32\perfh005.dat
2009-03-21 12:28 . 2009-03-05 16:56 138464 ----a-w e:\windows\system32\drivers\PnkBstrK.sys
2009-03-21 12:27 . 2009-03-05 16:56 111928 ----a-w e:\windows\system32\PnkBstrB.exe
2009-03-13 18:36 . 2009-03-13 18:36 -------- d-----r e:\program files\Skype
2009-03-13 18:36 . 2008-09-17 10:29 -------- d-----w e:\documents and settings\All Users\Data aplikací\Skype
2009-03-13 14:14 . 2009-03-12 17:17 -------- d-----w e:\program files\ICQ6.5
2009-03-12 19:02 . 2009-03-12 19:02 -------- d-----w e:\program files\Proletary
2009-03-12 17:18 . 2008-09-24 14:45 -------- d-----w e:\program files\ICQ6
2009-03-12 15:01 . 2008-09-17 10:35 -------- d-----w e:\documents and settings\Kluci\Data aplikací\skypePM
2009-03-09 03:19 . 2009-02-20 09:23 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-08 15:22 . 2008-09-17 10:02 -------- d-----w e:\program files\Opera
2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w e:\windows\system32\wininet.dll
2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w e:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w e:\windows\system32\corpol.dll
2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w e:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w e:\windows\system32\admparse.dll
2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w e:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w e:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w e:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w e:\windows\system32\mshta.exe
2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w e:\windows\system32\msls31.dll
2009-03-05 18:30 . 2008-09-16 18:58 76272 ----a-w e:\documents and settings\Kluci\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-03-05 17:21 . 2008-09-16 18:41 -------- d--h--w e:\program files\InstallShield Installation Information
2009-03-05 16:56 . 2009-03-05 16:56 22328 ----a-w e:\documents and settings\Kluci\Data aplikací\PnkBstrK.sys
2009-03-05 16:56 . 2009-03-05 16:56 66872 ----a-w e:\windows\system32\PnkBstrA.exe
2009-03-05 16:56 . 2009-03-05 16:56 682280 ----a-w e:\windows\system32\pbsvc.exe
2009-03-05 16:39 . 2009-03-05 16:39 -------- d-----w e:\program files\Activision
2009-03-04 14:08 . 2009-03-04 14:08 -------- d-----w e:\documents and settings\Kluci\Data aplikací\flightgear.org
2009-03-04 14:08 . 2009-03-04 14:08 -------- d-----w e:\documents and settings\Kluci\Data aplikací\fltk.org
2009-03-03 14:04 . 2009-03-03 14:04 -------- d-----w e:\program files\RAR Password Cracker
2009-03-03 14:03 . 2009-03-03 14:03 -------- d-----w e:\program files\Visual Zip Password Recovery
2009-03-03 13:42 . 2009-03-03 13:42 -------- d-----w e:\program files\7-Zip
2009-02-26 12:51 . 2009-02-26 12:50 -------- d-----w e:\program files\MP3Resizer
2009-02-22 07:43 . 2008-10-27 12:33 -------- d-----w e:\documents and settings\Kluci\Data aplikací\Nokia
2009-02-22 07:36 . 2008-09-16 19:28 -------- d-----w e:\program files\QIP
2009-02-21 16:34 . 2009-02-21 16:34 -------- d-----w e:\program files\VibrateGameDeviceDriver
2009-02-20 13:31 . 2009-02-19 12:52 -------- d-----w e:\program files\InterVideo
2009-02-19 14:31 . 2009-02-19 14:26 -------- d-----w e:\program files\Ubi Soft
2009-02-19 14:30 . 2009-02-19 14:30 -------- d-----w e:\documents and settings\Kluci\Data aplikací\ubi.com
2009-02-19 14:30 . 2009-02-19 14:30 -------- d-----w e:\program files\Common Files\PocketSoft
2009-02-19 14:30 . 2009-02-19 14:30 -------- d-----w e:\program files\ubi.com
2009-02-19 14:30 . 2009-02-19 14:30 -------- d-----w e:\program files\directx
2009-02-19 11:09 . 2008-12-04 19:42 -------- d-----w e:\documents and settings\All Users\Data aplikací\Avg8
2009-02-09 14:07 . 2006-03-02 12:00 1846784 ----a-w e:\windows\system32\win32k.sys
2008-09-18 08:19 . 2008-09-18 08:19 96912 ----a-w e:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2005-02-08 08:25 . 2008-12-24 20:57 599552 ----a-w e:\program files\Manual_USB_E.doc
2003-11-07 14:30 . 2008-12-24 20:57 2217 ----a-w e:\program files\mtdv2ks3.inf
2003-10-15 07:07 . 2008-12-24 20:57 12288 ----a-w e:\program files\mtdv2ku2.sys
2003-10-10 22:39 . 2008-12-24 20:57 11648 ----a-w e:\program files\mtdv2ks2.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_15.48.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 16:01 . 2009-04-14 16:01 16384 e:\windows\Temp\Perflib_Perfdata_134.dat
+ 2009-04-14 15:59 . 2005-10-20 18:02 163328 e:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-14 15:43 . 2005-10-20 18:02 163328 e:\windows\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59 2953216 ----a-w e:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59 2953216 ----a-w e:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"QIP2005"="e:\program files\QIP\qip.exe" [2009-02-12 3276288]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"ICQ"="e:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"Steam"="e:\program files\Steam\Steam.exe" [2009-04-09 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-03-28 13529088]
"SMSERIAL"="e:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"SynTPStart"="e:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"BisonHK"="e:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]
"DeLay"="e:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]
"PSQLLauncher"="e:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"RemoteControl"="e:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"RTBatteryMeter"="e:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2008-03-28 1626112]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"BluetoothAuthenticationAgent"="bthprops.cpl" - e:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotKeyDriver.lnk - e:\program files\HotKey_Driver\HotKeyDriver.exe [2008-9-16 3641344]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-2-19 184320]
REALTEK RTL8185 Wireless LAN Utility.lnk - e:\program files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe [2009-1-8 843776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46 90112 ----a-w e:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-22 21:00 4608 ----a-w e:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-23 19:06 29744 ----a-w e:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-17 16:51 133104 ----atw e:\documents and settings\Kluci\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w e:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w e:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w e:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w e:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-30 17:12 68856 ----a-w e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
"e:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Downloads\\Half-Life 2\\hl2.exe"=
"e:\\Program Files\\Half-Life 2\\hl2.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"e:\\Program Files\\SecondLife\\SLVoice.exe"=
"e:\\Program Files\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Ubi Soft\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\xampp\\apache\\bin\\apache.exe"=
"e:\\Documents and Settings\\Kluci\\Plocha\\-NeleZ SeM-\\stažené\\cryingdamson-console\\TheForgottenServer.exe"=
"e:\\Program Files\\Left4Dead\\hl2.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12732:TCP"= 12732:TCP:BitComet 12732 TCP
"12732:UDP"= 12732:UDP:BitComet 12732 UDP

R2 Apache2.2;Apache2.2;e:\xampp\apache\bin\apache.exe [2008-01-17 24635]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;e:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-23 29744]
R3 npkycryp;npkycryp; [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);e:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 EAPPkt;Realtek EAPPkt Protocol;e:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S3 DynCal;Dynamic Calibration Service;e:\windows\system32\drivers\Dyncal.sys [2005-09-26 8576]
S3 PSched;Plánovač paketů technologie QoS;e:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-25 288000]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c6f1230-8a51-11dd-847a-0015afcd8d32}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0285f93-a034-11dd-84ae-0015afcd8d32}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-08 e:\windows\Tasks\Norton Security Scan for Kluci.job
- e:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - e:\documents and settings\Kluci\Data aplikací\Mozilla\Firefox\Profiles\48cqj7hq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 18:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
e:\windows\system32\psqlpwd.dll
e:\program files\Protector Suite QL\homefus2.dll
e:\program files\Protector Suite QL\infra.dll
e:\program files\Protector Suite QL\homepass.dll
e:\program files\Protector Suite QL\bio.dll
e:\program files\Protector Suite QL\remote.dll
e:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(980)
e:\windows\system32\psqlpwd.dll
e:\program files\Protector Suite QL\homefus2.dll
e:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'explorer.exe'(3008)
e:\program files\Protector Suite QL\farchns.dll
e:\program files\Protector Suite QL\infra.dll
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
e:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
e:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
e:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\program files\CyberLink\Shared Files\RichVideo.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\rundll32.exe
e:\program files\Synaptics\SynTP\SynTPEnh.exe
e:\program files\Protector Suite QL\psqltray.exe
e:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 16:11
ComboFix2.txt 2009-04-14 15:56

Před spuštěním: 3 757 117 440
Po spuštění: 3 738 484 736

293 --- E O F --- 2009-04-04 01:15

[jaro3]

PC je jinak čisté , ohledně keyloggeru:
Perfect Keylogger software
http://www.kephyr.com/filedb/index.php? ... ic=bpk.dat
http://www.wtorrent.com/317418.html

e:\windows\system32\bpkch.dat
e:\windows\system32\bpk.dat
C:\Program Files\BPK\".
Tak zkus odinstalovat BPK..

Toto otestuj na Virustotal
e:\windows\BisonCam\BisonHK.exe
Vlož sem pak odkaz výsledku.

[svasik]

http://www.virustotal.com/cs/analisis/e ... 32a725a648

... a jak říkám, ten keylogger tam neni schválně, jak se ho zbavim?

[jaro3]

Zkus se podívat do přidat odebrat/programy název buď :)
Perfect Keylogger software
nebo:
e:\Program Files\BPK -tam by měl být odinstalátor.

Když tak toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
e:\windows\system32\bpkch.dat
e:\windows\system32\bpk.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT