Ardamax Keylogger

[plesoun111]

Dobrý den, nedávno jsem si stáhnul nějaké programy. A omylem si nainstaloval ardamax keylogger. Neukazuje se mi však nikde, že by naisntalován byl. Složku z které jsem to naistaloval už jsem smazal.
Chtěl bych se zeptat čím projet PC abych zjistil že v mém PC tento program skutečně není ?

[cernohous13]

Zdravím,
dej log podle návodu http://forum.viry.cz/viewtopic.php?f=13&t=105895

a jestli si věříš, tak tady je odkaz http://www.2-spyware.com/remove-ardamax-keylogger.html

[plesoun111]

Tak tady je ten Log
Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-05-12 15:35:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (38%) free of 38 GB
Total RAM: 959 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:36:09, on 12.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Dokumenty\Přijaté soubory\RSIT.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\admin\DATAAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SMART Display Controller - Unknown owner - C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe (file missing)

--
End of file - 4827 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\il0t3h14.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0, gencrawler@some.com:2.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\il0t3h14.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{EEE6C361-6118-11DC-9C72-001320C79847}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]
Help the General-Search Project - C:\DOCUME~1\admin\DATAAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL [2012-03-06 431104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2009-04-08 106496]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
"SiS Tray"=C:\WINDOWS\system32\sistray.EXE [2003-10-30 667648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\admin\Plocha\plocha\KURVA Programy\bittorrent\BitTorrent.exe"="C:\Documents and Settings\admin\Plocha\plocha\KURVA Programy\bittorrent\BitTorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=iyvu9_32.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP62"=vp6vfw.dll

======List of files/folders created in the last 1 month======

2012-05-12 15:35:11 ----D---- C:\rsit
2012-05-12 15:15:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2012-05-12 15:15:34 ----D---- C:\Documents and Settings\admin\Data aplikací\TestApp
2012-05-12 14:52:29 ----D---- C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-12 14:52:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-05-12 14:25:57 ----D---- C:\Documents and Settings\admin\Data aplikací\Media Finder
2012-05-10 21:59:45 ----D---- C:\Documents and Settings\admin\Data aplikací\Skype
2012-05-10 21:49:58 ----AH---- C:\WINDOWS\system32\ezsidmv.dat
2012-04-29 11:54:06 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-04-29 11:54:05 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-04-29 11:54:05 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-04-29 11:54:04 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-04-29 11:54:04 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-04-29 11:54:03 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-04-29 11:54:03 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-04-29 11:54:02 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-04-29 11:54:02 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-04-29 11:54:01 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-04-29 11:54:01 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-04-29 11:54:01 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-04-29 11:54:00 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-04-29 11:54:00 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-04-29 11:53:59 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-04-29 11:53:59 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-04-29 11:53:58 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-04-29 11:53:58 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-04-29 11:53:58 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-04-29 11:53:57 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-04-29 11:53:57 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-04-29 11:53:56 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-04-29 11:53:56 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-04-29 11:53:56 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-04-29 11:53:55 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-04-29 11:53:55 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-04-29 11:53:55 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-04-29 11:53:54 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-04-29 11:53:54 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-04-29 11:53:53 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-04-29 11:53:53 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-04-29 11:53:53 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-04-29 11:53:53 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-04-29 11:53:52 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-04-29 11:53:51 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-04-29 11:53:51 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-04-29 11:53:50 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-04-29 11:53:50 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-04-29 11:53:50 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-04-29 11:53:49 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-04-29 11:53:49 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-04-29 11:53:47 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-04-29 11:53:47 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-04-29 11:53:47 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-04-29 11:53:46 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-04-29 11:53:46 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-04-29 11:53:46 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-04-29 11:53:44 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-04-29 11:52:56 ----D---- C:\WINDOWS\Logs
2012-04-28 19:33:37 ----D---- C:\Program Files\Common Files\EasyInfo
2012-04-28 11:49:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
2012-04-27 21:51:12 ----D---- C:\Documents and Settings\admin\Data aplikací\GetRightToGo
2012-04-25 19:39:49 ----D---- C:\Documents and Settings\admin\Data aplikací\CadSoft

======List of files/folders modified in the last 1 month======

2012-05-12 15:35:16 ----D---- C:\Program Files\trend micro
2012-05-12 15:32:43 ----RD---- C:\Program Files
2012-05-12 15:32:26 ----SHD---- C:\Config.Msi
2012-05-12 15:32:24 ----SHD---- C:\WINDOWS\Installer
2012-05-12 14:53:15 ----D---- C:\WINDOWS\Prefetch
2012-05-12 14:53:03 ----SD---- C:\Documents and Settings\admin\Data aplikací\Microsoft
2012-05-12 14:52:29 ----AD---- C:\WINDOWS
2012-05-12 14:52:24 ----D---- C:\Program Files\Common Files
2012-05-12 14:51:50 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-12 13:46:56 ----D---- C:\Documents and Settings\admin\Data aplikací\EurekaLog
2012-05-12 12:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-12 11:53:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-05-11 16:32:42 ----D---- C:\Program Files\Mozilla Firefox
2012-05-11 14:21:13 ----D---- C:\WINDOWS\Temp
2012-05-10 21:49:58 ----D---- C:\WINDOWS\system32
2012-05-10 21:49:58 ----D---- C:\Documents and Settings\admin\Data aplikací\skypePM
2012-05-07 14:20:22 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-07 14:18:46 ----D---- C:\Documents and Settings\admin\Data aplikací\BitTorrent
2012-05-06 13:16:25 ----D---- C:\Documents and Settings\admin\Data aplikací\vlc
2012-05-03 21:49:12 ----AC---- C:\WINDOWS\system32\CmdLineExt.dll
2012-05-01 09:55:14 ----AC---- C:\WINDOWS\SIERRA.INI
2012-04-30 21:22:49 ----AC---- C:\WINDOWS\winamp.ini
2012-04-30 18:26:32 ----D---- C:\WINDOWS\system32\drivers
2012-04-29 11:54:08 ----D---- C:\WINDOWS\system32\DirectX
2012-04-29 11:54:06 ----HD---- C:\WINDOWS\inf
2012-04-29 11:53:36 ----RSD---- C:\WINDOWS\assembly
2012-04-27 23:28:15 ----D---- C:\Documents and Settings\admin\Data aplikací\DAEMON Tools Lite
2012-04-25 19:48:26 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-01-14 47616]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2004-10-28 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2009-04-08 36992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-11-12 428088]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 239168]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2010-09-20 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-28 278728]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 hwpsgt;hwpsgt; C:\WINDOWS\system32\DRIVERS\hwpsgt.sys [2010-01-07 137344]
R2 lemsgt;lemsgt; C:\WINDOWS\system32\DRIVERS\lemsgt.sys [2010-01-07 9472]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-06-28 25416]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2010-09-20 427776]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys []
S3 axf1k1e4;axf1k1e4; C:\WINDOWS\system32\drivers\axf1k1e4.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 RT73;AirLive WT-2000USB; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SiS300i;SiS300i; C:\WINDOWS\system32\DRIVERS\sis300ip.sys [2001-08-17 101760]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

[cernohous13]

V logu můj chabý zrak nic nenašel, zkusíme nástroj
Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
akl.exe
akv.exe
nsk.exe
il.dll
kh.dll
akv.ini
settings.ini 
:regfind
Ardamax Keylogger
NSK
Ardamax Keylogger Lite
akl.exe
:dir
C:\Program Files\Ardamax Keylogger
C:\Program Files\NSK

Klik na "Look" a po scanu sem zkopíruj výsledek hledání

a pro jistotu

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button (nelekej se přesměrování vyčkej)
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

[plesoun111]

tady je ten keylook
SystemLook 30.07.11 by jpshortstuff
Log created at 16:00 on 12/05/2012 by admin
Administrator - Elevation successful

========== filefind ==========

Searching for "akl.exe"
No files found.

Searching for "akv.exe"
No files found.

Searching for "nsk.exe"
No files found.

Searching for "il.dll"
No files found.

Searching for "kh.dll"
No files found.

Searching for "akv.ini"
No files found.

Searching for "settings.ini"
No files found.

========== regfind ==========

Searching for "Ardamax Keylogger"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="ardamax keylogger"
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="ardamax keylogger"

Searching for "NSK"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neworleanskidsrock.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trojanskiller.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\neworleanskidsrock.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trojanskiller.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\51932]
"Description"="Japonská (EUC)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"0436"="af;Afrikánsky"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"2C01"="ar-jo;Arabština (Jordánsko)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"1407"="de-li;Němčina (Lichtenštejnsko)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"0411"="ja;Japonské"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"1C0A"="es-do;Španělština (Dominikánská republika)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Rfc1766]
"081D"="sv-fi;Švédština (Finsko)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"Redist_Package"="4Mx0Iul3g(W'z?VXB]2di6!v=}lN3='umgt)sd`Z_$Qnt(v%1=w7quMORRm4yC'Fhh$Ud@J&Hl%piZv0(Zu=PHx%N9s[0$gto)K+Cd2HfPvUY9]I?,mmJG!9ZYT6Y}7@o?kE(HR+=APTr'x}Ylx^9=lPtH^rD`fpvC~AI=2_U=jP1y7`PgEK{[E@8}-D^AK^v{S)++_*dxy+{V6B(@+d{@(0_+AQ9Q-M!XC=n8@P?VTfnVU9.k,l*dg=F@GD!7@}@nt)SFyop~vAp90Cz!9u'3J5L{d[8*z')@Qz'!'a3**FbTxZKkt2j?{Sxt]TsJ]6%k-Al*3,5=xBozmY41V`56Zw[lFq!AZaHdOPG6-dIuzG[e@%]8+9ng8_ytD4.[PYtUR-d8WP[=+EL+1OSn81D6,P^?$@lo*+'^,ENqW6G3iS(9_(C-rGo0QqSKY9ZJVk%@5*n^V-1r%Gh%@&P!ZVt?1D{$s]_FO'OXft_7MjA9o[)^wmaHEH2Y]8C*W[d@g,InfZq=QOuVN2Hc4Qu?2.16NiMk5BtY)Pr?'aa9+o&]x?fF50^@SV,iLc@?1NlDRZD]mPuqOdb3z0A9nOM3DNwRap'2K5v`u{-9@b'KN&crMZ8RS_h@l4y8T30cEb[e(@`%O]9Vijx@X9egdA0{s`x!5=hYt4I?bXAd3_?PwKw=KLXB[Xr=7Tk@&xP9mc&'hqx1hmIAux2xahHd61q8lU7ew,g(Lay?VXB]2dVT-lT$87FAXaifsem'6,r.2A3+R`@@2`n9+2GHk3=a`k].=7g(X*z?VXB]2d7a`k].=7g(X*z?VXB]2dplbwio7--=ADHS[HQExW5.XZr6=Hm@&$h62ZZNqfFOX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\Features]
"S867460"=".k,l*dg=F@GD!7@}@nt)56Zw[lFq!AZaHdOPG6-dIuzG[e@%]8+9ng8_ytD42Y]8C*W[d@g,InfZq=QOuVN2Hc4Qu?2.16NiMk5BtY)Pr?'aa9+o&]x?fF50uqOdb3z0A9nOM3DNwRap'2K5v`u{-9@b'KN&crMZplbwio7--=ADHS[HQExWFOXO*vD*g(HTy?VXB]2dMBBT)BQ7TAKZMfN3g~`51HFrU9s9S=hGXO0.G~dt[e5O`,~qf8RL.&vSDHT-Wki6qLc=g(Y-z?VXB]2dotUSR7sJI9XWUTUpv$ej!3I{C3E^C@GO,$S*qc9N7vyHny@2~=]zjl1rxQ@KGBhJ=QM?g(Z1z?VXB]2dHtk1,n)KW?AJfU?mRf+{mVx,Ad,u&9&zFxw5JL.F]12Vza)%[={6d9dy&hP*`7%mj@1AW?l+pA*w?($%r8G1O=1KZ8'-}KeN$uPn=][)FS`tD=D7wT&K72`1ViHUx7Z%.@mXV8@`W!I9lB,J[3,aLAz3av9?OnlL^31vD@]Uf?]XH+4mAK8dvi%In?=RF?ANWwyY6unlM.k3a.NX*Al$G-'ho!o)OPr'qT'6U@y6xqU6oQucbxeg9hL-C?e]RwuShlu=HgVH13*D4=(W~'P?(s2v@IM,Wr2Wa@-nALq*H~JMe64H(FT9aAe*?nR&Hqu&00}qZ=`RaAFZQ{?{DArt,.idGaf+a@p?-Q++qW2k2-1uFP6,,9}RZKY3'J(%IvR7u6?dq8g4^Yd4V1J6$v^BT?)o-=UTn*mAe$WCxY=TG9CqU@W)~p?RO_w[&n!BoCXqG=-dnT!D_K^FC)z]OrW%R=wF2GW{Mgf2lWHd$@tF]9]5,Sm%4[C+hWlcu7oG*9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neworleanskidsrock.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trojanskiller.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\neworleanskidsrock.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trojanskiller.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\106]
"Name"="Britské panenské ostrovy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\108]
"Name"="Kajmanské ostrovy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\110]
"Name"="Dominikánská republika"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\123]
"Name"="Panenské ostrovy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\299]
"Name"="Grónsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\358]
"Name"="Finsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\372]
"Name"="Estonsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\386]
"Name"="Slovinsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\40]
"Name"="Rumunsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\421]
"Name"="Slovensko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\423]
"Name"="Lichtenštejnsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\45]
"Name"="Dánsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\81]
"Name"="Japonsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Country List\962]
"Name"="Jordánsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer\DsDriver]
"printMediaSupported"="Letter Letter Small Tabloid Ledger Legal Statement Executive A3 A4 A4 Small A5 B4 (JIS) B5 (JIS) Folio Quarto 10x14 11x17 Poznámka Obálka č. 9 Obálka č. 10 Obálka č. 11 Obálka č. 12 Obálka č. 14 List formátu C List formátu D List formátu E Obálka DL Obálka C5 Obálka C3 Obálka C4 Obálka C6 Obálka C65 Obálka B4 Obálka B5 Obálka B6 Obálka Obálka Monarch Obálka 6 3/4 Americký standardní skládaný Německý standardní skládaný Německý Legal skládaný B4 (ISO) Japonská pohlednice 9x11 10x11 15x11 Obálka Invite Letter Extra Legal Extra A4 Extra Letter na šířku A4 na šířku Letter Extra na šířku Super A Super B Letter Plus A4 plus A5 na šířku B5 (JIS) na šířku A3 Extra A5 Extra B5 (ISO) Extra A2 A3 na šířku A3 Extra na šířku Japonská dvojitá pohlednice A6 Japonská obálka Kaku č. 2 Japonská obálka Kaku č. 3 Japonská obálka Chou č. 3 Japonská obálka Chou č. 4 Letter otočený A3 otoče
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Odeslat do aplikace OneNote 2007\DsDriver]
"printMediaSupported"="Letter Tabloid Legal A3 A4 A5 B4 (JIS) B5 (JIS) Japonská pohlednice Vlastní velikost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]
"Display_UnInstall_5"="(GMT+02:00) Atény, Bejrút, Istanbul, Minsk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\FLE Standard Time]
"Dlt"="Finsko (letní čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\FLE Standard Time]
"Std"="Finsko (běžný čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time]
"Display"="(GMT-03:00) Grónsko"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time]
"Dlt"="Grónsko (letní čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time]
"Std"="Grónsko (běžný čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Jordan Standard Time]
"Std"="Jordánsko (běžný čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Jordan Standard Time]
"Dlt"="Jordánsko (letní čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Kaliningrad Standard Time]
"Display"="(GMT+03:00) Kaliningrad, Minsk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Romance Standard Time]
"Dlt"="Románské země (letní čas)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Romance Standard Time]
"Std"="Románské země (běžný čas)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000406]
"Layout Text"="Dánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000040b]
"Layout Text"="Finské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000418]
"Layout Text"="Rumunské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000041b]
"Layout Text"="Slovenské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000041c]
"Layout Text"="Albánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000422]
"Layout Text"="Ukrajinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000424]
"Layout Text"="Slovinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\00000425]
"Layout Text"="Estonské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0000080a]
"Layout Text"="Latinskoamerické"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\0001041b]
"Layout Text"="Slovenské (QWERTY)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver]
"printMediaSupported"="Letter Letter Small Tabloid Ledger Legal Statement Executive A3 A4 A4 Small A5 B4 (JIS) B5 (JIS) Folio Quarto 10x14 11x17 Poznámka Obálka č. 9 Obálka č. 10 Obálka č. 11 Obálka č. 12 Obálka č. 14 List formátu C List formátu D List formátu E Obálka DL Obálka C5 Obálka C3 Obálka C4 Obálka C6 Obálka C65 Obálka B4 Obálka B5 Obálka B6 Obálka Obálka Monarch Obálka 6 3/4 Americký standardní skládaný Německý standardní skládaný Německý Legal skládaný B4 (ISO) Japonská pohlednice 9x11 10x11 15x11 Obálka Invite Letter Extra Legal Extra A4 Extra Letter na šířku A4 na šířku Letter Extra na šířku Super A Super B Letter Plus A4 plus A5 na šířku B5 (JIS) na šířku A3 Extra A5 Extra B5 (ISO) Extra A2 A3 na šířku A3 Extra na šířku Japonská dvojitá pohlednice A6 Japonská obálka Kaku č. 2 Japonská obálka Kaku č. 3 Japonská obálka Chou č. 3 Japonská obálka Chou č. 4 Letter otočený A3 otočený A4 otočený A5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Printers\Odeslat do aplikace OneNote 2007\DsDriver]
"printMediaSupported"="Letter Tabloid Legal A3 A4 A5 B4 (JIS) B5 (JIS) Japonská pohlednice Vlastní velikost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000406]
"Layout Text"="Dánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\0000040b]
"Layout Text"="Finské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000418]
"Layout Text"="Rumunské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\0000041b]
"Layout Text"="Slovenské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\0000041c]
"Layout Text"="Albánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000422]
"Layout Text"="Ukrajinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000424]
"Layout Text"="Slovinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000425]
"Layout Text"="Estonské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\0000080a]
"Layout Text"="Latinskoamerické"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Keyboard Layouts\0001041b]
"Layout Text"="Slovenské (QWERTY)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\00000406]
"Layout Text"="Dánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\0000040b]
"Layout Text"="Finské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\00000418]
"Layout Text"="Rumunské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\0000041b]
"Layout Text"="Slovenské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\0000041c]
"Layout Text"="Albánské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\00000422]
"Layout Text"="Ukrajinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\00000424]
"Layout Text"="Slovinské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\00000425]
"Layout Text"="Estonské"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\0000080a]
"Layout Text"="Latinskoamerické"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Keyboard Layouts\0001041b]
"Layout Text"="Slovenské (QWERTY)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000406]
"Layout Text"="Dánské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040b]
"Layout Text"="Finské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000418]
"Layout Text"="Rumunské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041b]
"Layout Text"="Slovenské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041c]
"Layout Text"="Albánské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000422]
"Layout Text"="Ukrajinské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000424]
"Layout Text"="Slovinské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000425]
"Layout Text"="Estonské"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000080a]
"Layout Text"="Latinskoamerické"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001041b]
"Layout Text"="Slovenské (QWERTY)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver]
"printMediaSupported"="Letter Letter Small Tabloid Ledger Legal Statement Executive A3 A4 A4 Small A5 B4 (JIS) B5 (JIS) Folio Quarto 10x14 11x17 Poznámka Obálka č. 9 Obálka č. 10 Obálka č. 11 Obálka č. 12 Obálka č. 14 List formátu C List formátu D List formátu E Obálka DL Obálka C5 Obálka C3 Obálka C4 Obálka C6 Obálka C65 Obálka B4 Obálka B5 Obálka B6 Obálka Obálka Monarch Obálka 6 3/4 Americký standardní skládaný Německý standardní skládaný Německý Legal skládaný B4 (ISO) Japonská pohlednice 9x11 10x11 15x11 Obálka Invite Letter Extra Legal Extra A4 Extra Letter na šířku A4 na šířku Letter Extra na šířku Super A Super B Letter Plus A4 plus A5 na šířku B5 (JIS) na šířku A3 Extra A5 Extra B5 (ISO) Extra A2 A3 na šířku A3 Extra na šířku Japonská dvojitá pohlednice A6 Japonská obálka Kaku č. 2 Japonská obálka Kaku č. 3 Japonská obálka Chou č. 3 Japonská obálka Chou č. 4 Letter otočený A3 otočený A4 otočen
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Odeslat do aplikace OneNote 2007\DsDriver]
"printMediaSupported"="Letter Tabloid Legal A3 A4 A5 B4 (JIS) B5 (JIS) Japonská pohlednice Vlastní velikost"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neworleanskidsrock.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trojanskiller.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\neworleanskidsrock.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trojanskiller.com]
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neworleanskidsrock.net]
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trojanskiller.com]
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\neworleanskidsrock.net]
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trojanskiller.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neworleanskidsrock.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trojanskiller.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\neworleanskidsrock.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trojanskiller.com]

Searching for "Ardamax Keylogger Lite"
No data found.

Searching for "akl.exe"
No data found.

========== dir ==========

C:\Program Files\Ardamax Keylogger - Unable to find folder.

C:\Program Files\NSK - Unable to find folder.

-= EOF =-

[cernohous13]

Tak jen dva neškodné záznamy v registrech - opravíme
Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-1214440339-1715567821-839522115-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

Co našel MBAM?
Jinak myslím, že můžeš být v klidu

[plesoun111]

Registry opraveny, MBAM píše toto
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
admin :: HOME-PC [administrátor]

12.5.2012 16:30:52
mbam-log-2012-05-12 (17-14-13).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 181543
Uplynulý čas: 7 minut, 41 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\admin\Data aplikací\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Žádná instrukce nebyla provedena.

(konec)

[cernohous13]

Bez obav nech odstranit - určitě ti nebudou chybět

[plesoun111]

Dobře, děkuji moc za vaši pomoc... A ten Keylogger, byl tam teda vůbec nainstalován ?

[cernohous13]

To už se zpětně nedozvíme, po tvém smazání tam zůstaly jen zápisy v registru - nebezpečné soubory už tam nejsou.
V mém podpisu je odkaz na AVPTool - můžeš ještě proscanovat současný stav - historii už není čím otestovat