špionážní program

[dispinka]

Ahoj, mám dotaz. Kámoška měla přítele IT. A rozešli se. A on jí na férovku leze přes nějaký program, který jí nainstaloval do PC a vidí všechny její aktivity a ověřilo se to důkazy. Chtěla bych se zeptat, jestli by jste se jí na to nemohli mrknout? Díky Simča

[stell]

zdravim
Jasne ,,potrebujem aby sem vlozila log z RSIT-navod v podpise,

[JaRon]

ahoj,
mohli
vloz log RSIT

[dispinka]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrea at 2009-08-20 10:30:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 140 GB (92%) free of 153 GB
Total RAM: 446 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:40, on 20.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\QIP Infium JadrisPack\infium.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrea\Dokumenty\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andrea.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [POL Agent] C:\Program Files\POL\POL.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4819927593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8704 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-17 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-26 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-17 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-17 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=c:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-11-10 557056]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-01-20 761946]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2009-06-12 98304]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-07-28 57344]
"LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2005-03-16 204800]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-07-25 81920]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"POL Agent"=C:\Program Files\POL\POL.exe [2008-08-02 665088]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"VX1000"=C:\WINDOWS\vVX1000.exe [2006-10-13 707376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-05-26 24264488]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-17 39408]

C:\Documents and Settings\Andrea\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Disabled:WinDVD"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-20 10:30:33 ----D---- C:\rsit
2009-08-20 10:24:40 ----D---- C:\Program Files\Trend Micro
2009-08-19 11:42:40 ----D---- C:\Program Files\CCleaner
2009-08-14 08:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 08:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 08:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 08:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 08:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 08:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 08:46:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 08:46:15 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-14 08:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 08:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-11 12:46:53 ----D---- C:\Program Files\ESET
2009-08-11 12:46:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-08-06 14:20:41 ----A---- C:\WINDOWS\WateryDesktop_xp.dll
2009-08-06 14:20:41 ----A---- C:\WINDOWS\WateryDesktop_vista.dll
2009-08-06 14:20:40 ----D---- C:\Program Files\PUSH Entertainment
2009-08-06 14:14:21 ----D---- C:\Program Files\3D Fish School 3
2009-08-06 11:52:24 ----D---- C:\Documents and Settings\Andrea\Data aplikací\X-Chat 2
2009-08-06 11:52:18 ----D---- C:\Program Files\xchat
2009-08-06 10:39:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-06 10:39:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-06 10:39:04 ----A---- C:\WINDOWS\system32\java.exe
2009-08-05 18:48:32 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-08-05 18:41:55 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-08-05 18:41:55 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-08-05 18:39:48 ----D---- C:\WINDOWS\BricoPacks
2009-08-05 18:37:12 ----D---- C:\Program Files\RocketDock
2009-08-04 19:39:16 ----D---- C:\Documents and Settings\Andrea\Data aplikací\BearShare
2009-08-04 19:39:09 ----D---- C:\Program Files\BearShare Applications
2009-07-30 20:29:59 ----D---- C:\WINDOWS\Sun
2009-07-30 20:29:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-30 20:28:16 ----D---- C:\Program Files\Java
2009-07-30 20:25:50 ----D---- C:\Documents and Settings\Andrea\Data aplikací\Sun
2009-07-25 16:02:20 ----D---- C:\Program Files\Microsoft LifeCam
2009-07-25 16:01:11 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-25 16:01:11 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-25 16:01:06 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-25 16:01:04 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-25 16:01:04 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-07-25 16:01:03 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-25 16:01:03 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-25 16:01:02 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-25 16:01:00 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-25 13:33:04 ----SHD---- C:\Program Files\POL

======List of files/folders modified in the last 1 months======

2009-08-20 10:30:42 ----D---- C:\WINDOWS\Temp
2009-08-20 10:30:39 ----D---- C:\WINDOWS\Prefetch
2009-08-20 10:24:40 ----RD---- C:\Program Files
2009-08-19 17:55:26 ----D---- C:\WINDOWS
2009-08-19 13:25:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-19 11:47:56 ----D---- C:\WINDOWS\Debug
2009-08-19 08:34:57 ----D---- C:\Documents and Settings\Andrea\Data aplikací\Skype
2009-08-14 10:38:46 ----D---- C:\WINDOWS\system32
2009-08-14 08:48:11 ----HD---- C:\WINDOWS\inf
2009-08-14 08:48:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-14 08:47:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 08:46:47 ----D---- C:\Program Files\Outlook Express
2009-08-11 12:49:14 ----SHD---- C:\WINDOWS\Installer
2009-08-11 12:48:40 ----D---- C:\WINDOWS\system32\drivers
2009-08-11 12:48:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-11 00:12:19 ----A---- C:\WINDOWS\win.ini
2009-08-05 18:50:19 ----D---- C:\Program Files\Movie Maker
2009-08-05 18:50:17 ----D---- C:\WINDOWS\system32\usmt
2009-08-05 18:48:31 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-05 18:47:14 ----D---- C:\WINDOWS\Cursors
2009-08-05 18:46:53 ----D---- C:\WINDOWS\Media
2009-08-05 18:46:47 ----RSD---- C:\WINDOWS\Fonts
2009-08-05 11:01:14 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-30 13:56:27 ----D---- C:\Program Files\Internet Explorer
2009-07-30 13:54:57 ----D---- C:\WINDOWS\ie8updates
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-25 16:03:36 ----D---- C:\WINDOWS\security
2009-07-25 16:03:35 ----D---- C:\WINDOWS\twain_32
2009-07-25 16:02:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-07-25 16:02:14 ----D---- C:\WINDOWS\pchealth
2009-07-25 16:01:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-25 16:01:46 ----RSD---- C:\WINDOWS\assembly
2009-07-25 16:01:45 ----D---- C:\WINDOWS\WinSxS
2009-07-25 16:01:13 ----D---- C:\WINDOWS\system32\DirectX
2009-07-25 16:01:07 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-09-15 468768]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-11-10 854404]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-01-20 191936]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC7302;iSlim 310; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-10-29 458112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 1966000]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-17 182768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[JaRon]

O4 - HKLM\..\Run: [POL Agent] C:\Program Files\POL\POL.exe
toto FIXni v HJT

doporucujem:
1. pravym tlacikom na tento pocitac - vlastnosti - vzdialeny pristup >> obe policka by mali byt nezaskrtnute
2. ovladacie panely - uzivatelske ucty - preheslovat ucty (ucet)
3. zmenit hesla v pouzivanych aplikaciach - ICQ apod.
4. preventicne vloz log z MBAM

+
odinstalovat co najdes ardamax alebo POL
http://www.emsisoft.com/en/malware/?Adw ... logger+3.0

[dispinka]

Ahoj tak nám to našlo Trojana a i POL i ardamax. Daly jsme odstranit vše a chtělo to restart. Máme to pak projet ještě jednou, jestli se to odstranilo vše? díky moc

[JaRon]

ano

[dispinka]

tak už jí to při zopakování nic nenašlo. Takže dá se říct, že je to trvale smazáno? .) Je ještě něco potřeba na POL atd?

[JaRon]

v novom logu RSIT by uz nemal byt tento riadok:
2009-07-25 13:33:04 ----SHD---- C:\Program Files\POL

[dispinka]

Tak log jí prý nešel stáhnout, tak pošlu screeny logu

[dispinka]

nevim jestli se odeslala ta 4ka

[JaRon]

tak toto je pekny gulas
vsak staci pozriet, ci v casti:
======List of files/folders created in the last 1 months======
je riadok ?
2009-07-25 13:33:04 ----SHD---- C:\Program Files\POL

ak nie je tak je to OK

[dispinka]

šílený co:D a to tam měla i trojany:D jdu na to:D

[dispinka]

Neníííí ))

Děkujeme moc, obě dvě.) Za pomoc a trpělivost:) Já vím, že se na toto forum můžu maximálně spolehnout.) Díky díky díky!

[JaRon]

rado sa stalo dievcata
a nabuduce bacha pri vybere partnera - taketo typy mozu byt nebezpecne