VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Detekovan Tracking software a nejaka dalsi havet

https://forum.viry.cz:443/viewtopic.php?t=98442

Stránka 1 z 1

Detekovan Tracking software a nejaka dalsi havet

Napsal: 03 bře 2010 18:09
od anynyny
Pritel si nedaval a pozor a tady je vysledek. Moc ocenime pokud pomuzete;)

Log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by userr at 2010-03-03 17:01:58
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 66 GB (55%) free of 119 GB
Total RAM: 3061 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Driver Fetch.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\User_Feed_Synchronization-{A9E6181E-9B86-4713-92C5-F9A5C595201E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll [2009-05-04 398776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-19 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-19 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{B7D3E479-CC68-42B5-A338-938ECE35F419} - iMesh MediaBar - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll [2009-05-04 529840]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-19 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-05 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-05 129560]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-21 30192]
"Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-07-09 65240]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-09-18 122368]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-11 198160]
"Athan"=C:\Program Files\Athan\Athan.exe [2009-08-23 1114112]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
"Sony Ericsson PC Suite"=D:\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-17 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\google\google~3\goec62~1.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b47af6-761f-11de-8501-806e6f6e6963}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b47b33-761f-11de-8501-001e3352a85a}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b47b82-761f-11de-8501-001e3352a85a}]
shell\AutoRun\command - I:\gi2ky.exe
shell\open\command - I:\gi2ky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ae80343-79e1-11de-80e9-001e3352a85a}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ae80345-79e1-11de-80e9-001e3352a85a}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f1feb36-26e3-11df-963c-001f3c89014d}]
shell\AutoRun\command - F:\Autorun.exe /run
shell\Shell00\command - F:\Autorun.exe /run
shell\Shell01\command - F:\Autorun.exe /action
shell\Shell02\command - F:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a72fe6-24a2-11df-913d-001f3c89014d}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e3e2dc5-d9c2-11de-b1c1-001e3352a85a}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9226f078-2285-11df-8a9b-001f3c89014d}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9226f098-2285-11df-8a9b-001f3c89014d}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5bc6b4-72f9-11de-bf5c-806e6f6e6963}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5bc725-72f9-11de-bf5c-001e3352a85a}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d592107c-0f77-11df-ac7b-001e3352a85a}]
shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d592107d-0f77-11df-ac7b-001e3352a85a}]
shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5921090-0f77-11df-ac7b-0280371b0300}]
shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa58c786-d9fe-11de-b294-001e3352a85a}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.exe - open - "C:\Users\userr\AppData\Local\av.exe" /START "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-03 17:01:58 ----D---- C:\rsit
2010-03-03 17:01:58 ----D---- C:\Program Files\trend micro
2010-02-28 19:46:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-28 19:46:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-28 03:01:01 ----A---- C:\Windows\system32\browserchoice.exe
2010-02-27 10:52:02 ----AD---- C:\ProgramData\TEMP
2010-02-26 23:33:34 ----D---- C:\ProgramData\Sun
2010-02-26 23:32:48 ----A---- C:\Windows\system32\javaws.exe
2010-02-26 23:32:48 ----A---- C:\Windows\system32\javaw.exe
2010-02-26 23:32:48 ----A---- C:\Windows\system32\java.exe
2010-02-26 23:15:51 ----D---- C:\Program Files\Vista CMD Prompt Here
2010-02-26 22:38:49 ----D---- C:\FPC
2010-02-26 22:18:34 ----D---- C:\MinGW
2010-02-26 21:38:56 ----D---- C:\Users\userr\AppData\Roaming\Birdstep Technology
2010-02-26 21:36:15 ----D---- C:\Program Files\Huawei Modems
2010-02-26 21:36:15 ----A---- C:\Windows\Huawei ModemsUninstall.exe
2010-02-26 21:35:53 ----D---- C:\Program Files\3 Mobile Broadband
2010-02-25 21:48:46 ----A---- C:\Windows\system32\jscript.dll
2010-02-25 21:48:39 ----A---- C:\Windows\system32\tzres.dll
2010-02-25 21:48:05 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-25 21:48:04 ----A---- C:\Windows\system32\secproc.dll
2010-02-25 21:48:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-25 21:48:00 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-25 21:48:00 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-25 21:47:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-25 21:47:59 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-25 21:47:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-25 21:47:58 ----A---- C:\Windows\system32\msdrm.dll
2010-02-25 21:47:56 ----A---- C:\Windows\system32\gameux.dll
2010-02-25 21:47:54 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-25 21:47:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-19 22:10:38 ----D---- C:\Users\userr\AppData\Roaming\ActiveState
2010-02-19 22:09:11 ----D---- C:\Program Files\ActiveState Komodo Edit 5
2010-02-19 18:05:00 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-19 18:05:00 ----A---- C:\Windows\system32\quartz.dll
2010-02-19 18:05:00 ----A---- C:\Windows\system32\msyuv.dll
2010-02-19 18:05:00 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-19 18:04:59 ----A---- C:\Windows\system32\msrle32.dll
2010-02-19 18:04:59 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-19 18:04:59 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-19 18:04:58 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-19 18:04:58 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-03 17:01:58 ----RD---- C:\Program Files
2010-03-03 17:01:58 ----D---- C:\Windows\Prefetch
2010-03-03 16:57:31 ----AD---- C:\Windows\System32
2010-03-03 16:57:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-03 16:57:30 ----D---- C:\Windows\inf
2010-03-03 16:56:27 ----D---- C:\Windows\Temp
2010-03-03 16:54:59 ----D---- C:\Users\userr\AppData\Roaming\Skype
2010-03-03 16:42:03 ----D---- C:\Windows\Tasks
2010-03-03 16:41:59 ----D---- C:\ProgramData\Google Updater
2010-03-03 13:52:47 ----SHD---- C:\System Volume Information
2010-03-01 00:33:32 ----D---- C:\Windows\winsxs
2010-02-28 19:43:05 ----D---- C:\Windows\system32\Tasks
2010-02-28 03:01:10 ----D---- C:\Windows\system32\catroot
2010-02-28 03:00:59 ----SHD---- C:\Windows\Installer
2010-02-27 15:37:41 ----D---- C:\Program Files\Common Files
2010-02-27 11:09:47 ----HD---- C:\ProgramData
2010-02-27 11:09:46 ----D---- C:\Windows\system32\drivers
2010-02-27 11:09:43 ----D---- C:\Windows
2010-02-27 11:09:16 ----D---- C:\Program Files\Mozilla Firefox
2010-02-27 10:36:10 ----D---- C:\Windows\system32\catroot2
2010-02-27 10:34:50 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2010-02-26 23:33:32 ----D---- C:\Program Files\Common Files\Java
2010-02-26 23:32:45 ----D---- C:\Program Files\Java
2010-02-26 21:35:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 03:35:33 ----D---- C:\Windows\rescache
2010-02-26 03:17:42 ----RSD---- C:\Windows\Fonts
2010-02-26 03:17:42 ----D---- C:\Windows\system32\en-US
2010-02-26 03:17:42 ----D---- C:\Windows\AppPatch
2010-02-20 12:05:09 ----D---- C:\Program Files\Windows Mail
2010-02-20 01:34:11 ----D---- C:\ProgramData\Microsoft Help
2010-02-19 15:51:02 ----D---- C:\Program Files\Google
2010-02-11 14:14:47 ----D---- C:\Program Files\AVS4YOU
2010-02-11 14:14:18 ----D---- C:\Program Files\Common Files\AVSMedia
2010-02-11 14:12:51 ----D---- C:\ProgramData\Birdstep Technology
2010-02-11 14:10:37 ----D---- C:\Program Files\iMesh Applications
2010-02-11 14:07:27 ----D---- C:\Program Files\Internet Explorer
2010-02-11 14:06:09 ----D---- C:\Program Files\Toshiba
2010-02-11 14:02:23 ----D---- C:\Program Files\Yahoo!
2010-02-11 14:00:35 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-06 140800]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s1317bus;Sony Ericsson Device 1317 driver (WDM); C:\Windows\system32\DRIVERS\s1317bus.sys [2007-11-01 83840]
S3 s1317mdfl;Sony Ericsson Device 1317 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1317mdfl.sys [2007-11-01 14976]
S3 s1317mdm;Sony Ericsson Device 1317 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1317mdm.sys [2007-11-01 110592]
S3 s1317mgmt;Sony Ericsson Device 1317 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1317mgmt.sys [2007-11-01 104448]
S3 s1317nd5;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (NDIS); C:\Windows\system32\DRIVERS\s1317nd5.sys [2007-11-01 25472]
S3 s1317obex;Sony Ericsson Device 1317 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1317obex.sys [2007-11-01 100608]
S3 s1317unic;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (WDM); C:\Windows\system32\DRIVERS\s1317unic.sys [2007-11-01 109952]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-07-09 26104]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2009-07-09 1139536]
S2 gupdate1c9b7673fb7a808;Google Update Service (gupdate1c9b7673fb7a808); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 183280]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-21 30192]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 03 bře 2010 18:24
od Caroprd111
Zdravím :)

Na logu se pracuje, prosím o strpení.

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 03 bře 2010 18:26
od Caroprd111
Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek Vložte do PC všechny flash disky, které používáte.

Obrázek Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:

Obrázek Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek Během skenování může být počítač restartován.

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 03 bře 2010 18:33
od anynyny
Dekuji... na logu se pracuje... ale asi mi to chvili potrva... mam ted schuzku. Zatim moc dik.

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 03 bře 2010 18:34
od Caroprd111
Nevadí, já počkám. :)

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 01:24
od anynyny
Pri prvnim behu Combofixu pocitac spadl (modra smrt) tesne po hlasce, ze se generuje log. Log je jen casteny - info o systemu a prvni hlasce o firewallech. Co si pamatuju, tak urcite v okne bylo hlaseni o tom, ze nejake soubory maze, co presne netusim.

Dalsi pokus se uz povedl cely. Tady je log:

ComboFix 10-03-03.03 - userr 03/03/2010 23:58:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3061.1804 [GMT 0:00]
Running from: c:\users\userr\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\userr\AppData\Local\Temp\ppcrlui_5760_2
.
---- Previous Run -------
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\userr\AppData\Local\av.exe
c:\users\userr\AppData\Local\Microsoft\Windows\Temporary Internet Files\7b505M4X.jpg
c:\users\userr\AppData\Local\Microsoft\Windows\Temporary Internet Files\84xXYK.jpg
c:\users\userr\AppData\Local\Microsoft\Windows\Temporary Internet Files\l7yxa67.jpg
c:\users\userr\AppData\Local\Microsoft\Windows\Temporary Internet Files\x8jXbJ.jpg
c:\users\userr\AppData\Local\Temp\ppcrlui_2428_2
c:\users\userr\FAVORI~1\AthanBasic1.exe
c:\users\userr\Favorites\AthanBasic1.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\NTSVc.ocx
c:\windows\t55ft3223f44.dat

.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 00:16 . 2010-03-04 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-03 17:01 . 2010-03-03 17:02 -------- d-----w- C:\rsit
2010-03-03 17:01 . 2010-03-03 17:01 -------- d-----w- c:\program files\trend micro
2010-02-28 19:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-28 19:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-28 03:01 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-26 23:15 . 2010-02-26 23:15 -------- d-----w- c:\program files\Vista CMD Prompt Here
2010-02-26 22:38 . 2010-02-26 22:38 -------- d-----w- C:\FPC
2010-02-26 22:18 . 2010-02-26 22:32 -------- d-----w- C:\MinGW
2010-02-26 21:38 . 2010-02-26 21:38 -------- d-----w- c:\users\userr\AppData\Roaming\Birdstep Technology
2010-02-26 21:36 . 2009-02-17 19:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-02-26 21:36 . 2008-12-30 10:57 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-02-26 21:36 . 2008-12-13 10:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-02-26 21:36 . 2008-04-14 08:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-02-26 21:36 . 2007-08-09 03:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-02-26 21:36 . 2010-02-26 21:36 -------- d-----w- c:\program files\Huawei Modems
2010-02-26 21:36 . 2010-02-26 21:36 70667 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-02-26 21:35 . 2010-02-26 21:35 -------- d-----w- c:\program files\3 Mobile Broadband
2010-02-25 21:48 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-25 21:48 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-25 21:48 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-25 21:48 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-25 21:48 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 21:48 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 21:47 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 21:47 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-25 21:47 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-25 21:47 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-25 21:47 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-25 21:47 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-25 21:47 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-19 22:10 . 2010-02-19 22:10 -------- d-----w- c:\users\userr\AppData\Roaming\ActiveState
2010-02-19 22:09 . 2010-02-19 22:09 -------- d-----w- c:\program files\ActiveState Komodo Edit 5
2010-02-19 20:02 . 2010-02-19 20:02 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBB3D.tmp.exe
2010-02-19 18:05 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-19 18:05 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-19 18:05 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-19 18:05 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-19 18:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-19 18:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-19 18:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-19 18:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-19 18:04 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-19 18:04 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-19 18:04 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-19 18:04 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-19 18:04 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-19 18:04 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-19 18:04 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 23:50 . 2009-03-16 22:50 -------- d-----w- c:\users\userr\AppData\Roaming\Skype
2010-03-03 16:41 . 2009-04-07 09:55 -------- d-----w- c:\programdata\Google Updater
2010-02-27 10:34 . 2009-04-17 11:52 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2010-02-26 23:33 . 2008-04-22 16:30 -------- d-----w- c:\program files\Common Files\Java
2010-02-26 23:32 . 2008-04-22 16:30 -------- d-----w- c:\program files\Java
2010-02-26 21:35 . 2008-04-22 16:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 03:21 . 2009-03-16 13:56 114968 ----a-w- c:\users\userr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 12:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-20 01:34 . 2008-04-23 06:35 -------- d-----w- c:\programdata\Microsoft Help
2010-02-19 15:51 . 2008-04-22 17:13 -------- d-----w- c:\program files\Google
2010-02-11 14:14 . 2009-07-19 22:53 -------- d-----w- c:\program files\AVS4YOU
2010-02-11 14:14 . 2009-07-19 22:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-11 14:12 . 2009-07-17 17:51 -------- d-----w- c:\programdata\Birdstep Technology
2010-02-11 14:10 . 2009-05-30 15:45 -------- d-----w- c:\program files\iMesh Applications
2010-02-11 14:06 . 2008-04-22 16:48 -------- d-----w- c:\program files\Toshiba
2010-02-11 14:02 . 2009-03-16 22:26 -------- d-----w- c:\program files\Yahoo!
2010-01-27 01:19 . 2009-03-16 21:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-06 15:38 . 2010-02-25 21:47 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-25 21:47 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-25 21:47 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-25 21:47 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-01-26 10:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-26 10:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-26 10:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-26 10:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 17:14 . 2009-03-23 10:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 21:32 . 2009-04-15 15:49 680 ----a-w- c:\users\userr\AppData\Local\d3d9caps.dat
2009-12-15 13:23 . 2009-10-01 10:00 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-15 13:23 . 2009-03-16 22:15 38784 ----a-w- c:\users\userr\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-05 16:51 . 2009-12-05 16:51 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb74A0.tmp.exe
2009-12-05 16:51 . 2009-12-05 16:51 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb72AB.tmp.exe
2009-12-04 17:31 . 2009-12-04 17:31 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDFD5.tmp.exe
2009-11-21 18:16 . 2009-11-21 18:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Sony Ericsson PC Suite"="d:\sony ericsson pc suite\SEPCSuite.exe" [2008-07-02 393216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-21 30192]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-18 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-11 198160]
"Athan"="c:\program files\Athan\Athan.exe" [2009-08-23 1114112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-5-1 261632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):89,18,f7,42,b4,1a,ca,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 12:07 40960]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [09/07/2009 11:15 26104]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [22/04/2008 16:57 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14:40 3668480]
S2 gupdate1c9b7673fb7a808;Google Update Service (gupdate1c9b7673fb7a808);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 09:57 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/10/2009 21:57 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/04/2008 17:14 30192]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\System32\drivers\ewusbfake.sys [26/02/2010 21:36 103040]
S3 s1317bus;Sony Ericsson Device 1317 driver (WDM);c:\windows\System32\drivers\s1317bus.sys [17/03/2009 12:42 83840]
S3 s1317mdfl;Sony Ericsson Device 1317 USB WMC Modem Filter;c:\windows\System32\drivers\s1317mdfl.sys [17/03/2009 12:42 14976]
S3 s1317mdm;Sony Ericsson Device 1317 USB WMC Modem Driver;c:\windows\System32\drivers\s1317mdm.sys [17/03/2009 12:42 110592]
S3 s1317mgmt;Sony Ericsson Device 1317 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1317mgmt.sys [17/03/2009 12:42 104448]
S3 s1317nd5;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (NDIS);c:\windows\System32\drivers\s1317nd5.sys [17/03/2009 12:42 25472]
S3 s1317obex;Sony Ericsson Device 1317 USB WMC OBEX Interface;c:\windows\System32\drivers\s1317obex.sys [17/03/2009 12:42 100608]
S3 s1317unic;Sony Ericsson Device 1317 USB Ethernet Emulation SEMC1317 (WDM);c:\windows\System32\drivers\s1317unic.sys [17/03/2009 12:42 109952]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [17/03/2009 12:42 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [17/03/2009 12:42 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [17/03/2009 12:42 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [17/03/2009 12:42 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [17/03/2009 12:42 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [17/03/2009 12:42 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [17/03/2009 12:42 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 09:55]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 09:57]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 09:57]

2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{A9E6181E-9B86-4713-92C5-F9A5C595201E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-26 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home
FF - ProfilePath - c:\users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\tbzulv91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://uk.ask.com?o=15557&l=dis
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
AddRemove-GDC - c:\mingw\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 00:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-04 00:23:03
ComboFix-quarantined-files.txt 2010-03-04 00:22

Pre-Run: 68,563,902,464 bytes free
Post-Run: 68,549,013,504 bytes free

- - End Of File - - 06AAB11C7D9672AF1682B2C68906D008

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 06:26
od Caroprd111
Obrázek Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek Stáhněte SPTD http://www.duplexsecure.com/en/downloads
  • Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
  • zvolte možnost Uninstall a restartujte PC.


Obrázek Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek Start > Spustit (Win + R)
  • Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
  • Klikněte na OK
  • Vytvoří se log s názvem mbr.log, vložte ho sem.

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 12:25
od anynyny
- emulatory virtualnich mechanik jsem nenasla zadne. Prehledla jsem nejakou? (Tech utilit je tam dost... je to mozny)


- SPTD tvrdi, ze tam zadna verze neni, a Uninstall tlacitko zustava disabled


- pri spusteni prikazu (dovolila jsem si plochu zamenit za desktop;)) - se vytvorilo toto:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 12:27
od Caroprd111
Jak se chová PC :???:

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 12:30
od anynyny
PC je celkem ok, akorat antivirus blazni a v jenom kuse hlasi napadeni systemu. Kvuli tem logum jsem dost ochrany povypinala, ale muzu zapnout a nahlasit, co presne se mu nelibi.

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 12:52
od anynyny
Tak tentokrat po restartu s tim blaznenim konecne prestal. Pomuze jeste jeden log z RSITu nebo nejaky jiny scan? Tomuhle vsemu nerozumim, takze se budu drzet rad na foru:)

Re: Detekovan Tracking software a nejaka dalsi havet

Napsal: 04 bře 2010 13:47
od Caroprd111
Dejte nový log z RSIT.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz