VIRY.CZ

Delejte uplnou kontrolu...mrknu na to rano...

úplná kontrola proběhla a našlo to akorát Brutus, na kterej jsem se vubec nepřišel ptát, protože ho neukazuje ani eset. jinak čistej system.
virustotal ale ukazuje trojan v několika souborech, jeden je přiloženej v předchozím příspěvku (nevšim jsem si původně druhé stránky)

ESET narozdíl od Malwarebytes něco našel. Log z esetu:


C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e více infiltrací smazán - uložen do karantény
C:\Users\User\Desktop\WWWhack new\more_names.zip pravděpodobně varianta infiltrace Win32/IRCBot.JSAITPW trojský kůň vyléčen smazáním - uložen do karantény
C:\Users\User\Desktop\WWWhack new\patch.exe Win32/HackTool.WwwHack trojský kůň vyléčen smazáním - uložen do karantény
C:\Users\User\Desktop\WWWhack new\wwwhack.exe Win32/HackTool.WwwHack.A aplikace vyléčen smazáním - uložen do karantény

Asi není nejlepší, že se mi to začlo stěhovat do appdat aplikace chrome, něco není v pořádku.

ESET pouziva i jine technologie (HIPS atd), jak jsem zminil tyto aplikace budou vzdy oznacovany jako malware jelikoz obsahuji zdrojovy kod mu podobny a i chovani maji podobne

vycistete cache chromu a melo by to byt OK

Děkuji, cache smazána. Jinak ty ostatní nálezy jsou ok? můžu aplikaci využívat?
A můžu se ještě zeptat, jak může mít *.txt zdrojový kod podobný viru? Je v něm normálně text a označuje ho to na trojan. Aplikace je nejspíš funkční i bez něj, mám ho smazat?

Dobrý den, prosím o kontrolu následujících logů.. Stáhl jsem soubory programu WWWhack, které byly včera (nejspíše "neoprávněně") smazány esetem, spustil jsem program wwwhack.exe a čekal, jestli se údajný trojan začne rozrůstat.
Provádím sken celého systému pomocí ESETu a Malwarebytes, výsledky uploaduji po dokončení.

Proto pro přehlednost zakládám nový topic s novými logy. Novým topicem myslím tento, který právě čtete

Výsledky skenu programem RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2012-02-20 10:01:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 188 GB (73%) free of 257 GB
Total RAM: 3000 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:28, on 20.2.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;mbank.cz
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9646 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 37196304
\??\C:\Windows\system32\conhost.exe "1177189178-2019344345-2058121551-1363663239-14979665092145192517685177104-1037731600
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\rpcnet.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 2584
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SilentExperimentA/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SyncPromoMsg/MsgC/WarmSocketImpact/warm_socket/ --extension-process --enable-print-preview --channel=236.04E16700.1153903637 /prefetch:3
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SilentExperimentA/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SyncPromoMsg/MsgC/WarmSocketImpact/warm_socket/ --extension-process --enable-print-preview --channel=236.04E168C0.94058685 /prefetch:3
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SilentExperimentA/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SyncPromoMsg/MsgC/WarmSocketImpact/warm_socket/ --extension-process --enable-print-preview --channel=236.04E16A80.354087706 /prefetch:3
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SilentExperimentA/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SyncPromoMsg/MsgC/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=236.072C2000.2095717949 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\User\AppData\Local\Google\Chrome\APPLIC~1\170963~1.56\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll" --lang=cs --channel=236.058AD780.1919571723 --flash-broker=4908 /prefetch:4
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/SilentExperimentA/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderFromOmniboxHeuristic/ExactFullAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/SyncPromoMsg/MsgC/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=236.072C2A80.1563370020 /prefetch:3
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe"
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1029 /as
\??\C:\Windows\system32\conhost.exe "1967807345-581620196815752211-843054129-667357135-1139537800-179699715-465493649
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Users\User\Downloads\Skenery\RSIT x64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe100_ Global\UsGthrCtrlFltPipeMssGthrPipe100 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, firesheep@codebutler.com:0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - "http://www.google.cz/#hl=cs&source=hp&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.2.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default\extensions\
firesheep@codebutler.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-01-14 347424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-14 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-01-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-14 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-02 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-02 387608]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-02 365592]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"zoner"=C:\Users\User\Documents\Osobní\Programy\zoner.bat [2011-11-13 60]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Clownfish"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2011-12-19 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 258560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-19 22:01:43 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2012-02-19 22:01:34 ----D---- C:\ProgramData\Malwarebytes
2012-02-19 22:01:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-19 22:01:32 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-02-19 21:46:35 ----D---- C:\Program Files\trend micro
2012-02-19 21:46:34 ----D---- C:\rsit
2012-02-18 14:53:54 ----D---- C:\Users\User\AppData\Roaming\TeamViewer
2012-02-16 22:44:15 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-16 22:44:15 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-16 22:44:14 ----A---- C:\Windows\system32\iertutil.dll
2012-02-16 22:44:13 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-16 22:44:12 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-16 22:44:12 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-16 22:44:12 ----A---- C:\Windows\system32\url.dll
2012-02-16 22:44:12 ----A---- C:\Windows\system32\jscript9.dll
2012-02-16 22:44:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-02-16 22:44:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-02-16 22:44:11 ----A---- C:\Windows\system32\jscript.dll
2012-02-16 22:44:11 ----A---- C:\Windows\system32\ieui.dll
2012-02-16 22:44:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-16 22:44:10 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 22:44:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-16 22:44:09 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-16 22:44:08 ----A---- C:\Windows\system32\wininet.dll
2012-02-16 22:44:07 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-16 22:44:05 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-16 22:44:03 ----A---- C:\Windows\system32\mshtml.dll
2012-02-16 22:44:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-16 22:44:00 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 10:22:15 ----D---- C:\Program Files (x86)\TeamViewer
2012-02-16 08:11:16 ----A---- C:\Windows\system32\shell32.dll
2012-02-16 08:11:12 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-16 08:11:11 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-16 08:11:11 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-16 08:11:08 ----A---- C:\Windows\system32\win32k.sys
2012-02-16 08:11:06 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-16 08:11:01 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-16 08:11:01 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-14 12:21:11 ----D---- C:\Program Files (x86)\JDownloader
2012-02-14 10:34:02 ----D---- C:\Users\User\AppData\Roaming\tor
2012-02-12 21:12:35 ----D---- C:\Program Files (x86)\PVD15
2012-02-11 11:45:58 ----D---- C:\ProgramData\VS
2012-02-09 23:59:40 ----D---- C:\Users\User\AppData\Roaming\Dropbox
2012-02-09 23:31:47 ----D---- C:\Users\User\AppData\Roaming\TrueCrypt
2012-02-09 23:29:07 ----A---- C:\Windows\system32\drivers\truecrypt.sys
2012-02-09 23:29:03 ----D---- C:\Program Files\TrueCrypt
2012-02-05 20:08:05 ----D---- C:\Program Files (x86)\ESET
2012-02-05 12:21:09 ----D---- C:\Program Files (x86)\Google
2012-02-04 13:09:49 ----D---- C:\Users\User\AppData\Roaming\Wireshark
2012-02-04 12:53:16 ----D---- C:\Program Files (x86)\WinPcap
2012-02-04 12:52:28 ----D---- C:\Program Files\Wireshark
2012-02-01 19:38:45 ----A---- C:\Windows\system32\schannel.dll
2012-02-01 19:38:44 ----A---- C:\Windows\SYSWOW64\webio.dll
2012-02-01 19:38:44 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-02-01 19:38:44 ----A---- C:\Windows\system32\webio.dll
2012-02-01 19:38:44 ----A---- C:\Windows\system32\lsass.exe
2012-02-01 19:38:44 ----A---- C:\Windows\system32\lsasrv.dll
2012-02-01 19:38:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-02-01 19:38:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-02-01 19:38:44 ----A---- C:\Windows\system32\drivers\cng.sys
2012-02-01 19:38:43 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-02-01 19:38:43 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-02-01 19:38:43 ----A---- C:\Windows\system32\sspisrv.dll
2012-02-01 19:38:43 ----A---- C:\Windows\system32\sspicli.dll
2012-02-01 19:38:43 ----A---- C:\Windows\system32\secur32.dll
2012-01-22 21:09:44 ----A---- C:\Windows\UC.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\RAR.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\PKZIP.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\PKUNZIP.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\NOCLOSE.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\LHA.PIF
2012-01-22 21:09:44 ----A---- C:\Windows\ARJ.PIF
2012-01-22 21:09:43 ----D---- C:\Users\User\AppData\Roaming\GHISLER
2012-01-22 21:09:43 ----D---- C:\Program Files\totalcmd
2012-01-22 11:56:00 ----D---- C:\Users\User\AppData\Roaming\Mp3tag
2012-01-22 11:55:12 ----D---- C:\Program Files (x86)\Mp3tag

======List of files/folders modified in the last 1 month======

2012-02-20 10:00:02 ----D---- C:\Windows\Prefetch
2012-02-20 09:35:46 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-02-20 09:28:05 ----D---- C:\Windows\Temp
2012-02-20 08:56:03 ----A---- C:\Windows\system32\rpcnetp.exe
2012-02-20 04:57:26 ----D---- C:\Windows\system32\config
2012-02-19 23:55:21 ----D---- C:\Users\User\AppData\Roaming\Skype
2012-02-19 22:01:34 ----HD---- C:\ProgramData
2012-02-19 22:01:32 ----RD---- C:\Program Files (x86)
2012-02-19 22:01:32 ----D---- C:\Windows\system32\drivers
2012-02-19 21:46:35 ----RD---- C:\Program Files
2012-02-19 20:45:59 ----D---- C:\Windows\inf
2012-02-19 19:46:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-02-19 16:11:00 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2012-02-19 12:32:30 ----D---- C:\Windows
2012-02-19 10:25:58 ----D---- C:\Windows\System32
2012-02-19 10:25:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-19 09:23:52 ----A---- C:\Windows\SYSWOW64\rpcnet.dll
2012-02-19 09:22:14 ----D---- C:\Windows\SysWOW64
2012-02-19 09:20:49 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll
2012-02-19 09:20:20 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe
2012-02-18 16:19:37 ----RSD---- C:\Windows\assembly
2012-02-18 16:19:37 ----D---- C:\Windows\Microsoft.NET
2012-02-18 15:00:26 ----D---- C:\Users\User\AppData\Roaming\.minecraft
2012-02-17 14:50:33 ----D---- C:\Windows\debug
2012-02-17 09:24:30 ----D---- C:\Windows\winsxs
2012-02-17 09:22:11 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-17 09:22:10 ----D---- C:\Windows\SYSWOW64\migration
2012-02-17 09:22:10 ----D---- C:\Program Files\Internet Explorer
2012-02-17 09:22:09 ----D---- C:\Windows\system32\migration
2012-02-16 22:54:43 ----SHD---- C:\Windows\Installer
2012-02-16 22:45:26 ----A---- C:\Windows\system32\MRT.exe
2012-02-16 22:44:40 ----D---- C:\Windows\system32\catroot
2012-02-16 22:44:39 ----D---- C:\Windows\system32\catroot2
2012-02-16 22:43:46 ----SHD---- C:\System Volume Information
2012-02-16 15:49:08 ----D---- C:\Windows\system32\wdi
2012-02-13 20:23:11 ----RD---- C:\Users
2012-02-12 14:39:09 ----A---- C:\Windows\SYSWOW64\Upgrd.exe
2012-02-12 14:39:01 ----N---- C:\Windows\SYSWOW64\rpcnet.exe
2012-02-11 17:53:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-02-05 20:08:10 ----D---- C:\Windows\Downloaded Program Files
2012-02-05 12:21:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-05 12:20:22 ----D---- C:\Program Files (x86)\Common Files
2012-02-03 21:59:49 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2012-02-03 21:59:42 ----D---- C:\ProgramData\Microsoft Help
2012-01-31 13:44:20 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-30 20:21:47 ----D---- C:\Windows\SoftwareDistribution
2012-01-30 20:20:52 ----D---- C:\Program Files (x86)\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-02-09 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-06 1208320]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-12-16 2978296]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn64.sys [2009-04-20 11264]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-07-28 7345632]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 864032]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2012-02-12 58288]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Pro přehlednost jsem založil nový topic, znovu jsem stáhl smazané soubory a provádím nové skeny. Postupně se tam objevují výsledky tak prosím o kontrolu...

Tak přidávám úplnou kontrolu Malwarebytem a ESET ...
Malwarebyte nic nenašlo, eset má pouze své 3 infiltrace jako včera a nic víc. Je rizikové tyto soubory používat? A mám jinak PC čistý? Potřebuju se přihlásit do internetového bankovnictví a chci mít předtím jistotu.

Pokud by byl nebezpečný jeden ze souborů, zkusím ho smazat a ověřím funkčnost programu. Mám nahrát podezřelé soubory na virustotal? Většina antivirů něco hlásí.


Malwarebytes:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: KRATER-PC [administrátor]

Ochrana: Zakázána

20.2.2012 10:00:41
mbam-log-2012-02-20 (10-00-41).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 354382
Uplynulý čas: 54 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé souborynebyly zjištěny)

(konec)


ESET online skener:

krater píše:Pro přehlednost jsem založil nový topic, znovu jsem stáhl smazané soubory a provádím nové skeny. Postupně se tam objevují výsledky tak prosím o kontrolu...

Ja si to sloucil sem pac vim oc se jedna a jine kolegy by to mohlo mast

Uz jen proto ze je tam ten hack se mi to nelibi - k cemu to slouzi vlastne Je to tohle

WWWhack je snad nejznámější PassCracker v ČR. Umožňuje získat heslo snad od všeho.

Ano, je to hack tool, program co zkouší různé kombinace znaků na hesla. Já to psal hned na začátku. Chci zjistit, zda je vůbec v dnešní době možné zneužít tyto programy, neboť vám nic nedovolí zkusit víc jak 200 hesel za hodinu, cca. Zajímá mě to, ale jak jsem psal-není to životně důležité. Je to jako cracky-AV hlásí chybu, protože by se to nemělo používat. WWWhack se dokonce používat smí, když je člověk rozumnej a nekodí.

Jestli Vás mohu poprosit, zkontrolujte logy a napište mi, zda mám v PC binec, nebo můžu provést transakci. Jen dodám, MS Esstentials nic nenašel. Mám výsledky pořádku?

Nikdo mi neporadil, jestli je opravdu ve všech verzích toho programu trojan, nebo ho jen hlásí AV ale nebezpečí nehrozí. Doufal jsem, že vy mi poradíte... Mám udělat ještě nějaké další kroky?
Děkuji za dosavadní ochotu

Je to hack na ziskavani pristupu = nelegalni SW - pravidla fora hovori jasne - tohle tu nebudem podporovat...

RSIT vypada na havet cisty

Jen mě pobavila ta citace, už tak 10 let je pro člověka s úmysli nabourat se někam na dvě věci:D Jestli máte obavy, že chci dělat něco nekalého, můžu Vám argumentovat proč to není s tímto programem možné. Radši bych ale požádal já Vás o pomoc s bezpečností, kvůli té tu jsem...
EDIT to není nelegální software, nechci rozpoutávat hádku... Řekněte mi prosím, jestli je to nebezpečné. Ten software je naprosto legální,

slouží k testování síli vlastních hesel

. Samozřejmě ho na to moc lidí nepoužívá, já jen chco vyzkoušet, jestli jde opravdu použít.

heslo 123456 by se hádalo asi 372 847 839 let, je to opravdu na dvě věci.
Prosím, je to nebezpečné?

Ja jsem ale udelal co je poslanim naseho fora, zkontroloval jsem logy na havet, ty jsou ciste, tudiz neni treba dalsich kroku

Takže není nebezpečné ten program zapnout? Kvůli tomu zde jsem...

Je to program na ziskavani pristupu, s tim nehodlam radit...jsme bezp. forum, rady s temito aplikacemi by byly proti logice fora