VIRY.CZ

Dobrý den,
Potřebovala jsem plnou (ne studentskou verzi) programu Autodesk Revit architecture kvůli závěrečné práci bez okrajů, které jsou ve studentské verzi.

Po stažení a kontrole souboru keygenu antivirem (MS Essentials) jsem ho spustila, bez jakéhokoliv viditelného procesu zmizel a nic se nedělo. Spustila jsem antivir a dala plnou kontrolu, v průběhu kontroly antivir spadl a od té doby nejde spustit. Soubor keygenu jsem poslala na kontrolu na virustotal a několik antivirů ho označilo za vir. V procesech se mi objevil proces Lrr.exe nebo pak i Lrs.exe, které jsem vypnula, vypnula jsem i proces „j“ ,od stejného autora jako byl keygen, v procesech po spuštění.

Po následném restartu se situace nezměnila. Antivir stále maximálně problikne po zapnutí (probliknutí jsem zachytila print screenem a jediné, co bylo v okně antiviru je, že je vypnutý).

Posílám log z RSIT a moc prosím o pomoc s odstraněním viru.
Alenka

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alenka at 2011-05-22 15:45:14
Microsoft Windows 7 Ultimate
System drive C: has 19 GB (20%) free of 92 GB
Total RAM: 3582 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:45:22, on 22.5.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files\Yaho's Miranda IM\miranda32.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Alenka\Desktop\RSIT.exe
C:\Program Files\trend micro\Alenka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8205 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Dmubayr.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-14 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SafeQ Client"=C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2010-04-05 288040]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNJQ66R8MU]
C:\Users\Alenka\AppData\Local\Temp\Lrs.exe [2011-05-22 156672]

C:\Users\Alenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-05-22 15:45:14 ----D---- C:\rsit
2011-05-22 15:45:14 ----D---- C:\Program Files\trend micro
2011-05-22 15:02:18 ----D---- C:\Windows\pss
2011-05-22 13:47:29 ----D---- C:\Program Files\Microsoft SDKs
2011-05-22 13:47:25 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2011-05-22 13:43:26 ----A---- C:\Windows\Lsisea.exe
2011-05-22 13:43:19 ----RASH---- C:\Windows\system32\graftabl6.dll
2011-05-17 15:02:44 ----D---- C:\Program Files\PDFTools
2011-05-12 08:10:18 ----A---- C:\Windows\system32\poqexec.exe
2011-05-12 08:10:16 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-12 08:10:16 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-12 08:10:16 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-12 08:10:15 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-12 08:10:15 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-05-12 08:10:15 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-12 08:10:15 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-12 08:10:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-12 08:10:12 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-05-08 19:55:27 ----D---- C:\Program Files\Google
2011-05-08 19:51:59 ----D---- C:\Windows\system32\appmgmt
2011-05-06 15:10:39 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-05-06 15:07:24 ----D---- C:\Program Files\Adobe Media Player
2011-05-06 15:05:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-05-05 22:45:34 ----D---- C:\Program Files\DellTPad
2011-05-05 22:45:19 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2011-05-05 22:45:19 ----A---- C:\Windows\system32\Vxdif.dll
2011-05-05 22:45:18 ----D---- C:\dell
2011-05-05 22:45:18 ----A---- C:\Windows\system32\drivers\Apfiltr.sys
2011-05-04 20:07:38 ----D---- C:\ProgramData\Sun
2011-05-04 20:07:37 ----D---- C:\Program Files\Common Files\Java
2011-05-04 20:07:09 ----A---- C:\Windows\system32\javaws.exe
2011-05-04 20:07:09 ----A---- C:\Windows\system32\javaw.exe
2011-05-04 20:07:09 ----A---- C:\Windows\system32\java.exe
2011-05-04 20:07:09 ----A---- C:\Windows\system32\deployJava1.dll
2011-05-04 20:06:49 ----D---- C:\Program Files\Java
2011-05-04 10:31:59 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2011-05-03 09:21:04 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-03 09:21:04 ----D---- C:\Program Files\AutoDWG
2011-05-03 09:20:49 ----D---- C:\Program Files\Common Files\InstallShield
2011-05-02 15:20:10 ----A---- C:\Windows\system32\d2d1.dll
2011-05-02 15:20:09 ----A---- C:\Windows\system32\FntCache.dll
2011-05-02 15:20:09 ----A---- C:\Windows\system32\DWrite.dll
2011-05-01 22:36:26 ----D---- C:\Users\Alenka\AppData\Roaming\Abvent
2011-05-01 22:36:26 ----D---- C:\ProgramData\Abvent
2011-05-01 22:36:20 ----D---- C:\Users\Alenka\AppData\Roaming\Abvent_Artlantis2
2011-05-01 16:01:41 ----D---- C:\Users\Alenka\AppData\Roaming\Google
2011-05-01 16:01:23 ----D---- C:\ProgramData\Google
2011-05-01 09:25:36 ----D---- C:\Windows\system32\Wat
2011-04-28 15:15:54 ----D---- C:\Program Files\FileMagnet
2011-04-28 12:02:26 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-04-28 12:02:26 ----A---- C:\Windows\system32\PresentationHost.exe
2011-04-28 12:02:26 ----A---- C:\Windows\system32\netfxperf.dll
2011-04-28 12:02:26 ----A---- C:\Windows\system32\mscoree.dll
2011-04-28 12:02:26 ----A---- C:\Windows\system32\dfshim.dll
2011-04-28 11:50:40 ----A---- C:\Windows\system32\browserchoice.exe
2011-04-28 11:47:59 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2011-04-28 11:47:59 ----A---- C:\Windows\system32\drivers\ks.sys
2011-04-28 11:47:31 ----A---- C:\Windows\system32\wcncsvc.dll
2011-04-28 09:56:49 ----D---- C:\Windows\system32\RNBOSENT
2011-04-28 09:56:49 ----A---- C:\Windows\system32\SNTI386.DLL
2011-04-28 09:56:49 ----A---- C:\Windows\system32\RNBOVDD.DLL
2011-04-28 09:56:49 ----A---- C:\Windows\system32\drivers\SENTINEL.SYS
2011-04-28 09:56:36 ----A---- C:\Windows\system32\NSLMS324.DLL
2011-04-28 09:56:36 ----A---- C:\Windows\system32\MSVBVM50.DLL
2011-04-28 09:56:36 ----A---- C:\Windows\system32\GAPI32.DLL
2011-04-28 09:56:35 ----A---- C:\Windows\system32\MSVCRTD.DLL
2011-04-28 09:56:35 ----A---- C:\Windows\system32\MSFRT40.DLL
2011-04-28 09:56:32 ----D---- C:\Program Files\Common Files\Fine Shared
2011-04-28 09:56:11 ----D---- C:\Program Files\Feat
2011-04-28 09:55:33 ----A---- C:\Windows\IsUn0405.exe
2011-04-28 09:55:28 ----RASH---- C:\MSDOS.SYS
2011-04-28 09:55:28 ----RASH---- C:\IO.SYS
2011-04-28 08:27:30 ----A---- C:\Windows\system32\prevhost.exe
2011-04-28 08:27:28 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-04-28 08:27:28 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-04-28 08:27:27 ----A---- C:\Windows\system32\esent.dll
2011-04-28 08:27:27 ----A---- C:\Windows\system32\drivers\storport.sys
2011-04-28 08:27:27 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-04-28 08:27:27 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-04-28 08:27:27 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-04-28 08:27:26 ----A---- C:\Windows\system32\fsutil.exe
2011-04-28 08:27:26 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-04-28 08:27:26 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-04-28 08:27:21 ----A---- C:\Windows\system32\kerberos.dll
2011-04-28 08:27:20 ----A---- C:\Windows\system32\odbc32.dll
2011-04-28 08:27:15 ----A---- C:\Windows\system32\CertEnroll.dll
2011-04-28 08:27:14 ----A---- C:\Windows\system32\winresume.exe
2011-04-28 08:27:14 ----A---- C:\Windows\system32\winload.exe
2011-04-28 08:27:12 ----A---- C:\Windows\system32\asycfilt.dll
2011-04-28 08:27:11 ----A---- C:\Windows\system32\comctl32.dll
2011-04-28 08:27:03 ----A---- C:\Windows\system32\mfc40u.dll
2011-04-28 08:27:03 ----A---- C:\Windows\system32\mfc40.dll
2011-04-28 08:26:58 ----A---- C:\Windows\system32\wmp.dll
2011-04-28 08:26:57 ----A---- C:\Windows\system32\wmploc.DLL
2011-04-28 08:26:55 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-04-28 08:26:54 ----A---- C:\Windows\system32\win32k.sys
2011-04-28 08:26:53 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-04-28 08:26:52 ----A---- C:\Windows\system32\fontsub.dll
2011-04-28 08:26:51 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-28 08:26:50 ----A---- C:\Windows\system32\kernel32.dll
2011-04-28 08:26:49 ----A---- C:\Windows\system32\apphelp.dll
2011-04-28 08:26:48 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\tsbyuv.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\quartz.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\msyuv.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\msvidc32.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\msrle32.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\mciavi32.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\iyuv_32.dll
2011-04-28 08:26:47 ----A---- C:\Windows\system32\avifil32.dll
2011-04-28 08:26:46 ----A---- C:\Windows\system32\EncDec.dll
2011-04-28 08:26:46 ----A---- C:\Windows\system32\CPFilters.dll
2011-04-28 08:26:45 ----A---- C:\Windows\system32\sbe.dll
2011-04-28 08:26:42 ----A---- C:\Windows\explorer.exe
2011-04-28 08:26:41 ----A---- C:\Windows\system32\webio.dll
2011-04-28 08:26:40 ----A---- C:\Windows\system32\shell32.dll
2011-04-28 08:26:38 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-28 08:26:35 ----A---- C:\Windows\system32\mstscax.dll
2011-04-28 08:26:35 ----A---- C:\Windows\system32\mstsc.exe
2011-04-28 08:26:30 ----A---- C:\Windows\system32\srvsvc.dll
2011-04-28 08:26:27 ----A---- C:\Windows\system32\ntdll.dll
2011-04-28 08:26:26 ----A---- C:\Windows\system32\d3d10warp.dll
2011-04-28 08:26:25 ----A---- C:\Windows\system32\mf.dll
2011-04-28 08:26:24 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-04-28 08:26:23 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-04-28 08:26:23 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-04-28 08:26:23 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-04-28 08:26:23 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-04-28 08:26:23 ----A---- C:\Windows\system32\d3d10_1.dll
2011-04-28 08:26:20 ----A---- C:\Windows\system32\upnp.dll
2011-04-28 08:26:19 ----A---- C:\Windows\system32\WebClnt.dll
2011-04-28 08:26:19 ----A---- C:\Windows\system32\msxml6.dll
2011-04-28 08:26:19 ----A---- C:\Windows\system32\msxml3.dll
2011-04-28 08:26:18 ----A---- C:\Windows\system32\wscsvc.dll
2011-04-28 08:26:18 ----A---- C:\Windows\system32\wscapi.dll
2011-04-28 08:26:18 ----A---- C:\Windows\system32\winhttp.dll
2011-04-28 08:26:18 ----A---- C:\Windows\system32\slwga.dll
2011-04-28 08:26:18 ----A---- C:\Windows\system32\davclnt.dll
2011-04-28 08:26:16 ----A---- C:\Windows\system32\wmpmde.dll
2011-04-28 08:26:15 ----A---- C:\Windows\system32\oleaut32.dll
2011-04-28 08:26:15 ----A---- C:\Windows\system32\consent.exe
2011-04-28 08:26:14 ----A---- C:\Windows\system32\secproc_isv.dll
2011-04-28 08:26:14 ----A---- C:\Windows\system32\secproc.dll
2011-04-28 08:26:14 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-04-28 08:26:13 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-04-28 08:26:13 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-04-28 08:26:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-04-28 08:26:13 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-04-28 08:26:13 ----A---- C:\Windows\system32\RMActivate.exe
2011-04-28 08:26:12 ----A---- C:\Windows\system32\mfc42.dll
2011-04-28 08:26:11 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-28 08:26:09 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-28 08:26:09 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-28 08:26:09 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-28 08:26:09 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-28 08:26:08 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-04-28 08:26:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-04-28 08:26:04 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-04-28 08:26:04 ----A---- C:\Windows\system32\cdd.dll
2011-04-28 08:25:43 ----A---- C:\Windows\system32\psisdecd.dll
2011-04-28 08:25:43 ----A---- C:\Windows\system32\msdri.dll
2011-04-28 08:20:23 ----A---- C:\Windows\system32\winlogon.exe
2011-04-28 08:20:18 ----A---- C:\Windows\system32\ir32_32.dll
2011-04-28 08:20:18 ----A---- C:\Windows\system32\iccvid.dll
2011-04-28 08:20:16 ----A---- C:\Windows\system32\ole32.dll
2011-04-28 08:20:15 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-04-28 08:20:07 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-04-28 08:20:05 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-28 08:20:05 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-28 08:20:04 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-28 08:20:03 ----A---- C:\Windows\system32\spoolsv.exe
2011-04-28 08:20:01 ----A---- C:\Windows\system32\vbscript.dll
2011-04-28 08:20:01 ----A---- C:\Windows\system32\jscript.dll
2011-04-28 08:19:54 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-28 08:19:54 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-28 08:19:53 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-28 08:19:50 ----A---- C:\Windows\system32\atmfd.dll
2011-04-28 08:19:49 ----A---- C:\Windows\system32\atmlib.dll
2011-04-28 08:19:48 ----A---- C:\Windows\system32\t2embed.dll
2011-04-28 08:19:46 ----A---- C:\Windows\system32\mshtml.dll
2011-04-28 08:19:45 ----A---- C:\Windows\system32\ieframe.dll
2011-04-28 08:19:40 ----A---- C:\Windows\system32\urlmon.dll
2011-04-28 08:19:39 ----A---- C:\Windows\system32\wininet.dll
2011-04-28 08:19:39 ----A---- C:\Windows\system32\iertutil.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\mstime.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\iepeers.dll
2011-04-28 08:19:38 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-28 08:19:37 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-28 08:19:37 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-28 08:19:37 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-28 08:19:37 ----A---- C:\Windows\system32\ieui.dll
2011-04-27 22:12:18 ----D---- C:\Users\Alenka\AppData\Roaming\skypePM
2011-04-27 22:12:18 ----D---- C:\ProgramData\Skype Extras
2011-04-27 22:11:54 ----D---- C:\Users\Alenka\AppData\Roaming\Skype
2011-04-27 22:11:34 ----D---- C:\Program Files\Common Files\Skype
2011-04-27 22:11:22 ----RD---- C:\Program Files\Skype
2011-04-27 22:11:18 ----D---- C:\ProgramData\Skype
2011-04-27 15:27:18 ----D---- C:\Program Files\Y Soft
2011-04-27 15:27:18 ----A---- C:\Windows\system32\SAFEQVS.DLL
2011-04-27 15:27:18 ----A---- C:\Windows\system32\SAFEQUI.DLL
2011-04-27 15:27:18 ----A---- C:\Windows\system32\SafeQCairoLib.DLL
2011-04-27 15:26:44 ----D---- C:\Users\Alenka\AppData\Roaming\vlc
2011-04-27 14:30:17 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-04-27 14:30:15 ----D---- C:\Program Files\Common Files\DESIGNER
2011-04-27 14:29:55 ----D---- C:\Windows\PCHEALTH
2011-04-27 14:29:54 ----D---- C:\Program Files\Microsoft.NET
2011-04-27 14:29:54 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-04-27 14:27:53 ----D---- C:\Program Files\Microsoft Analysis Services
2011-04-27 14:27:25 ----D---- C:\Program Files\Microsoft Office
2011-04-27 14:27:21 ----D---- C:\ProgramData\Microsoft Help
2011-04-27 14:27:06 ----RHD---- C:\MSOCache
2011-04-27 10:10:13 ----D---- C:\Program Files\Adobe
2011-04-27 09:36:07 ----A---- C:\Windows\reimage.ini
2011-04-27 08:51:27 ----A---- C:\Windows\system32\msv1_0.dll
2011-04-26 23:24:11 ----A---- C:\Windows\system32\roboot.exe
2011-04-26 23:24:08 ----A---- C:\Windows\system32\msvcr71.dll
2011-04-26 23:24:08 ----A---- C:\Windows\system32\msvcp71.dll
2011-04-26 23:24:08 ----A---- C:\Windows\system32\mfc71.dll
2011-04-26 23:23:19 ----D---- C:\Windows\system32\Macromed
2011-04-26 23:19:35 ----D---- C:\Users\Alenka\AppData\Roaming\WinRAR
2011-04-26 23:19:15 ----D---- C:\Program Files\WinRAR
2011-04-26 23:02:10 ----D---- C:\Users\Alenka\AppData\Roaming\Apple Computer
2011-04-26 23:02:05 ----DC---- C:\Windows\system32\DRVSTORE
2011-04-26 23:02:05 ----A---- C:\Windows\system32\GEARAspi.dll
2011-04-26 23:02:05 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-04-26 23:01:29 ----D---- C:\Program Files\iPod
2011-04-26 23:01:28 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-26 23:01:28 ----D---- C:\Program Files\iTunes
2011-04-26 23:00:36 ----D---- C:\ProgramData\Apple Computer
2011-04-26 23:00:36 ----D---- C:\Program Files\QuickTime
2011-04-26 23:00:26 ----D---- C:\Program Files\Apple Software Update
2011-04-26 22:59:51 ----D---- C:\Program Files\Bonjour
2011-04-26 22:59:38 ----D---- C:\ProgramData\Apple
2011-04-26 22:59:38 ----D---- C:\Program Files\Common Files\Apple
2011-04-26 15:15:51 ----A---- C:\Windows\system32\tzres.dll
2011-04-26 15:14:36 ----A---- C:\Windows\system32\schedsvc.dll
2011-04-26 15:14:36 ----A---- C:\Windows\system32\schannel.dll
2011-04-26 15:14:35 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-04-26 15:14:35 ----A---- C:\Windows\system32\taskschd.dll
2011-04-26 15:14:35 ----A---- C:\Windows\system32\taskeng.exe
2011-04-26 15:14:35 ----A---- C:\Windows\system32\taskcomp.dll
2011-04-26 15:14:35 ----A---- C:\Windows\system32\schtasks.exe
2011-04-26 15:14:32 ----A---- C:\Windows\system32\lsasrv.dll
2011-04-26 15:14:32 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-04-26 15:14:31 ----A---- C:\Windows\system32\rtutils.dll
2011-04-26 15:14:31 ----A---- C:\Windows\system32\msasn1.dll
2011-04-26 10:23:12 ----D---- C:\Users\Alenka\AppData\Roaming\Macromedia
2011-04-26 10:23:12 ----D---- C:\ProgramData\Adobe
2011-04-26 10:23:06 ----D---- C:\Users\Alenka\AppData\Roaming\Adobe
2011-04-26 10:23:04 ----D---- C:\Program Files\Common Files\Adobe
2011-04-26 10:10:39 ----D---- C:\Program Files\Artlantis Studio 2
2011-04-26 10:04:11 ----D---- C:\ProgramData\FLEXnet
2011-04-26 09:57:07 ----D---- C:\Program Files\Common Files\Macrovision Shared
2011-04-26 09:54:09 ----D---- C:\Program Files\Autodesk
2011-04-26 09:52:38 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-04-26 09:52:16 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-04-26 09:52:16 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-04-26 09:52:16 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-04-26 09:52:08 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-04-26 09:49:38 ----D---- C:\Users\Alenka\AppData\Roaming\Autodesk
2011-04-26 09:49:38 ----D---- C:\ProgramData\Autodesk
2011-04-25 21:07:09 ----D---- C:\Windows\Panther
2011-04-25 21:06:56 ----RASH---- C:\BOOTSECT.BAK
2011-04-25 21:06:54 ----SHD---- C:\Boot
2011-04-25 20:58:04 ----D---- C:\Program Files\JDownloader
2011-04-25 20:51:56 ----D---- C:\Program Files\VideoLAN
2011-04-25 20:50:16 ----D---- C:\Program Files\IrfanView
2011-04-25 20:49:35 ----N---- C:\Windows\system32\MpSigStub.exe
2011-04-25 20:49:28 ----D---- C:\Program Files\foobar2000
2011-04-25 20:43:48 ----SHD---- C:\Windows\Installer
2011-04-25 20:43:48 ----D---- C:\Program Files\Microsoft Security Client
2011-04-25 20:43:28 ----A---- C:\Windows\system32\drivers\netio.sys
2011-04-25 20:35:16 ----D---- C:\Program Files\Yaho's Miranda IM
2011-04-25 20:34:02 ----D---- C:\Program Files\Yaho's Miranda IM – starsi
2011-04-25 20:26:06 ----D---- C:\ProgramData\NVIDIA Corporation
2011-04-25 20:26:04 ----D---- C:\Program Files\NVIDIA Corporation
2011-04-25 20:25:51 ----D---- C:\Users\Alenka\AppData\Roaming\Opera
2011-04-25 20:25:49 ----D---- C:\Program Files\Opera
2011-04-25 20:20:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-25 20:20:27 ----A---- C:\Windows\system32\wintrust.dll
2011-04-25 20:20:26 ----A---- C:\Windows\system32\cabview.dll
2011-04-25 20:15:52 ----D---- C:\Users\Alenka\AppData\Roaming\Identities
2011-04-25 20:15:39 ----SD---- C:\Users\Alenka\AppData\Roaming\Microsoft
2011-04-25 20:15:39 ----D---- C:\Users\Alenka\AppData\Roaming\Media Center Programs
2011-04-25 20:15:25 ----SHD---- C:\Recovery
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Šablony
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Plocha
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Oblíbené položky
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Nabídka Start
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Dokumenty
2011-04-25 20:15:24 ----SHD---- C:\ProgramData\Data aplikací
2011-04-25 20:10:41 ----D---- C:\Windows\SoftwareDistribution
2011-04-25 20:08:04 ----D---- C:\Windows\Prefetch
2011-04-25 20:07:42 ----SHD---- C:\System Volume Information
2011-04-25 20:07:42 ----ASH---- C:\pagefile.sys
2011-04-25 20:07:42 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2011-05-22 15:45:14 ----RD---- C:\Program Files
2011-05-22 15:22:02 ----D---- C:\Windows\Tasks
2011-05-22 15:20:27 ----D---- C:\Windows\system32\Tasks
2011-05-22 15:02:18 ----D---- C:\Windows
2011-05-22 15:00:16 ----D---- C:\Windows\System32
2011-05-22 15:00:16 ----D---- C:\Windows\inf
2011-05-22 15:00:03 ----D---- C:\Windows\system32\config
2011-05-22 14:07:34 ----D---- C:\Windows\Temp
2011-05-22 13:59:27 ----D---- C:\Windows\Microsoft.NET
2011-05-22 13:59:26 ----RSD---- C:\Windows\assembly
2011-05-22 13:55:19 ----SD---- C:\ProgramData\Microsoft
2011-05-22 13:50:31 ----D---- C:\Windows\winsxs
2011-05-22 13:48:09 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-21 12:03:53 ----D---- C:\Windows\system32\NDF
2011-05-16 12:11:17 ----D---- C:\Windows\system32\catroot2
2011-05-12 13:38:21 ----D---- C:\Windows\system32\DriverStore
2011-05-12 13:38:19 ----D---- C:\Windows\system32\drivers
2011-05-12 08:10:08 ----D---- C:\Windows\system32\catroot
2011-05-10 21:15:44 ----D---- C:\Windows\system32\drivers\etc
2011-05-08 23:10:45 ----D---- C:\Windows\system32\wdi
2011-05-08 11:20:22 ----D---- C:\Windows\system32\FxsTmp
2011-05-06 15:10:39 ----HD---- C:\ProgramData
2011-05-06 15:08:41 ----RSD---- C:\Windows\Fonts
2011-05-06 15:05:55 ----D---- C:\Program Files\Common Files
2011-04-29 22:31:02 ----D---- C:\Windows\rescache
2011-04-29 12:22:35 ----D---- C:\Windows\system32\en-US
2011-04-29 11:08:53 ----D---- C:\Windows\AppPatch
2011-04-28 17:59:08 ----D---- C:\Windows\Logs
2011-04-28 13:53:03 ----D---- C:\Windows\system32\migration
2011-04-28 13:53:03 ----D---- C:\Program Files\Internet Explorer
2011-04-28 13:53:02 ----D---- C:\Windows\system32\cs-CZ
2011-04-28 13:53:02 ----D---- C:\Program Files\Windows Mail
2011-04-28 13:53:01 ----D---- C:\Windows\ehome
2011-04-28 13:52:58 ----D---- C:\Windows\system32\Boot
2011-04-28 13:52:56 ----D---- C:\Program Files\Windows Media Player
2011-04-27 14:28:13 ----D---- C:\Windows\ShellNew
2011-04-26 15:32:37 ----D---- C:\Windows\system32\LogFiles
2011-04-26 10:03:15 ----D---- C:\Windows\Downloaded Program Files
2011-04-25 22:27:59 ----D---- C:\Windows\system32\drivers\UMDF
2011-04-25 20:25:17 ----D---- C:\Windows\system32\restore
2011-04-25 20:22:27 ----D---- C:\Windows\system32\CodeIntegrity
2011-04-25 20:18:59 ----D---- C:\Windows\system32\wbem
2011-04-25 20:15:49 ----SHD---- C:\$Recycle.Bin
2011-04-25 20:15:38 ----RD---- C:\Users
2011-04-25 20:15:24 ----D---- C:\Program Files\Windows NT
2011-04-25 20:14:35 ----D---- C:\Windows\debug
2011-04-25 20:11:26 ----D---- C:\Windows\system32\sysprep
2011-04-25 20:08:32 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-04-15 252536]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S1 MpKslc93c9101;MpKslc93c9101; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{220E0080-0C22-4C25-88AD-C07459194483}\MpKslc93c9101.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [1999-07-20 73216]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 cpuz134;cpuz134; \??\C:\Users\Alenka\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-14 820520]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2008-06-05 1322648]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-26 1045256]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-01 1343400]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]

-----------------EOF-----------------

Zdravim a pekny den preji

Keygeny jsou samozrejme havet, nehlede na porusovani autorskeho zakona a pachani trestneho cinu Krasne jste si to tim zavirovala

Takove navstevniky tu mame opravdu radi, zaliskaji si PC crackama a keygenama a pak se divi

Pokud jste student a delate studentskou zaverecnou praci, Vase fakulta by to mela vzit na vedomi a potistene okraje tolerovat

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  motji píše: Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Predpokladam, ze windows mate legalni = zakoupena licence

Já se ani moc nedivím, a moc dobře vím, že si za to můžu sama... Mrzí mě, že tím ještě někoho obtěžuju.
Ale je pravdou, že kvůli školní práci nemáme velmi často jinou šanci než používat programy nelegálně.
Mnoho programů, ve kterých máme práci odevzdávat ani studentské verze nemá.

Rkill jsem stáhnula a zapnula, vypnul se, jiné verze pak už zapnout také nešly s tím, že se zobrazila hláška
zabezpečení systému windows "Tyto soubory nelze otevřít. Nastavení zabezpečení Internetu zabránilo otevření jednoho nebo více souborů", která se dala zavřít jen ve správci úloh.

Poprosila jsem o pomoc bratra, ten program nějakým způsobem zprovoznil, ale výstupní log vypadal takto, což se mi moc nezdá.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.05.2011 at 18:26:29.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:



Rkill completed on 22.05.2011 at 18:26:40.


Následkný CKScan log vypadá takto

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\autodesk\revit architecture 2011\program\help\cs-cz\wbh\contexthelp\hcontrol_revit_removewatch.htm
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\yaho's miranda im – starsi\- přijaté soubory -\glen\keygen.htm
c:\users\alenka\documents\Škola\cvut\4. semestr\revit\crack\autodesk_revit_architecture_2010-x86_update 1.exe
c:\users\alenka\documents\Škola\cvut\4. semestr\revit\crack\rac2010.txt
c:\users\alenka\documents\Škola\cvut\4. semestr\revit\crack\autodesk keygen 2010\x64\adesk_patcher64.exe
c:\users\alenka\documents\Škola\cvut\4. semestr\revit\crack\autodesk keygen 2010\x64\xf-a2010.exe
c:\users\alenka\documents\Škola\cvut\4. semestr\revit\crack\autodesk keygen 2010\x86\xf-a2010.exe
c:\users\alenka\documents\Škola\cvut\6. semestr\bza2\feat 2000 od melouna\crack\crack\legends.txt
c:\users\alenka\documents\Škola\cvut\podklady od aleše\sf2\software\teplo\crack\area\haspvb32.dll
c:\users\alenka\documents\Škola\cvut\podklady od aleše\sf2\software\teplo\crack\area\vstup.hasp
c:\users\alenka\documents\Škola\cvut\podklady od aleše\sf2\software\teplo\crack\teplo\haspvb32.dll
c:\users\alenka\documents\Škola\cvut\podklady od aleše\sf2\software\teplo\crack\teplo\vstup.hasp
c:\users\alenka\downloads\feat 2000 od melouna\feat 2000 od melouna\crack\crack\f98utlt.dll
c:\users\alenka\downloads\feat 2000 od melouna\feat 2000 od melouna\crack\crack\feat2000.exe
c:\users\alenka\downloads\feat 2000 od melouna\feat 2000 od melouna\crack\crack\legends.txt
c:\windows\prefetch\keygen-autodesk_revit_archite-5fbc22c6.pf
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----

Pokud program nema student verzi, nema to fakulta po Vas chtit, alespon na VUTu to tak mame...

Co ty Vase windows, ty asi legalnosti tez moc nevoni co

Bohužel na ČVUTu to tak nemáme. A sice od vás nikoho neznám, ale vzhledem ke stejnému obsahu učiva tipuji, že vaše Fakulta architektury či stavební na tom nebude líp.

A chtěla jsem být upřímná, proto jsem to napsala, stejně jako že systém legální nemám, přítel mi po potížích se systémem upgradoval mé legální visty na systém win7.

Ja jsem na FASTu a prace po nas pozaduji v ACADu - nikomu nevadi ten potisteny okraj, pripadne dalsi programy mame na fakulte v informacnim centru, takze neni problem si to udelat tam...

Zcela vyjimecne Vam PC odviruji, avsak pokud se tu ukazete a PC bude plne cracku, muze byt Radci pomoc odmitnuta - samozrejme to ze je PC plne warezu bude zaneseno v nasi interni sekci

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Na spuštění Combofixu mi naskočí stejná hláška jako u rkillu - zabezpečení internetu mi nedovolí zapnout ho.

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti), prejmenujte combofix na Beruska.com a zkuste spustit

Ani nouzový režim nepomohl, stále mi to zastavuje zabezpečení internetu.

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6641

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.5.2011 21:19:55
mbam-log-2011-05-22 (21-19-50).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|)
Testované objekty: 357735
Uplynulý čas: 1 hodin, 1 minut, 25 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 16

Infikované procesy v paměti:
c:\Windows\Lsiseb.exe (Trojan.Downloader.VCP) -> 1956 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\Lsiseb.exe (Trojan.Downloader.VCP) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RJOZZJ7.exe (Trojan.Downloader.VCP) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RY1MEKR.exe (Trojan.Downloader.VCP) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RB0CO8L.exe (Trojan.Downloader.VCP) -> No action taken.
c:\program files\Adobe\adobe photoshop cs5\adobe.photoshop.cs5.extended.v12.0.keymaker-embrace.exe (Malware.Packer.Gen) -> No action taken.
c:\program files\yaho's miranda im\- přijaté soubory -\glen vorel\adobe.photoshop.cs5.extended.v12.0.keymaker-embrace.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\Alenka\documents\Škola\cvut\4. semestr\REVIT\crack\autodesk keygen 2010\x64\xf-a2010.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Alenka\documents\Škola\cvut\4. semestr\REVIT\crack\autodesk keygen 2010\x86\xf-a2010.exe (Trojan.Agent) -> No action taken.
c:\Windows\Lsisea.exe (Trojan.Downloader.VCP) -> No action taken.
c:\Windows\System32\graftabl6.dll (Heuristics.Shuriken) -> No action taken.
d:\a3dsmd201186x\keygen_x-force keygens for autodesk 2011 products\keygen_x-force keygens for autodesk 2011 products\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> No action taken.
d:\autocad 2011 cz (www.doolphin.cz)\autocad.2011.keygen.gnrsu.com\KeyGen\keygen-32bit.exe (RiskWare.Tool.CK) -> No action taken.
d:\autocad 2011 cz (www.doolphin.cz)\autocad.2011.keygen.gnrsu.com\KeyGen\keygen-64bit.exe (RiskWare.Tool.CK) -> No action taken.
d:\autodesk 3ds max design 2011\Keygen\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.

Dobrý večer, než dorazí kolega
V mbamu vše smažte a zkuste znovu spustit Rkill a combofix.

Děkuju za záskok

log, co mi vyběhl po vyčištění MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6641

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.5.2011 21:39:09
mbam-log-2011-05-22 (21-39-09).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|)
Testované objekty: 357735
Uplynulý čas: 1 hodin, 1 minut, 25 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 16

Infikované procesy v paměti:
c:\Windows\Lsiseb.exe (Trojan.Downloader.VCP) -> 1956 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Windows\Lsiseb.exe (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RJOZZJ7.exe (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RY1MEKR.exe (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1971691092-1223388584-3130940709-1000\$RB0CO8L.exe (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\program files\Adobe\adobe photoshop cs5\adobe.photoshop.cs5.extended.v12.0.keymaker-embrace.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files\yaho's miranda im\- přijaté soubory -\glen vorel\adobe.photoshop.cs5.extended.v12.0.keymaker-embrace.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Alenka\documents\Škola\cvut\4. semestr\REVIT\crack\autodesk keygen 2010\x64\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Alenka\documents\Škola\cvut\4. semestr\REVIT\crack\autodesk keygen 2010\x86\xf-a2010.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Lsisea.exe (Trojan.Downloader.VCP) -> Quarantined and deleted successfully.
c:\Windows\System32\graftabl6.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
d:\a3dsmd201186x\keygen_x-force keygens for autodesk 2011 products\keygen_x-force keygens for autodesk 2011 products\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\autocad 2011 cz (www.doolphin.cz)\autocad.2011.keygen.gnrsu.com\KeyGen\keygen-32bit.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\autocad 2011 cz (www.doolphin.cz)\autocad.2011.keygen.gnrsu.com\KeyGen\keygen-64bit.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\autodesk 3ds max design 2011\Keygen\xf-a2011-32bits.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


log z rkillu

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.05.2011 at 21:42:00.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
C:\Windows\System32\grpconv.exe


Rkill completed on 22.05.2011 at 21:42:05.


log z combofixu

ComboFix 11-05-21.03 - Alenka 22.05.2011 21:47:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2741 [GMT 2:00]
Spuštěný z: c:\users\Alenka\Desktop\Beruska.com
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41722E95-A441-4BE1-8CD4-7BDABBFACA0A}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4D9C7610-D371-4A9E-A200-B6CC731FDF8B}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C42136EF-D92F-4705-849F-6E6779F1C364}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C532459C-AC5F-4B7B-9924-7898956D56A1}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CBD243AB-B495-43D6-9351-4B5A2DE73B76}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D96C9E03-806A-4CBC-9077-736D44B418E3}.xps
c:\users\Alenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FAD4C1E3-0BC6-45A8-AC8C-CEDD179E1069}.xps
c:\users\Alenka\rkill.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-22 do 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-22 19:54 . 2011-05-22 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 18:15 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 18:15 . 2011-05-22 18:15 -------- d-----w- c:\programdata\Malwarebytes
2011-05-22 18:15 . 2011-05-22 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 18:15 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 15:36 . 2011-05-22 15:36 1007108 ----a-w- C:\asdflkjga.exe
2011-05-22 13:45 . 2011-05-22 13:45 -------- d-----w- C:\rsit
2011-05-22 13:45 . 2011-05-22 13:45 -------- d-----w- c:\program files\trend micro
2011-05-22 11:47 . 2011-05-22 11:47 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-22 11:47 . 2011-05-22 11:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-05-22 07:46 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B2E1C3-45AD-4381-B557-62715E9F2EF2}\mpengine.dll
2011-05-20 13:33 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6324E131-3C1F-440D-8344-C75F872472D2}\gapaengine.dll
2011-05-19 05:48 . 2011-05-19 05:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 13:02 . 2011-05-17 13:02 -------- d-----w- c:\program files\PDFTools
2011-05-12 06:10 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 06:10 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-12 06:10 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-12 06:10 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-12 06:10 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-12 06:10 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-12 06:10 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-12 06:10 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-12 06:10 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 06:10 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-08 17:55 . 2011-05-08 17:55 -------- d-----w- c:\program files\Google
2011-05-06 13:10 . 2011-05-06 13:20 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-05-06 13:07 . 2011-05-06 13:07 -------- d-----w- c:\program files\Adobe Media Player
2011-05-06 13:05 . 2011-05-06 13:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-05 20:45 . 2011-05-05 20:45 -------- d-----w- c:\program files\DellTPad
2011-05-05 20:45 . 2010-02-26 19:32 109122 ----a-w- c:\windows\system32\Vxdif.dll
2011-05-05 20:45 . 2009-07-14 10:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-05-05 20:45 . 2011-05-05 20:45 -------- d-----w- C:\dell
2011-05-05 20:45 . 2010-04-15 11:36 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-05-04 18:07 . 2011-05-04 18:07 -------- d-----w- c:\program files\Common Files\Java
2011-05-04 18:07 . 2011-05-04 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 18:06 . 2011-05-04 18:06 -------- d-----w- c:\program files\Java
2011-05-04 08:31 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-05-03 07:21 . 2011-05-03 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-05-03 07:21 . 2011-05-03 07:21 -------- d-----w- c:\program files\AutoDWG
2011-05-03 07:20 . 2011-05-03 07:20 -------- d-----w- c:\program files\Common Files\InstallShield
2011-05-02 13:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 13:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 13:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-01 20:36 . 2011-05-01 20:39 -------- d-----w- c:\programdata\Abvent
2011-05-01 07:25 . 2011-05-01 07:25 -------- d-----w- c:\windows\system32\Wat
2011-04-28 13:15 . 2011-04-28 13:15 -------- d-----w- c:\program files\FileMagnet
2011-04-28 10:02 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-28 10:02 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-28 10:02 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-28 10:02 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-28 10:02 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-28 09:50 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-04-28 09:47 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-04-28 09:47 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-28 09:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-28 07:55 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2011-04-28 06:25 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-04-28 06:25 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-04-28 06:25 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-04-27 20:12 . 2011-05-15 20:17 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----w- c:\program files\Common Files\Skype
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----r- c:\program files\Skype
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----w- c:\programdata\Skype
2011-04-27 13:27 . 2011-04-27 13:27 -------- d-----w- c:\program files\Y Soft
2011-04-27 13:27 . 2010-03-31 08:57 131072 ----a-w- c:\windows\system32\SAFEQUI.DLL
2011-04-27 13:27 . 2010-03-31 08:56 2355200 ----a-w- c:\windows\system32\SAFEQVS.DLL
2011-04-27 13:27 . 2009-05-06 14:35 421888 ----a-w- c:\windows\system32\SafeQCairoLib.DLL
2011-04-27 12:35 . 2011-04-27 13:29 -------- d-----w- c:\windows\AutoKMS
2011-04-27 12:34 . 2011-05-22 19:40 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-04-27 12:30 . 2011-04-27 12:30 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-04-27 12:29 . 2011-04-27 12:29 -------- d-----w- c:\windows\PCHEALTH
2011-04-27 12:29 . 2011-04-29 10:22 -------- d-----w- c:\program files\Microsoft.NET
2011-04-27 12:29 . 2011-04-27 12:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-27 12:27 . 2011-04-27 12:27 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-27 12:27 . 2011-05-22 11:50 -------- d-----w- c:\programdata\Microsoft Help
2011-04-27 12:27 . 2011-04-27 12:27 -------- d-----r- C:\MSOCache
2011-04-27 06:55 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-27 06:51 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-26 21:24 . 2011-03-25 16:03 15592 ----a-w- c:\windows\system32\roboot.exe
2011-04-26 21:24 . 2011-03-25 03:35 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-04-26 21:24 . 2011-03-25 03:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 21:24 . 2011-03-25 03:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-26 21:23 . 2011-04-26 21:23 -------- d-----w- c:\windows\system32\Macromed
2011-04-26 21:02 . 2011-04-26 21:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-26 21:02 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-26 21:02 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-26 21:01 . 2011-04-26 21:01 -------- d-----w- c:\program files\iPod
2011-04-26 21:01 . 2011-04-26 21:02 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-26 20:59 . 2011-04-26 21:00 -------- d-----w- c:\programdata\Apple
2011-04-26 13:15 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-04-26 13:14 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-04-26 13:14 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-04-26 13:14 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-26 13:14 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-04-26 13:14 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-04-26 13:14 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-04-26 13:14 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-04-26 13:14 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-04-26 13:14 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-04-26 13:14 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-04-26 13:14 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2011-04-26 13:14 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-04-26 08:23 . 2011-05-06 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-26 08:10 . 2011-05-01 20:37 -------- d-----w- c:\program files\Artlantis Studio 2
2011-04-26 08:04 . 2011-05-04 08:33 -------- d-----w- c:\programdata\FLEXnet
2011-04-26 07:57 . 2011-04-26 07:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-04-26 07:54 . 2011-05-22 11:51 -------- d-----w- c:\program files\Autodesk
2011-04-26 07:52 . 2011-05-22 11:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-26 07:52 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-04-26 07:52 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-26 07:52 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-04-26 07:49 . 2011-05-22 11:52 -------- d-----w- c:\programdata\Autodesk
2011-04-25 19:07 . 2011-04-25 18:15 -------- d-----w- c:\windows\Panther
2011-04-25 19:06 . 2011-04-25 19:06 -------- d-----w- C:\Boot
2011-04-25 19:00 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-25 18:58 . 2011-05-19 13:09 -------- d-----w- c:\program files\JDownloader
2011-04-25 18:51 . 2011-04-25 18:51 -------- d-----w- c:\program files\VideoLAN
2011-04-25 18:50 . 2011-04-25 18:50 -------- d-----w- c:\program files\IrfanView
2011-04-25 18:49 . 2011-04-18 07:15 7071056 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A0E4066-8DCB-45C5-9399-04B5F5E6C376}\mpengine.dll
2011-04-25 18:49 . 2010-10-19 09:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-25 18:49 . 2011-04-25 18:49 -------- d-----w- c:\program files\foobar2000
2011-04-25 18:43 . 2011-05-22 12:16 -------- d-sh--w- c:\windows\Installer
2011-04-25 18:43 . 2011-04-25 18:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-25 18:43 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-25 18:35 . 2011-04-25 18:36 -------- d-----w- c:\program files\Yaho's Miranda IM
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\users\Alenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKslc93c9101;MpKslc93c9101;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220E0080-0C22-4C25-88AD-C07459194483}\MpKslc93c9101.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\Alenka\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-01 1343400]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-22 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-04-27 12:35]
.
2011-05-22 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-04-27 12:35]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-22 21:56:35
ComboFix-quarantined-files.txt 2011-05-22 19:56
.
Před spuštěním: Volných bajtů: 25 739 005 952
Po spuštění: Volných bajtů: 25 220 857 856
.
- - End Of File - - C466576F9555200BA31136A0F05E00F0

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  C:\asdflkjga.exe
  c:\windows\KMSEmulator.exe
  
  File::
  c:\programdata\regid.1986-12.com.adobe
  c:\windows\Tasks\AutoKMS.job
  c:\windows\Tasks\AutoKMSDaily.job
  
  Folder::
  c:\programdata\regid.1986-12.com.adobe
  c:\windows\AutoKMS
  c:\$Recycle.Bin
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "iTunesHelper"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "Adobe Acrobat Speed Launcher"=-
  "Acrobat Assistant 8.0"=-
  "SunJavaUpdateSched"=-
  "AdobeAAMUpdater-1.0"=-
  "SwitchBoard"=-
  "AdobeCS5ServiceManager"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-05-21.03 - Alenka 23.05.2011 8:04.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2679 [GMT 2:00]
Spuštěný z: c:\users\Alenka\Desktop\Beruska.com
Použité ovládací přepínače :: c:\users\Alenka\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
FILE ::
"c:\programdata\regid.1986-12.com.adobe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\AutoKMSDaily.job"
.
file zipped: C:\asdflkjga.exe
file zipped: c:\windows\KMSEmulator.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$Recycle.Bin
C:\asdflkjga.exe
c:\programdata\regid.1986-12.com.adobe
c:\programdata\regid.1986-12.com.adobe\regid.1986-12.com.adobe_Photoshop-CS5-Win-GM-MUL.swidtag
c:\windows\AutoKMS
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\AutoKMS\AutoKMS.ini
c:\windows\AutoKMS\AutoKMS.log
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AutoKMSDaily.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-23 do 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 06:11 . 2011-05-23 06:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-23 05:23 . 2011-05-23 05:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B2E1C3-45AD-4381-B557-62715E9F2EF2}\MpKsl7444d4c2.sys
2011-05-22 18:15 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 18:15 . 2011-05-22 18:15 -------- d-----w- c:\programdata\Malwarebytes
2011-05-22 18:15 . 2011-05-22 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-22 18:15 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 13:45 . 2011-05-22 13:45 -------- d-----w- C:\rsit
2011-05-22 13:45 . 2011-05-22 13:45 -------- d-----w- c:\program files\trend micro
2011-05-22 11:47 . 2011-05-22 11:47 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-22 11:47 . 2011-05-22 11:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-05-22 07:46 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B2E1C3-45AD-4381-B557-62715E9F2EF2}\mpengine.dll
2011-05-20 13:33 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6324E131-3C1F-440D-8344-C75F872472D2}\gapaengine.dll
2011-05-19 05:48 . 2011-05-19 05:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 13:02 . 2011-05-17 13:02 -------- d-----w- c:\program files\PDFTools
2011-05-12 06:10 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 06:10 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-12 06:10 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-12 06:10 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-12 06:10 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-12 06:10 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-12 06:10 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-12 06:10 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-12 06:10 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 06:10 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-08 17:55 . 2011-05-08 17:55 -------- d-----w- c:\program files\Google
2011-05-06 13:07 . 2011-05-06 13:07 -------- d-----w- c:\program files\Adobe Media Player
2011-05-06 13:05 . 2011-05-06 13:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-05 20:45 . 2011-05-05 20:45 -------- d-----w- c:\program files\DellTPad
2011-05-05 20:45 . 2010-02-26 19:32 109122 ----a-w- c:\windows\system32\Vxdif.dll
2011-05-05 20:45 . 2009-07-14 10:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-05-05 20:45 . 2011-05-05 20:45 -------- d-----w- C:\dell
2011-05-05 20:45 . 2010-04-15 11:36 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-05-04 18:07 . 2011-05-04 18:07 -------- d-----w- c:\program files\Common Files\Java
2011-05-04 18:07 . 2011-05-04 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 18:06 . 2011-05-04 18:06 -------- d-----w- c:\program files\Java
2011-05-04 08:31 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-05-03 07:21 . 2011-05-03 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-05-03 07:21 . 2011-05-03 07:21 -------- d-----w- c:\program files\AutoDWG
2011-05-03 07:20 . 2011-05-03 07:20 -------- d-----w- c:\program files\Common Files\InstallShield
2011-05-02 13:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-02 13:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-02 13:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-01 20:36 . 2011-05-01 20:39 -------- d-----w- c:\programdata\Abvent
2011-05-01 07:25 . 2011-05-01 07:25 -------- d-----w- c:\windows\system32\Wat
2011-04-28 13:15 . 2011-04-28 13:15 -------- d-----w- c:\program files\FileMagnet
2011-04-28 10:02 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-28 10:02 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-28 10:02 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-28 10:02 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-28 10:02 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-28 09:50 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-04-28 09:47 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-04-28 09:47 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-28 09:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-28 07:55 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe
2011-04-28 06:25 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-04-28 06:25 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-04-28 06:25 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-04-27 20:12 . 2011-05-15 20:17 -------- d-----w- c:\programdata\Skype Extras
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----w- c:\program files\Common Files\Skype
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----r- c:\program files\Skype
2011-04-27 20:11 . 2011-04-27 20:11 -------- d-----w- c:\programdata\Skype
2011-04-27 13:27 . 2011-04-27 13:27 -------- d-----w- c:\program files\Y Soft
2011-04-27 13:27 . 2010-03-31 08:57 131072 ----a-w- c:\windows\system32\SAFEQUI.DLL
2011-04-27 13:27 . 2010-03-31 08:56 2355200 ----a-w- c:\windows\system32\SAFEQVS.DLL
2011-04-27 13:27 . 2009-05-06 14:35 421888 ----a-w- c:\windows\system32\SafeQCairoLib.DLL
2011-04-27 12:30 . 2011-04-27 12:30 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-04-27 12:29 . 2011-04-27 12:29 -------- d-----w- c:\windows\PCHEALTH
2011-04-27 12:29 . 2011-04-29 10:22 -------- d-----w- c:\program files\Microsoft.NET
2011-04-27 12:29 . 2011-04-27 12:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-27 12:27 . 2011-04-27 12:27 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-27 12:27 . 2011-05-22 11:50 -------- d-----w- c:\programdata\Microsoft Help
2011-04-27 12:27 . 2011-04-27 12:27 -------- d-----r- C:\MSOCache
2011-04-27 06:55 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-27 06:51 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-26 21:24 . 2011-03-25 16:03 15592 ----a-w- c:\windows\system32\roboot.exe
2011-04-26 21:24 . 2011-03-25 03:35 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-04-26 21:24 . 2011-03-25 03:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 21:24 . 2011-03-25 03:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-26 21:23 . 2011-04-26 21:23 -------- d-----w- c:\windows\system32\Macromed
2011-04-26 21:02 . 2011-04-26 21:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-26 21:02 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-26 21:02 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-26 21:01 . 2011-04-26 21:01 -------- d-----w- c:\program files\iPod
2011-04-26 21:01 . 2011-04-26 21:02 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-26 20:59 . 2011-04-26 21:00 -------- d-----w- c:\programdata\Apple
2011-04-26 13:15 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-04-26 13:14 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2011-04-26 13:14 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2011-04-26 13:14 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-26 13:14 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2011-04-26 13:14 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2011-04-26 13:14 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2011-04-26 13:14 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2011-04-26 13:14 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-04-26 13:14 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-04-26 13:14 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-04-26 13:14 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2011-04-26 13:14 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-04-26 08:23 . 2011-05-06 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-26 08:10 . 2011-05-01 20:37 -------- d-----w- c:\program files\Artlantis Studio 2
2011-04-26 08:04 . 2011-05-04 08:33 -------- d-----w- c:\programdata\FLEXnet
2011-04-26 07:57 . 2011-04-26 07:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-04-26 07:54 . 2011-05-22 11:51 -------- d-----w- c:\program files\Autodesk
2011-04-26 07:52 . 2011-05-22 11:51 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-26 07:52 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-04-26 07:52 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-04-26 07:52 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-04-26 07:49 . 2011-05-22 11:52 -------- d-----w- c:\programdata\Autodesk
2011-04-25 19:07 . 2011-04-25 18:15 -------- d-----w- c:\windows\Panther
2011-04-25 19:06 . 2011-04-25 19:06 -------- d-----w- C:\Boot
2011-04-25 19:00 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-25 18:58 . 2011-05-19 13:09 -------- d-----w- c:\program files\JDownloader
2011-04-25 18:51 . 2011-04-25 18:51 -------- d-----w- c:\program files\VideoLAN
2011-04-25 18:50 . 2011-04-25 18:50 -------- d-----w- c:\program files\IrfanView
2011-04-25 18:49 . 2011-04-18 07:15 7071056 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A0E4066-8DCB-45C5-9399-04B5F5E6C376}\mpengine.dll
2011-04-25 18:49 . 2010-10-19 09:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-25 18:49 . 2011-04-25 18:49 -------- d-----w- c:\program files\foobar2000
2011-04-25 18:43 . 2011-05-22 12:16 -------- d-sh--w- c:\windows\Installer
2011-04-25 18:43 . 2011-04-25 18:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-25 18:43 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-25 18:35 . 2011-04-25 18:36 -------- d-----w- c:\program files\Yaho's Miranda IM
2011-04-25 18:34 . 2011-04-25 18:35 -------- d-----w- c:\program files\Yaho's Miranda IM – starsi
2011-04-25 18:26 . 2011-04-25 18:26 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-04-25 18:26 . 2011-04-25 18:26 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
.
c:\users\Alenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKslc93c9101;MpKslc93c9101;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{220E0080-0C22-4C25-88AD-C07459194483}\MpKslc93c9101.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\Alenka\AppData\Local\Temp\CFcatchme.sys [x]
R3 cpuz134;cpuz134;c:\users\Alenka\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-01 1343400]
S1 MpKsl7444d4c2;MpKsl7444d4c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03B2E1C3-45AD-4381-B557-62715E9F2EF2}\MpKsl7444d4c2.sys [2011-05-23 28752]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-23 08:16:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-23 06:16
ComboFix2.txt 2011-05-22 19:56
.
Před spuštěním: Volných bajtů: 25 302 274 048
Po spuštění: Volných bajtů: 25 217 249 280
.
- - End Of File - - 7ACDB5C47DC3DD020A8D63C10B973F8F
Nahr nˇ probŘhlo ŁspŘçnŘ