Prosim o preventivku, dekuji.

[Geneiken]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-09-25 07:52:45
Microsoft Windows 7 Ultimate
System drive C: has 69 GB (34%) free of 200 GB
Total RAM: 4096 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:52:47, on 25.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
D:\Valve\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Miranda IM KP v5.0.8.15\miranda32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 93.185.109.150 localhost
O1 - Hosts: 93.185.109.150 l2authd.lineage2.com
O1 - Hosts: 93.185.109.150 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL501 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8276 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
Ati2evxx.exe -Client
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Valve\Steam.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Miranda IM KP v5.0.8.15\miranda32.exe" zero
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3284.628ce80.41484990 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" 3284 plugin \\.\pipe\gecko-crash-server-pipe.3284
C:\Windows\System32\svchost.exe -k secsvcs
taskeng.exe {55612DBF-09F0-4781-9A5E-6CB6A1A890FA}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey BDD36863-0F4D-B4B8-0603-B96E0508A5FF -Reinvoke
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Admin\Downloads\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-14 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-29 2840352]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-07-16 141608]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-25 07:51:44 ----D---- C:\rsit
2010-09-25 07:51:44 ----D---- C:\Program Files\trend micro
2010-09-16 19:32:53 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-09-14 18:03:36 ----D---- C:\Program Files (x86)\Hero Editor
2010-09-12 12:35:08 ----D---- C:\ProgramData\Symantec
2010-09-12 12:35:08 ----D---- C:\ProgramData\Norton
2010-09-12 12:35:06 ----D---- C:\ProgramData\NortonInstaller
2010-09-11 23:34:51 ----A---- C:\Windows\ScUnin.pif
2010-09-11 23:34:51 ----A---- C:\Windows\ScUnin.exe
2010-09-09 20:26:23 ----A---- C:\Windows\system32\mshtml.dll
2010-09-09 20:26:22 ----A---- C:\Windows\system32\ieframe.dll
2010-09-09 20:26:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-09-09 20:26:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-09-09 20:26:17 ----A---- C:\Windows\system32\wininet.dll
2010-09-09 20:26:17 ----A---- C:\Windows\system32\urlmon.dll
2010-09-09 20:26:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-09-09 20:26:16 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-09-09 20:26:15 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-09-09 20:26:15 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-09-09 20:26:15 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-09-09 20:26:15 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-09-09 20:26:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-09-09 20:26:15 ----A---- C:\Windows\system32\mstime.dll
2010-09-09 20:26:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-09-09 20:26:15 ----A---- C:\Windows\system32\ieui.dll
2010-09-09 20:26:15 ----A---- C:\Windows\system32\iepeers.dll
2010-09-09 20:26:15 ----A---- C:\Windows\system32\iedkcs32.dll
2010-09-09 20:26:14 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-09-09 20:26:14 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-09-09 20:26:14 ----A---- C:\Windows\system32\msfeedssync.exe
2010-09-09 20:26:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-09-09 20:26:04 ----A---- C:\Windows\SYSWOW64\schannel.dll
2010-09-09 20:26:04 ----A---- C:\Windows\system32\schannel.dll
2010-09-09 20:26:03 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-09-09 20:26:03 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-09-09 20:26:03 ----A---- C:\Windows\system32\drivers\srv.sys
2010-09-09 20:26:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-09-09 20:25:59 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2010-09-09 20:25:58 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2010-09-09 20:25:57 ----A---- C:\Windows\system32\win32k.sys
2010-09-09 20:25:57 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-09-09 20:25:56 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2010-09-09 20:25:56 ----A---- C:\Windows\system32\oleaut32.dll
2010-09-09 20:25:55 ----A---- C:\Windows\SYSWOW64\rtutils.dll
2010-09-09 20:25:55 ----A---- C:\Windows\system32\rtutils.dll
2010-09-09 20:25:54 ----A---- C:\Windows\SYSWOW64\iccvid.dll
2010-09-09 20:25:53 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2010-09-09 20:25:53 ----A---- C:\Windows\system32\msxml3.dll
2010-09-09 17:36:54 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-09-09 17:33:06 ----N---- C:\Windows\Setup1.exe
2010-09-09 17:33:05 ----A---- C:\Windows\ST6UNST.EXE
2010-09-09 17:20:45 ----A---- C:\Windows\DIIUnin.pif
2010-09-09 17:20:45 ----A---- C:\Windows\DIIUnin.exe
2010-09-09 17:11:58 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2010-09-09 17:11:41 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-09-09 17:11:23 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-09-09 17:11:14 ----D---- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2010-09-09 17:11:11 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-09-02 18:10:16 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2010-09-02 18:05:34 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2010-09-02 18:04:54 ----RD---- C:\Program Files (x86)\Skype
2010-09-02 18:04:52 ----D---- C:\ProgramData\Skype
2010-08-27 10:35:12 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2010-08-27 10:35:12 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2010-08-27 10:35:12 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-27 10:35:12 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-27 10:35:10 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2010-08-27 10:35:10 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2010-08-27 10:35:10 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-27 10:35:10 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-27 10:35:09 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-27 10:35:08 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2010-08-27 10:35:08 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-27 10:34:43 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-08-27 10:34:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-08-27 10:34:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-08-27 10:34:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-08-27 10:34:39 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-08-27 10:34:39 ----A---- C:\Windows\system32\D3DX9_40.dll

======List of files/folders modified in the last 1 months======

2010-09-25 07:52:46 ----D---- C:\Windows\Temp
2010-09-25 07:52:30 ----D---- C:\Windows\Prefetch
2010-09-25 07:51:44 ----RD---- C:\Program Files
2010-09-25 07:49:17 ----D---- C:\Windows\system32\config
2010-09-23 06:46:14 ----D---- C:\Windows\System32
2010-09-23 06:46:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-23 06:46:13 ----D---- C:\Windows\inf
2010-09-22 19:03:06 ----RD---- C:\Program Files (x86)
2010-09-19 16:07:57 ----SHD---- C:\Windows\Installer
2010-09-19 16:07:51 ----SHD---- C:\System Volume Information
2010-09-19 15:42:24 ----D---- C:\Program Files (x86)\Garena
2010-09-18 10:46:46 ----D---- C:\Windows\system32\catroot2
2010-09-17 18:43:41 ----RSD---- C:\Windows\Fonts
2010-09-17 15:02:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-09-17 14:50:55 ----D---- C:\Program Files\Common Files\Adobe
2010-09-17 14:47:45 ----D---- C:\Windows\SysWOW64
2010-09-17 14:47:34 ----D---- C:\Program Files (x86)\Adobe
2010-09-17 14:46:36 ----D---- C:\ProgramData\Adobe
2010-09-16 19:38:56 ----D---- C:\Windows\system32\Tasks
2010-09-16 19:32:53 ----HD---- C:\ProgramData
2010-09-16 19:16:39 ----D---- C:\Users\Admin\AppData\Roaming\Adobe
2010-09-16 19:13:53 ----D---- C:\Windows\winsxs
2010-09-16 19:11:53 ----D---- C:\Program Files (x86)\Common Files
2010-09-14 18:03:45 ----D---- C:\Windows
2010-09-12 12:43:14 ----D---- C:\Windows\system32\drivers
2010-09-12 12:43:13 ----D---- C:\Windows\Tasks
2010-09-12 11:19:30 ----D---- C:\Windows\Minidump
2010-09-12 09:37:10 ----D---- C:\ProgramData\DivX
2010-09-12 09:37:10 ----D---- C:\Program Files (x86)\DivX
2010-09-11 13:01:33 ----D---- C:\Windows\Microsoft.NET
2010-09-11 13:01:24 ----RSD---- C:\Windows\assembly
2010-09-10 15:56:41 ----D---- C:\Program Files (x86)\Bonjour
2010-09-09 20:31:07 ----D---- C:\Windows\SYSWOW64\migration
2010-09-09 20:31:07 ----D---- C:\Windows\system32\migration
2010-09-09 20:31:07 ----D---- C:\Program Files\Internet Explorer
2010-09-09 20:31:07 ----D---- C:\Program Files (x86)\Internet Explorer
2010-09-09 20:26:52 ----D---- C:\Windows\AppPatch
2010-09-09 20:25:48 ----D---- C:\Windows\system32\catroot
2010-09-04 11:21:36 ----D---- C:\Users\Admin\AppData\Roaming\TeamViewer
2010-08-27 15:04:09 ----D---- C:\Users\Admin\AppData\Roaming\DivX
2010-08-27 10:34:35 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-09 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-29 139704]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-29 164912]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 124760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-11 5352960]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]
S3 a0hn6p8w;a0hn6p8w; C:\Windows\system32\drivers\a0hn6p8w.sys []
S3 ATICDSDr;ATICDSDr; \??\C:\Users\Admin\AppData\Local\Temp\ATICDSDr.sys [2007-09-04 6144]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-05-13 21712]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-07-24 33344]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2010-04-19 50688]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2010-02-11 952320]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-29 810120]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-16 654112]
S2 MySQL501;MySQL501; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL501 []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-29 42336]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-24 654848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-05-13 395048]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[Roli]

Zdravím, tyhle zbytečnosti fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

HJT najdeš zde :

C:\Program Files\trend micro\Admin.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Jinak preventivně v pořádku.

[Geneiken]

C:\Program Files\trend micro\Admin.exe

Nic takového v PC nemůžu najít, není to náhodou jeden z těch programů které tady na fóru používáte? Jinak samozřejmě díky za zkontrolování

[Roli]

Jedná se o HiJackThis který máš v PC nainstalovaný na C: >> Program Files >> trend micro, složku otevři, poklikej na a dále pokračuj podle návodu.

Pokud ho opravdu nemůžeš najít i když bys měl stáhni si ho ZDE znovu.

Jinak není vůbec zač.

[Geneiken]

Super tak jsem to udělal, mám tu teď hodit log znova nebo už není třeba?

[Roli]

Pokud nemáš s PC nějaký problém není třeba sem cokoliv "házet"