Prosím o kontrolu- svchost 100 % CPU

[O.n.d.r.4]

Prosím o kontrolu logu

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:59:58, on 22.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.1000her.cz/loading/loading.php?data=&roz=2&menu=sportovni&id=314&admedia=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Majitel\Local Settings\Temp\{49FEF7EB-FDC2-4ADF-B975-95B777757532}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Startup: siszyd32.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.27.0.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f370c98b3500) (gupdate1c9f370c98b3500) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10992 bytes

[Reklama]

[pitimir]

Zdar, mas tam bordel...

Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

[O.n.d.r.4]

Už je to lepší, dal jsem nouzový režim a zapnul nod a ted mi nejvic cpu zabiraji necinne procesy systému. jinak dík za pomoc

Logfile of random's system information tool 1.06 (written by random/random)
Run by Majitel at 2009-12-22 23:21:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 5 GB (3%) free of 160 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:13, on 22.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Majitel\Plocha\RSIT.exe
C:\Program Files\trend micro\Majitel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoc1.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.1000her.cz/loading/loading.php?data=&roz=2&menu=sportovni&id=314&admedia=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Majitel\Local Settings\Temp\{49FEF7EB-FDC2-4ADF-B975-95B777757532}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.27.0.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f370c98b3500) (gupdate1c9f370c98b3500) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10533 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]
Local Strike Toolbar - C:\Program Files\Local_Strike\tbLoc1.dll [2009-07-10 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-09 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-09 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-09 251504]
{2c650b7d-aa32-4798-af1a-fd8ef806d89f} - Local Strike Toolbar - C:\Program Files\Local_Strike\tbLoc1.dll [2009-07-10 2215960]
{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - 4shared.com Toolbar - C:\Program Files\4shared.com\tb4sha.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-17 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-17 86016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"sXe Injected"=C:\Program Files\sXe Injected\sXe Injected.exe []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-13 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Majitel\Nabídka Start\Programy\Po spuštění
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Documents and Settings\Majitel\Local Settings\Temp\{49FEF7EB-FDC2-4ADF-B975-95B777757532}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404"
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe"="C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Paradox Interactive\Majesty 2\Majesty2.exe"="C:\Program Files\Paradox Interactive\Majesty 2\Majesty2.exe:*:Enabled:Majesty 2"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe"="C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe:*:Enabled:CS 1.8 Goiceasoft"
"C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\Hlds.exe"="C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\Hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Steam\SteamApps\o_n_d_r_4\condition zero deleted scenes\hl.exe"="C:\Program Files\Steam\SteamApps\o_n_d_r_4\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\SteamApps\o_n_d_r_4\counter-strike\hl.exe"="C:\Program Files\Steam\SteamApps\o_n_d_r_4\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25972a51-e27c-11dd-8a08-0016e680d5b2}]
shell\AutoRun\command - G:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-12-22 23:21:57 ----D---- C:\rsit
2009-12-22 23:21:57 ----D---- C:\Program Files\trend micro
2009-12-22 14:37:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-22 13:59:04 ----D---- C:\Program Files\TrendMicro
2009-12-20 10:17:32 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-11 01:25:47 ----D---- C:\WINDOWS\Minidump
2009-12-10 02:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 02:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 02:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 02:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 02:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-07 23:52:12 ----D---- C:\Program Files\Art D
2009-12-07 23:52:12 ----A---- C:\WINDOWS\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
2009-12-07 23:46:15 ----D---- C:\Program Files\Art Plus
2009-12-07 23:40:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\HappyFoto
2009-12-07 23:40:04 ----D---- C:\Program Files\HappyFoto
2009-12-07 16:28:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2009-12-07 16:23:37 ----A---- C:\WINDOWS\system32\mkl_vml_p4.dll
2009-12-07 16:23:37 ----A---- C:\WINDOWS\system32\mkl_vml_p3.dll
2009-12-07 16:23:37 ----A---- C:\WINDOWS\system32\mkl_vml_def.dll
2009-12-07 16:23:37 ----A---- C:\WINDOWS\system32\mkl_p4.dll
2009-12-07 16:23:37 ----A---- C:\WINDOWS\system32\mkl_p3.dll
2009-12-07 16:23:36 ----A---- C:\WINDOWS\system32\rapture3d_oal.dll
2009-12-07 16:23:36 ----A---- C:\WINDOWS\system32\mkl_lapack64.dll
2009-12-07 16:23:36 ----A---- C:\WINDOWS\system32\mkl_lapack32.dll
2009-12-07 16:23:36 ----A---- C:\WINDOWS\system32\mkl_def.dll
2009-12-07 16:23:36 ----A---- C:\WINDOWS\system32\libguide40.dll
2009-12-07 16:23:34 ----D---- C:\Program Files\BRS
2009-12-07 16:22:59 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-12-07 16:22:08 ----RA---- C:\WINDOWS\system32\tmp56D.tmp
2009-12-07 16:22:08 ----RA---- C:\WINDOWS\system32\tmp56C.tmp
2009-12-07 16:22:06 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-07 16:22:05 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-07 16:22:04 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-07 16:22:03 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-07 16:22:02 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-07 16:22:01 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-07 16:22:00 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-07 15:56:18 ----D---- C:\Program Files\Codemasters
2009-12-04 19:19:18 ----D---- C:\Program Files\4shared.com
2009-12-04 13:53:38 ----D---- C:\ejay
2009-11-26 21:14:29 ----D---- C:\Program Files\GIMP-2
2009-11-26 20:11:50 ----D---- C:\Documents and Settings\Majitel\Data aplikací\Zoner
2009-11-26 20:10:19 ----D---- C:\Program Files\Zoner
2009-11-25 23:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 23:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-22 23:22:01 ----D---- C:\WINDOWS\Temp
2009-12-22 23:21:57 ----RD---- C:\Program Files
2009-12-22 23:21:48 ----D---- C:\WINDOWS\Prefetch
2009-12-22 23:18:30 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-22 23:18:14 ----D---- C:\Documents and Settings\Majitel\Data aplikací\Skype
2009-12-22 23:17:44 ----D---- C:\Documents and Settings\Majitel\Data aplikací\skypePM
2009-12-22 23:17:30 ----D---- C:\Program Files\Steam
2009-12-22 14:37:39 ----D---- C:\Documents and Settings
2009-12-22 14:37:25 ----D---- C:\WINDOWS
2009-12-22 14:36:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-22 13:59:12 ----SHD---- C:\WINDOWS\Installer
2009-12-22 13:59:12 ----HD---- C:\Config.Msi
2009-12-21 21:27:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-20 18:42:37 ----D---- C:\WINDOWS\security
2009-12-20 10:18:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-20 10:18:49 ----D---- C:\WINDOWS\system32\drivers
2009-12-20 10:17:32 ----D---- C:\WINDOWS\system32
2009-12-20 04:04:00 ----D---- C:\Program Files\Internet Explorer
2009-12-18 16:15:04 ----D---- C:\Program Files\Game
2009-12-18 16:12:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-17 20:25:31 ----D---- C:\Program Files\Google
2009-12-17 15:39:23 ----D---- C:\Program Files\Electronic Arts
2009-12-15 15:53:26 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-11 00:34:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-11 00:34:26 ----HD---- C:\WINDOWS\inf
2009-12-11 00:34:01 ----RSD---- C:\WINDOWS\assembly
2009-12-10 14:50:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 02:25:25 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 02:25:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 02:25:01 ----D---- C:\WINDOWS\system32\cs-cz
2009-12-10 02:24:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-08 13:35:38 ----D---- C:\Program Files\AMX Mod X
2009-12-07 23:46:15 ----HD---- C:\Program Files\Uninstall Information
2009-12-07 16:23:00 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-07 16:22:08 ----D---- C:\Program Files\OpenAL
2009-12-07 16:22:08 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-07 16:22:08 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-07 14:25:26 ----D---- C:\DRIVERS
2009-12-07 14:23:05 ----D---- C:\Program Files\RailWorks
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-01 13:25:14 ----D---- C:\Program Files\Valve
2009-11-25 23:37:01 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-13 54280]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-05 281760]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-13 71176]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-05 25888]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-03-13 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-17 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-13 47360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
S3 ana5x96r;ana5x96r; C:\WINDOWS\system32\drivers\ana5x96r.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Majitel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-10 25280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 jbridgep;jbridgep; \??\C:\DOCUME~1\Majitel\LOCALS~1\Temp\jbridgep.sys []
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-17 159812]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 gupdate1c9f370c98b3500;Google Update Service (gupdate1c9f370c98b3500); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-13 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849844]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[pitimir]

Super...ale pre istotu este daj log z ComboFixu, tato haved nechodi sama...

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[O.n.d.r.4]

Zapomnel jsem vypnout eset takže nevim jestli se do udělalo správně
ComboFix 09-12-22.07 - Majitel 23.12.2009 15:44:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.714 [GMT 1:00]
Spuštěný z: c:\documents and settings\Majitel\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\Readme.txt
c:\windows\system32\kr_done1
c:\windows\xobglu16.dll
D:\resycled

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-22 22:21 . 2009-12-22 22:22 -------- d-----w- C:\rsit
2009-12-22 22:21 . 2009-12-22 22:22 -------- d-----w- c:\program files\trend micro
2009-12-22 12:59 . 2009-12-22 12:59 -------- d-----w- c:\program files\TrendMicro
2009-12-20 09:18 . 2009-12-20 13:21 734208 ----a-w- c:\windows\system32\drivers\dizghzq.sys
2009-12-20 09:18 . 2004-08-03 21:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2009-12-20 09:18 . 2004-08-03 21:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-12-20 02:38 . 2009-12-20 09:15 734208 ----a-w- c:\windows\system32\drivers\rbahc.sys
2009-12-07 22:52 . 2009-12-07 22:55 -------- d-----w- c:\program files\Art D
2009-12-07 22:52 . 2009-12-07 22:52 23163397 ----a-w- c:\windows\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
2009-12-07 22:46 . 2009-12-07 22:47 -------- d-----w- c:\program files\Art Plus
2009-12-07 22:40 . 2009-12-07 22:40 -------- d-----w- c:\program files\HappyFoto
2009-12-07 15:23 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-07 15:23 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-07 15:23 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-07 15:23 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-07 15:23 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-07 15:23 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-07 15:23 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-07 15:23 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-07 15:23 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-07 15:23 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-07 15:23 . 2009-12-07 15:23 -------- d-----w- c:\program files\BRS
2009-12-07 15:22 . 2009-12-07 15:23 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-07 15:22 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-07 15:22 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-07 15:22 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-07 14:56 . 2009-12-07 14:56 -------- d-----w- c:\program files\Codemasters
2009-12-04 18:19 . 2009-12-04 18:20 -------- d-----w- c:\program files\4shared.com
2009-12-04 12:53 . 2009-12-04 12:53 -------- d-----w- C:\ejay
2009-11-26 20:14 . 2009-11-26 20:14 -------- d-----w- c:\program files\GIMP-2
2009-11-26 19:10 . 2009-11-26 19:10 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 14:29 . 2009-02-21 17:18 -------- d-----w- c:\program files\Steam
2009-12-20 09:18 . 2009-12-20 09:18 734208 ----a-w- c:\windows\system32\drivers\aec.sys.tmp
2009-12-18 15:15 . 2009-03-29 13:08 -------- d-----w- c:\program files\Game
2009-12-18 15:12 . 2009-01-13 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 19:25 . 2009-03-09 14:55 -------- d-----w- c:\program files\Google
2009-12-17 14:39 . 2009-02-11 18:58 -------- d-----w- c:\program files\Electronic Arts
2009-12-10 13:50 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 13:50 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-08 12:35 . 2009-06-06 09:28 -------- d-----w- c:\program files\AMX Mod X
2009-12-07 15:22 . 2009-03-28 13:39 -------- d-----w- c:\program files\OpenAL
2009-12-07 15:22 . 2009-03-28 13:39 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-07 15:22 . 2009-03-28 13:39 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-07 13:23 . 2009-09-26 11:17 -------- d-----w- c:\program files\RailWorks
2009-12-01 12:25 . 2009-01-16 15:49 -------- d-----w- c:\program files\Valve
2009-11-19 13:18 . 2009-11-12 12:34 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-11 11:40 . 2009-06-21 20:01 -------- d-----w- c:\program files\Activision
2009-11-10 17:58 . 2009-03-27 21:05 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-10 17:55 . 2009-11-10 17:55 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 07:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:03 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2006-03-02 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 11:06 . 2009-10-17 11:06 34676 ----a-w- c:\windows\xobglu32.dll
2009-10-15 11:44 . 2009-12-07 15:22 809560 ----a-r- c:\windows\system32\tmp56D.tmp
2009-10-15 11:44 . 2009-12-07 15:22 809560 ----a-r- c:\windows\system32\tmp56C.tmp
2009-10-13 10:53 . 2006-03-02 12:00 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-03-02 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-03-02 12:00 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c650b7d-aa32-4798-af1a-fd8ef806d89f}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\4shared.com\tb4sha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]
2009-07-10 10:54 2215960 ----a-w- c:\program files\Local_Strike\tbLoc1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c650b7d-aa32-4798-af1a-fd8ef806d89f}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C650B7D-AA32-4798-AF1A-FD8EF806D89F}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
"nwiz"="nwiz.exe" [2008-05-17 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Paradox Interactive\\Majesty 2\\Majesty2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\Hlds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\o_n_d_r_4\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\o_n_d_r_4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13.3.2008 15:49 472320]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.1.2009 21:21 222968]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.1.2009 21:27 721904]
S2 gupdate1c9f370c98b3500;Google Update Service (gupdate1c9f370c98b3500);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 20:36 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Majitel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Majitel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 jbridgep;jbridgep;\??\c:\docume~1\Majitel\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\Majitel\LOCALS~1\Temp\jbridgep.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\program files\Ufasoft\Sniffer\usft_sn4.sys [24.3.2009 19:46 34816]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.27.0.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM-Run-sXe Injected - c:\program files\sXe Injected\sXe Injected.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 15:55
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-706699826-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2009-12-23 15:57:37
ComboFix-quarantined-files.txt 2009-12-23 14:57

Před spuštěním: 6 520 352 768
Po spuštění: Volných bajtů: 24 725 819 392

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C4D4666A14A167C13CA41A058B29104F

[pitimir]

No vidis, par rootkitov sme odhalili :)

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Rootkit::
c:\windows\system32\drivers\dizghzq.sys
c:\docume~1\Majitel\LOCALS~1\Temp\jbridgep.sys

Driver::
dizghzq
jbridgep

ICQ Service

Folder::
c:\program files\ICQ6Toolbar

FileLook::
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\rbahc.sys

DDS::
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.27.0.cab

RegNull::
[HKEY_USERS\S-1-5-21-1844237615-706699826-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

FixCSet::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[O.n.d.r.4]

Udělal jsem to mám poslat log, nebo už ne.. A pořád mám v procesech 7x svchost.exe, prosím o radu jestli to vadí.

[pitimir]

Jasne, posli log.

A vadit to nemusi.

[O.n.d.r.4]

ComboFix 09-12-22.09 - Majitel 24.12.2009 0:38.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.595 [GMT 1:00]
Spuštěný z: c:\documents and settings\Majitel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Majitel\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_JBRIDGEP
-------\Service_ICQ Service
-------\Service_jbridgep


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-23 do 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 16:48 . 2009-12-23 16:57 -------- d-----w- c:\program files\Game
2009-12-22 22:21 . 2009-12-22 22:22 -------- d-----w- C:\rsit
2009-12-22 22:21 . 2009-12-22 22:22 -------- d-----w- c:\program files\trend micro
2009-12-22 12:59 . 2009-12-22 12:59 -------- d-----w- c:\program files\TrendMicro
2009-12-20 09:18 . 2004-08-03 21:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2009-12-20 09:18 . 2004-08-03 21:39 142464 ------w- c:\windows\system32\drivers\aec.sys
2009-12-20 02:38 . 2009-12-20 09:15 734208 ----a-w- c:\windows\system32\drivers\rbahc.sys
2009-12-07 22:52 . 2009-12-07 22:55 -------- d-----w- c:\program files\Art D
2009-12-07 22:52 . 2009-12-07 22:52 23163397 ----a-w- c:\windows\system32\ArtD - Grafický atelier Černý_Book-Maker_uninstaller.exe
2009-12-07 22:46 . 2009-12-07 22:47 -------- d-----w- c:\program files\Art Plus
2009-12-07 22:40 . 2009-12-07 22:40 -------- d-----w- c:\program files\HappyFoto
2009-12-07 15:23 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-07 15:23 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-07 15:23 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-07 15:23 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-07 15:23 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-07 15:23 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-07 15:23 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-07 15:23 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-07 15:23 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-07 15:23 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-07 15:23 . 2009-12-07 15:23 -------- d-----w- c:\program files\BRS
2009-12-07 15:22 . 2009-12-07 15:23 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-07 15:22 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-07 15:22 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-07 15:22 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-07 15:22 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-12-07 14:56 . 2009-12-07 14:56 -------- d-----w- c:\program files\Codemasters
2009-12-04 18:19 . 2009-12-04 18:20 -------- d-----w- c:\program files\4shared.com
2009-12-04 12:53 . 2009-12-04 12:53 -------- d-----w- C:\ejay
2009-11-26 20:14 . 2009-11-26 20:14 -------- d-----w- c:\program files\GIMP-2
2009-11-26 19:10 . 2009-11-26 19:10 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 23:49 . 2009-02-21 17:18 -------- d-----w- c:\program files\Steam
2009-12-23 17:19 . 2009-01-13 17:26 -------- d-----w- c:\program files\Microsoft Works
2009-12-23 16:46 . 2009-01-13 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 09:18 . 2009-12-20 09:18 734208 ----a-w- c:\windows\system32\drivers\aec.sys.tmp
2009-12-17 19:25 . 2009-03-09 14:55 -------- d-----w- c:\program files\Google
2009-12-17 14:39 . 2009-02-11 18:58 -------- d-----w- c:\program files\Electronic Arts
2009-12-10 13:50 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 13:50 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-08 12:35 . 2009-06-06 09:28 -------- d-----w- c:\program files\AMX Mod X
2009-12-07 15:22 . 2009-03-28 13:39 -------- d-----w- c:\program files\OpenAL
2009-12-07 15:22 . 2009-03-28 13:39 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-07 15:22 . 2009-03-28 13:39 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-07 13:23 . 2009-09-26 11:17 -------- d-----w- c:\program files\RailWorks
2009-12-01 12:25 . 2009-01-16 15:49 -------- d-----w- c:\program files\Valve
2009-11-19 13:18 . 2009-11-12 12:34 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-11 11:40 . 2009-06-21 20:01 -------- d-----w- c:\program files\Activision
2009-11-10 17:58 . 2009-03-27 21:05 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-10 17:55 . 2009-11-10 17:55 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 07:45 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:03 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2006-03-02 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 11:06 . 2009-10-17 11:06 34676 ----a-w- c:\windows\xobglu32.dll
2009-10-15 11:44 . 2009-12-07 15:22 809560 ----a-r- c:\windows\system32\tmp56D.tmp
2009-10-15 11:44 . 2009-12-07 15:22 809560 ----a-r- c:\windows\system32\tmp56C.tmp
2009-10-13 10:53 . 2006-03-02 12:00 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-03-02 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-03-02 12:00 112640 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\aec.sys ---
Company: Microsoft Corporation
File Description: Microsoft Acoustic Echo Canceller
File Version: 5.1.2601.2078
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: aec.sys
File size: 142464
Created time: 2009-12-20 09:18
Modified time: 2004-08-03 21:39
MD5: 841F385C6CFAF66B58FBD898722BB4F0
SHA1: 7A15AF4FDE46A5A378D296492528FC24123D0E7B


--- c:\windows\system32\drivers\rbahc.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 734208
Created time: 2009-12-20 02:38
Modified time: 2009-12-20 09:15
MD5: 7D2FDC4593D33B79A49CA39C3D130596
SHA1: 992AC266D49386789C2DE5F60D0B3B644F28FEEF


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c650b7d-aa32-4798-af1a-fd8ef806d89f}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\4shared.com\tb4sha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]
2009-07-10 10:54 2215960 ----a-w- c:\program files\Local_Strike\tbLoc1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c650b7d-aa32-4798-af1a-fd8ef806d89f}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C650B7D-AA32-4798-AF1A-FD8EF806D89F}"= "c:\program files\Local_Strike\tbLoc1.dll" [2009-07-10 2215960]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sha.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}]

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]
"nwiz"="nwiz.exe" [2008-05-17 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Paradox Interactive\\Majesty 2\\Majesty2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\Hlds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\o_n_d_r_4\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\o_n_d_r_4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.1.2009 21:27 721904]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13.3.2008 15:49 472320]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
S2 gupdate1c9f370c98b3500;Google Update Service (gupdate1c9f370c98b3500);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 20:36 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Majitel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Majitel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;c:\program files\Ufasoft\Sniffer\usft_sn4.sys [24.3.2009 19:46 34816]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 00:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x86FDF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf798d6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf710aba0
PacketIndicateHandler -> NDIS.sys @ 0xf7117b21
SendHandler -> NDIS.sys @ 0xf70f587b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-706699826-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3016)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-12-24 00:55:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-23 23:55
ComboFix2.txt 2009-12-23 14:57

Před spuštěním: Volných bajtů: 23 653 281 792
Po spuštění: Volných bajtů: 23 613 771 776

- - End Of File - - 46B0A9228A2E44D5278A439B8F9F8DF8

[pitimir]

Poprosim si logy z GMERu:

Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

[O.n.d.r.4]

Teď ale nevím který log, jestli z combofixu, nebo jiného?

[jaro3]

Vsuvka-pitimir chce od Tebe oba logy z Gmeru, viz výše:

Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.