PC-HELP.CZ

Zkontrolujte mi to prosim :)
Jeste kdo by mi chtel pomoct s tim ze mi nejak nejde zvuk, tak tady link - viewtopic.php?f=7&t=42848
- LOG -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:09, on 27.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4324 bytes

- je vsechno v poradku?

Mrkne se ti na to jaro3.

MbAM:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Odinstaluj:
AskBar
AskBarDis

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Proveď Malwarebytes' Anti-Malware, jak píše Damned

Tady je to z toho MBAM:
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2511
Windows 6.0.6001 Service Pack 1

27.7.2009 15:52:46
mbam-log-2009-07-27 (15-52-38).txt

Typ skenu: Rychlý sken
Objektu skenováno: 78921
Uplynulý cas: 2 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

Po odvirování si pořiď antivir a antispyware.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ok, diky. Takze zatim co to odvirovavam, nemohl by si mi poradit nejaky dobry free antivir a antispyware? Mam jeste na asi na rok registovanej AVG, ale ten je dost blbej a hlasi nejaky blbosti apod.

Během činnosti Combofixu bys neměl spouštět žádné programy , ani prohlížeče....

Alternativa k AVG je Avira nebo Avast.
Jako antispyware. SpywareTerminator, Spybot, SpywareDoctor atd.

Neboj nic jsem behem toho nezapinal. Je normalni ze mi to hodilo ikonku Internet Explorer na plochu? Co dal?
Tady je ten log-

ComboFix 09-07-26.01 - Honza 27.07.2009 16:20.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3326.2538 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2500117487-2235122911-2534943667-500
c:\$recycle.bin\S-1-5-21-3700810016-554019719-410073285-500
c:\$recycle.bin\S-1-5-21-4287889261-3624371361-1655003048-500
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 14:23 . 2009-07-27 14:24 -------- d-----w- c:\users\Honza\AppData\Local\temp
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:13 . 2009-07-27 13:13 -------- d-----w- c:\program files\Trend Micro
2009-07-27 13:01 . 2009-07-27 13:57 -------- d-----w- c:\users\Honza\AppData\Roaming\vlc
2009-07-27 13:00 . 2009-07-27 13:00 -------- d-----w- c:\program files\VideoLAN
2009-07-27 12:02 . 2009-07-27 12:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-21 20:27 . 2009-07-21 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 20:27 . 2009-07-23 08:32 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 20:27 . 2009-07-23 08:32 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 19:59 . 2009-07-21 19:59 -------- d-----w- c:\program files\EA Games
2009-07-17 08:15 . 2007-10-14 13:29 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-07-16 08:17 . 2009-07-16 08:17 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-07-16 08:17 . 2009-07-16 08:17 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-07-16 08:17 . 2009-07-16 08:24 -------- d-----w- c:\programdata\NexonEU
2009-07-16 08:17 . 2009-07-16 08:17 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-07-16 08:17 . 2009-07-16 08:17 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-07-15 22:24 . 2009-07-16 08:17 -------- d-----w- C:\Nexon
2009-07-15 20:38 . 2009-07-16 07:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-15 20:12 . 2009-07-15 20:12 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-07-15 20:12 . 2009-07-15 20:12 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-07-15 20:12 . 2009-07-15 20:12 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-07-15 20:12 . 2009-07-15 20:12 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-07-15 20:12 . 2009-07-15 20:12 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-07-15 20:12 . 2009-07-15 20:12 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\programdata\NexonUS
2009-07-15 18:48 . 2009-07-16 08:21 -------- d-----w- c:\program files\combaaaaatarms
2009-07-15 18:47 . 2009-07-15 20:40 -------- d-----w- c:\users\Honza\AppData\Local\PMB Files
2009-07-15 18:47 . 2009-07-15 18:48 -------- d-----w- c:\programdata\PMB Files
2009-07-15 18:47 . 2009-07-15 18:47 -------- d-----w- c:\program files\Pando Networks
2009-07-15 05:25 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:25 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:25 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:25 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 10:41 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-13 12:05 . 2009-07-13 12:05 -------- d-----w- c:\programdata\Activision
2009-07-13 09:02 . 2009-07-13 09:02 -------- d-----w- c:\program files\CAPCOM
2009-07-12 16:35 . 2009-07-12 17:29 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-12 09:22 . 2009-07-12 20:12 -------- d-----w- c:\users\Honza\AppData\Roaming\TotalRecorder
2009-07-12 09:21 . 2009-07-12 09:21 -------- d-----w- c:\program files\HighCriteria

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 14:21 . 2008-01-21 06:46 619730 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 14:21 . 2008-01-21 06:46 123660 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 12:01 . 2009-04-09 06:25 737280 ----a-w- c:\windows\iun6002.exe
2009-07-27 11:44 . 2008-08-13 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 11:44 . 2008-08-13 14:06 -------- d-----w- c:\program files\Realtek
2009-07-27 11:44 . 2008-08-13 14:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-07-27 10:45 . 2009-03-29 11:33 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2009-07-27 10:30 . 2009-03-29 11:34 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2009-07-26 13:21 . 2009-04-18 17:07 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-07-25 12:43 . 2009-05-11 11:24 34 ----a-w- c:\users\Honza\jagex_runescape_preferences.dat
2009-07-24 18:13 . 2009-03-28 07:53 -------- d-----w- c:\users\Honza\AppData\Roaming\uTorrent
2009-07-17 08:47 . 2009-03-27 18:13 101024 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 17:56 . 2009-03-28 19:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-16 17:56 . 2009-03-28 19:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-09 19:12 . 2009-06-04 04:35 -------- d-----w- c:\program files\iriver
2009-07-09 16:14 . 2009-03-27 18:57 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:51 . 2009-06-26 10:59 -------- d-----w- c:\programdata\ijjigame
2009-06-26 14:17 . 2009-06-26 11:07 337197168 ----a-w- c:\users\Honza\AppData\Roaming\ijjigame\U_SFInstaller.exe
2009-06-26 11:47 . 2009-06-26 11:07 -------- d--h--w- c:\users\Honza\AppData\Roaming\ijjigame
2009-06-26 10:09 . 2009-06-26 07:15 -------- d-----w- c:\program files\TrojanHunter 4.2
2009-06-25 17:24 . 2009-06-25 17:24 -------- d-----w- c:\programdata\FLEXnet
2009-06-25 17:16 . 2009-06-25 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 17:14 . 2009-06-25 17:14 -------- d-----w- c:\program files\Adobe Media Player
2009-06-25 17:11 . 2009-06-25 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:02 . 2009-06-14 10:02 10134 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-14 10:02 . 2009-06-14 10:02 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 09:48 . 2009-06-11 09:45 -------- d-----w- c:\program files\ScreenShots
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\AskBarDis
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\users\Honza\AppData\Roaming\Foxit
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Foxit Software
2009-06-04 12:25 . 2009-03-27 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 12:25 . 2009-04-02 14:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-11 11:23 . 2009-05-11 11:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 08:51 . 2009-05-05 08:51 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-07-23 10:42 . 2009-04-15 05:13 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85728E7A-457F-4200-A649-F5F220014D7E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44F67C49-D6DB-42F6-9870-4D9C8E04DD64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6B835E10-F0E5-49E7-A94C-835298C690CB}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{26A12CA2-4F86-489C-B5C9-D4FFD350F0D7}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"{AA82E417-D18A-4B97-BBEF-04F675C2EBB6}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{2DFDE481-3606-47EC-AE73-4C22E88184D8}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{60263180-8337-45EA-8C43-EB50799796FA}c:\\program files\\grid\\grid.exe"= UDP:c:\program files\grid\grid.exe:GRID Executable
"UDP Query User{675A91B0-D247-4DC1-897D-F2661B18ACE5}c:\\program files\\grid\\grid.exe"= TCP:c:\program files\grid\grid.exe:GRID Executable
"{359A4368-D4E2-4610-8B53-206737CB8DF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FD7E90B3-4B8B-4821-A039-AFB274A5EB76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E34CF4B6-E6C5-4C20-9DFB-389E60141B66}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E958F3DD-C329-4B8F-BA79-37EAA571C034}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3383620-E8C2-46E2-8956-5C65FA57192F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3928226D-3EAC-4E05-829F-BD6E48E409E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A4EE0972-866E-4CBE-AEB5-1A0080E7F21F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F0EAF914-0ADA-46F2-A303-1C3D5A1F2BD3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E5991BF5-CFAC-4E60-A99B-7C319023705F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD9A1B4-D5AB-4797-B5EE-F3A5019474BD}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{F8756CA4-33CB-4E03-885D-D92DD0C8F60D}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{2E206226-5358-4F50-B2DC-53FE01C4405B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{FAC4342B-E92C-4EC6-AE3F-15B5DB3CA67F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{0776F640-C4EB-4EB8-8908-F72BDF6CC329}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{22275F05-1EE8-4223-A264-85F4EFC2507F}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"TCP Query User{24D20406-836B-421F-A0C3-A9418D635632}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CE0C8F59-D9E1-40BB-A0BC-AC833A4FD200}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB6E2DD1-AB4D-4316-A3DC-7826B78B0C71}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{56D3563D-05EA-4A43-A428-6F8A1BEA789F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{DE926708-E982-4A9A-9AA3-9C23A3195147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9330F08D-C4BB-4621-9CB9-4E03A5E536EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{17FEEDEB-072A-4E66-8659-2A327BFA58FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{390D95D1-B4C7-4D42-ADEE-9F30F8D918EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C381F547-1EEB-4729-B66E-DD51C8044DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A0473CB-4392-4929-8F9D-6737AD014099}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E74FF5-7EBF-4E29-AB33-3B95AF7FAABE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F7008A-F34E-46DD-96D5-9AA668FE4738}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{29793399-E21D-4924-865D-B64A8BF04B79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2063922-E5B8-445F-8DD3-4D5F0D700AAC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{178A6728-994B-404A-8289-B77D722939AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{221D56FB-DC52-4109-9524-3CA630C0DAB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6BE8E9C-582C-4D5A-816C-6F3CB98E6BB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E24C65-1A70-46B9-BB3E-73BD26679CE3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CFCE5B20-CB57-4903-9C78-1874C44495A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CDE748E-64B5-432A-AA9F-5A8EB6505082}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8245A478-24CF-43CC-92EB-FB8815C30D29}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FB61832C-E64A-49F1-801F-CA51215DC25C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{07A78323-4E6C-4823-99BD-E5908499546D}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= UDP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"UDP Query User{8EDA66CC-9946-44CC-9938-1FDFDC5124F4}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= TCP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"{D1764B52-1523-4A49-BECA-70B263EEB759}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0095498A-6658-464B-BF65-307A289821EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32AF1DA1-164D-4058-B8E4-B8FB5E0C4486}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F6172C65-B0D8-40BA-8F3D-699DF822BD45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30B14D63-EA46-4B42-9380-10F7981FD18F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F207B790-604E-4FD2-9F8A-B2B58A288D03}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C86E29FB-62C5-4A0E-91E7-02640318D0E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C5C5E8E-AC06-48D8-9303-1B63F179D362}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{457FD94B-42FB-4464-A79F-C1E633408746}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2FAA51A-3799-49DE-A4CD-4D6947C9C509}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E3EDB466-DD5A-4F78-82C6-7969DBFB82CE}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"UDP Query User{2B1F84B4-4234-4D41-B43A-377D6F3C2757}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"{497E08E7-9AE7-478D-BE8E-FB653B9BCBD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A3F2DD2-0C5D-44B5-B16C-5FEDF40C3D8A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5D9129BD-5747-4025-B517-76A2341B70BC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{651EB013-C0C0-40F2-971B-C4D5C944BD8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E7A8A5-8059-473B-8DF5-3E8DEF07410E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15D6192-1189-41A4-8553-BD5B03B63F56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F443942-61EB-44D6-BF96-01D9914A7480}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C687CDB-5485-4F28-93AD-7B774A7F20FA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{86783F27-7AAC-4F51-99A2-12C401AA4C1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{208B4958-C446-4C5A-AAFD-143342E82912}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5AD38741-24B4-4EFF-BAF0-CD4310AD6F94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BB8BA2BF-E5AD-4407-9481-4543D4741F4D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DD5F6621-766C-46C7-9D71-F06DE50E18F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC7C9FD2-38B3-4C0D-8BEB-F264D205D2FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0189769A-EFC0-4610-BEA0-718216F3A556}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DB752BD9-6B59-44C7-9D2D-029E9DCA4451}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{9BB88FC0-91F7-49D4-A2CC-59D2FFDD7686}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{C3EE461E-E6DE-438B-808A-31DB019D3EE0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3462BBC4-BF69-4E5F-BA20-A25329099C21}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16331EDC-545A-4B55-A233-646F51D00D3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1DC2925A-EF19-415B-A2C2-29082D9A5C65}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E67105-90C8-45ED-BFAD-9A6A6A6C6845}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{14A2F842-3959-4D9C-BA26-3278FF43977B}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{176158EE-F023-4FA6-828B-57846C680964}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{86F93F6C-EC26-48C7-8542-3ABBB1933DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A6D5767-5744-4969-9FDD-22744194A62A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B4942EDD-7F00-453B-9129-52BE49B8A946}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FB72137-2773-4665-BEC0-1284BF5EA3B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5A43F0DF-4140-4139-9ED7-C6A6BAE95E4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4629A5C3-517E-4C20-961B-394D978C0867}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"UDP Query User{19781375-FD7D-479F-BF41-BE195A68818C}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"{54C96DFA-4539-4B72-92C6-DC5277FEB5CD}"= UDP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{3357136C-3E59-4463-B312-05F785DD86A9}"= TCP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{6E7DD0AE-4EB4-478B-9BDA-A9DC571F6E35}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{DB6AB827-708A-46FC-A005-9534112567F5}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{678D287D-F3E0-46B7-9AF7-C38D1821C147}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{F3BA04F0-6354-4957-B4FB-C7883E533622}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{680998C1-732C-4C4C-9E87-3A34B25F7AD5}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{9E9CEEC2-DC71-4408-B994-69DD0174514E}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{1F66A07E-8E87-4665-86ED-855ECDF97B5A}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9314FDFD-0182-4286-B49C-5C0CAEA13C9B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{92629552-0D92-4118-AC29-3BBD1125E58D}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{15644D29-F85E-4335-8F4E-BFDD993ED637}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{046A7E2E-9A5B-4695-B060-35ACFE4D9A45}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{D61144FA-4B13-4BB9-A31D-E7155DAD3D73}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{378F8D91-6C75-4519-A642-9F916CE77E1C}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{6BE0EAFA-4A01-41D5-8DAB-362BE3307168}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"UDP Query User{E00A033B-7053-4C41-9159-CE77DEF01125}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"{F09729B3-49C4-44B7-A15F-58228CBF7C1B}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{B48E9F0E-D02F-418B-A8C8-9E4D2083DAA4}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{696C1171-A72A-453F-B02D-03D3ECD0D353}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{2256C85B-DC00-40B6-9F97-3599B8D54353}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{625397C8-C6EF-4A4D-B6EB-7319145A6DD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCB4EEA5-D155-4DBA-A084-ABBAC395543E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9B230EB6-C59D-48F5-B93B-9306D1C3091D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{39B221BB-E0F5-46C4-8160-AFBBDACA4D55}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{426F5956-A0E5-475C-B4EE-B1B714CC17C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABFC163C-7ABD-4972-9010-536FCDD6537C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7421A66D-170F-49C2-84A5-E7FD76456126}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E59C14B-C97C-4B52-90D5-2B1092C767CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E06A49B-8E3C-42FB-9150-21AE9D1EA920}"= c:\program files\Skype\Phone\Skype.exe:Skype

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [27.10.2008 22:51 127496]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-THGuard - c:\program files\TrojanHunter 4.2\THGuard.exe

.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 16:23
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\users\Honza\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3863862068-977853075-2380022765-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,07,1b,7c,12,71,ab,d3,d1,73,50,d6,b6,80,8c,10,87,68,32,40,52,
da,d5,99,bd,d7,1d,27,49,86,03,34,9f,b3,52,1b,35,9f,0e,e7,92,e4,ff,86,a4,23,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Celkový čas: 2009-07-27 16:25
ComboFix-quarantined-files.txt 2009-07-27 14:25

Před spuštěním: Volných bajtů: 187 397 570 560
Po spuštění: Volných bajtů: 187 380 834 304

285 --- E O F --- 2009-07-24 07:27

Tento program znáš:
c:\program files\combaaaaatarms ??

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\GameMon.des

Folder::
c:\program files\AskBarDis

Driver::
npggsvc;nProtect GameGuard Service
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Ano znam ten program, je to hra CombatArms, konkretne myslim instalacni soubory. JDu dat do toho dalsiho

Log z combofixu -

ComboFix 09-07-26.03 - Honza 27.07.2009 17:11.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3326.2549 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 15:14 . 2009-07-27 15:15 -------- d-----w- c:\users\Honza\AppData\Local\temp
2009-07-27 14:50 . 2008-02-14 06:56 118784 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-07-27 14:49 . 2008-01-16 09:25 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:13 . 2009-07-27 13:13 -------- d-----w- c:\program files\Trend Micro
2009-07-27 13:01 . 2009-07-27 14:52 -------- d-----w- c:\users\Honza\AppData\Roaming\vlc
2009-07-27 13:00 . 2009-07-27 13:00 -------- d-----w- c:\program files\VideoLAN
2009-07-27 12:02 . 2009-07-27 12:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-21 20:27 . 2009-07-21 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 20:27 . 2009-07-23 08:32 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 20:27 . 2009-07-23 08:32 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 19:59 . 2009-07-21 19:59 -------- d-----w- c:\program files\EA Games
2009-07-17 08:15 . 2007-10-14 13:29 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-07-16 08:17 . 2009-07-16 08:17 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-07-16 08:17 . 2009-07-16 08:17 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-07-16 08:17 . 2009-07-16 08:24 -------- d-----w- c:\programdata\NexonEU
2009-07-16 08:17 . 2009-07-16 08:17 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-07-16 08:17 . 2009-07-16 08:17 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-07-15 22:24 . 2009-07-16 08:17 -------- d-----w- C:\Nexon
2009-07-15 20:38 . 2009-07-16 07:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-15 20:12 . 2009-07-15 20:12 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-07-15 20:12 . 2009-07-15 20:12 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-07-15 20:12 . 2009-07-15 20:12 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-07-15 20:12 . 2009-07-15 20:12 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-07-15 20:12 . 2009-07-15 20:12 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-07-15 20:12 . 2009-07-15 20:12 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\programdata\NexonUS
2009-07-15 18:48 . 2009-07-16 08:21 -------- d-----w- c:\program files\combaaaaatarms
2009-07-15 18:47 . 2009-07-15 20:40 -------- d-----w- c:\users\Honza\AppData\Local\PMB Files
2009-07-15 18:47 . 2009-07-15 18:48 -------- d-----w- c:\programdata\PMB Files
2009-07-15 18:47 . 2009-07-15 18:47 -------- d-----w- c:\program files\Pando Networks
2009-07-15 05:25 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:25 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:25 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:25 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 10:41 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-13 12:05 . 2009-07-13 12:05 -------- d-----w- c:\programdata\Activision
2009-07-13 09:02 . 2009-07-13 09:02 -------- d-----w- c:\program files\CAPCOM
2009-07-12 16:35 . 2009-07-12 17:29 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-12 09:22 . 2009-07-12 20:12 -------- d-----w- c:\users\Honza\AppData\Roaming\TotalRecorder
2009-07-12 09:21 . 2009-07-12 09:21 -------- d-----w- c:\program files\HighCriteria

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 14:57 . 2008-01-21 06:46 619730 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 14:57 . 2008-01-21 06:46 123660 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 14:48 . 2008-08-13 14:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-07-27 14:48 . 2008-08-13 14:06 -------- d-----w- c:\program files\Realtek
2009-07-27 14:48 . 2008-08-13 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 14:36 . 2009-03-29 11:33 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2009-07-27 14:35 . 2009-03-29 11:34 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2009-07-27 12:01 . 2009-04-09 06:25 737280 ----a-w- c:\windows\iun6002.exe
2009-07-26 13:21 . 2009-04-18 17:07 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-07-25 12:43 . 2009-05-11 11:24 34 ----a-w- c:\users\Honza\jagex_runescape_preferences.dat
2009-07-24 18:13 . 2009-03-28 07:53 -------- d-----w- c:\users\Honza\AppData\Roaming\uTorrent
2009-07-17 08:47 . 2009-03-27 18:13 101024 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 17:56 . 2009-03-28 19:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-16 17:56 . 2009-03-28 19:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-09 19:12 . 2009-06-04 04:35 -------- d-----w- c:\program files\iriver
2009-07-09 16:14 . 2009-03-27 18:57 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:51 . 2009-06-26 10:59 -------- d-----w- c:\programdata\ijjigame
2009-06-26 14:17 . 2009-06-26 11:07 337197168 ----a-w- c:\users\Honza\AppData\Roaming\ijjigame\U_SFInstaller.exe
2009-06-26 11:47 . 2009-06-26 11:07 -------- d--h--w- c:\users\Honza\AppData\Roaming\ijjigame
2009-06-26 10:09 . 2009-06-26 07:15 -------- d-----w- c:\program files\TrojanHunter 4.2
2009-06-25 17:24 . 2009-06-25 17:24 -------- d-----w- c:\programdata\FLEXnet
2009-06-25 17:16 . 2009-06-25 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 17:14 . 2009-06-25 17:14 -------- d-----w- c:\program files\Adobe Media Player
2009-06-25 17:11 . 2009-06-25 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:02 . 2009-06-14 10:02 10134 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-14 10:02 . 2009-06-14 10:02 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 09:48 . 2009-06-11 09:45 -------- d-----w- c:\program files\ScreenShots
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\users\Honza\AppData\Roaming\Foxit
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Foxit Software
2009-06-04 12:25 . 2009-03-27 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 12:25 . 2009-04-02 14:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-11 11:23 . 2009-05-11 11:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 08:51 . 2009-05-05 08:51 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-07-23 10:42 . 2009-04-15 05:13 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-27_14.24.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-27 14:53 33728 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-27 14:17 33728 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-27 14:53 72456 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-27 14:48 . 2008-01-16 08:22 29696 c:\windows\System32\RtkCoInst.dll
+ 2009-07-27 14:48 . 2008-01-16 08:22 29696 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkCoInst.dll
+ 2006-11-02 10:25 . 2009-07-27 14:50 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-27 14:50 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-27 14:50 51200 c:\windows\inf\infpub.dat
+ 2009-03-27 18:15 . 2009-07-27 14:53 9810 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3863862068-977853075-2380022765-1000_UserData.bin
- 2009-03-27 18:15 . 2009-07-27 14:17 9810 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3863862068-977853075-2380022765-1000_UserData.bin
+ 2009-07-27 14:48 . 2007-07-25 01:33 135168 c:\windows\System32\SRSWOW.dll
+ 2009-07-27 14:48 . 2006-12-13 02:30 339968 c:\windows\System32\SRSTSXT.dll
+ 2009-07-27 14:48 . 2007-05-17 03:26 185776 c:\windows\System32\SRSTSHD.dll
+ 2009-07-27 14:48 . 2007-04-16 09:09 167936 c:\windows\System32\SRSHP360.dll
+ 2009-07-27 14:48 . 2008-01-21 09:18 638976 c:\windows\System32\RtkPgExt.dll
+ 2009-07-27 14:48 . 2007-12-27 05:30 285216 c:\windows\System32\RtkApoApi.dll
+ 2009-07-27 14:48 . 2007-12-21 10:01 139264 c:\windows\System32\RTCOM\RTLCPAPI.dll
+ 2009-07-27 14:48 . 2008-01-21 09:19 499712 c:\windows\System32\RTCOM\RTCOMDLL.dll
+ 2006-11-02 10:33 . 2009-07-27 14:57 607714 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-27 14:21 607714 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-27 14:21 109580 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-27 14:57 109580 c:\windows\System32\perfc009.dat
+ 2009-07-27 14:48 . 2007-07-30 10:26 126976 c:\windows\System32\maxxaudioapo.dll
+ 2009-07-27 14:50 . 2008-02-14 06:56 118784 c:\windows\System32\DriverStore\FileRepository\netrtx32.inf_f61b53e6\Rtlh86.sys
+ 2009-07-27 14:48 . 2007-07-25 01:33 135168 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSWOW.dll
+ 2009-07-27 14:48 . 2006-12-13 02:30 339968 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSTSXT.dll
+ 2009-07-27 14:48 . 2007-05-17 03:26 185776 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSTSHD.dll
+ 2009-07-27 14:48 . 2007-04-16 09:09 167936 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSHP360.dll
+ 2009-07-27 14:48 . 2007-12-21 10:01 139264 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTLCPAPI.dll
+ 2009-07-27 14:48 . 2008-01-21 09:18 638976 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkPgExt.dll
+ 2009-07-27 14:48 . 2007-12-27 05:30 285216 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkApoApi.dll
+ 2009-07-27 14:48 . 2008-01-21 09:19 499712 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTCOMDLL.dll
+ 2009-07-27 14:48 . 2007-07-30 10:26 126976 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\maxxaudioapo.dll
+ 2009-07-27 14:48 . 2007-07-26 09:09 520192 c:\windows\RtlExUpd.dll
+ 2009-07-27 14:48 . 2008-01-28 06:44 2158592 c:\windows\System32\RtkAPO.dll
+ 2009-07-27 14:48 . 2007-11-20 10:15 1826816 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SkyTel.exe
+ 2009-07-27 14:48 . 2007-11-07 09:31 1191936 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtlUpd.exe
+ 2009-07-27 14:48 . 2008-01-30 03:34 2058528 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTKVHDA.sys
+ 2009-07-27 14:48 . 2008-01-28 06:44 2158592 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkAPO.dll
+ 2009-07-27 14:48 . 2008-01-29 10:51 4911104 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtHDVCpl.exe
+ 2009-07-27 14:48 . 2008-01-30 03:34 2058528 c:\windows\System32\drivers\RTKVHDA.sys
+ 2009-07-27 14:48 . 2007-11-20 10:15 1826816 c:\windows\SkyTel.exe
+ 2009-07-27 14:48 . 2007-11-07 09:31 1191936 c:\windows\RtlUpd.exe
+ 2009-07-27 14:48 . 2008-01-29 10:51 4911104 c:\windows\RtHDVCpl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85728E7A-457F-4200-A649-F5F220014D7E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44F67C49-D6DB-42F6-9870-4D9C8E04DD64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6B835E10-F0E5-49E7-A94C-835298C690CB}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{26A12CA2-4F86-489C-B5C9-D4FFD350F0D7}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"{AA82E417-D18A-4B97-BBEF-04F675C2EBB6}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{2DFDE481-3606-47EC-AE73-4C22E88184D8}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{60263180-8337-45EA-8C43-EB50799796FA}c:\\program files\\grid\\grid.exe"= UDP:c:\program files\grid\grid.exe:GRID Executable
"UDP Query User{675A91B0-D247-4DC1-897D-F2661B18ACE5}c:\\program files\\grid\\grid.exe"= TCP:c:\program files\grid\grid.exe:GRID Executable
"{359A4368-D4E2-4610-8B53-206737CB8DF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FD7E90B3-4B8B-4821-A039-AFB274A5EB76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E34CF4B6-E6C5-4C20-9DFB-389E60141B66}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E958F3DD-C329-4B8F-BA79-37EAA571C034}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3383620-E8C2-46E2-8956-5C65FA57192F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3928226D-3EAC-4E05-829F-BD6E48E409E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A4EE0972-866E-4CBE-AEB5-1A0080E7F21F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F0EAF914-0ADA-46F2-A303-1C3D5A1F2BD3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E5991BF5-CFAC-4E60-A99B-7C319023705F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD9A1B4-D5AB-4797-B5EE-F3A5019474BD}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{F8756CA4-33CB-4E03-885D-D92DD0C8F60D}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{2E206226-5358-4F50-B2DC-53FE01C4405B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{FAC4342B-E92C-4EC6-AE3F-15B5DB3CA67F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{0776F640-C4EB-4EB8-8908-F72BDF6CC329}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{22275F05-1EE8-4223-A264-85F4EFC2507F}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"TCP Query User{24D20406-836B-421F-A0C3-A9418D635632}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CE0C8F59-D9E1-40BB-A0BC-AC833A4FD200}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB6E2DD1-AB4D-4316-A3DC-7826B78B0C71}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{56D3563D-05EA-4A43-A428-6F8A1BEA789F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{DE926708-E982-4A9A-9AA3-9C23A3195147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9330F08D-C4BB-4621-9CB9-4E03A5E536EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{17FEEDEB-072A-4E66-8659-2A327BFA58FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{390D95D1-B4C7-4D42-ADEE-9F30F8D918EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C381F547-1EEB-4729-B66E-DD51C8044DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A0473CB-4392-4929-8F9D-6737AD014099}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E74FF5-7EBF-4E29-AB33-3B95AF7FAABE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F7008A-F34E-46DD-96D5-9AA668FE4738}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{29793399-E21D-4924-865D-B64A8BF04B79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2063922-E5B8-445F-8DD3-4D5F0D700AAC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{178A6728-994B-404A-8289-B77D722939AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{221D56FB-DC52-4109-9524-3CA630C0DAB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6BE8E9C-582C-4D5A-816C-6F3CB98E6BB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E24C65-1A70-46B9-BB3E-73BD26679CE3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CFCE5B20-CB57-4903-9C78-1874C44495A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CDE748E-64B5-432A-AA9F-5A8EB6505082}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8245A478-24CF-43CC-92EB-FB8815C30D29}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FB61832C-E64A-49F1-801F-CA51215DC25C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{07A78323-4E6C-4823-99BD-E5908499546D}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= UDP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"UDP Query User{8EDA66CC-9946-44CC-9938-1FDFDC5124F4}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= TCP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"{D1764B52-1523-4A49-BECA-70B263EEB759}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0095498A-6658-464B-BF65-307A289821EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32AF1DA1-164D-4058-B8E4-B8FB5E0C4486}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F6172C65-B0D8-40BA-8F3D-699DF822BD45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30B14D63-EA46-4B42-9380-10F7981FD18F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F207B790-604E-4FD2-9F8A-B2B58A288D03}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C86E29FB-62C5-4A0E-91E7-02640318D0E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C5C5E8E-AC06-48D8-9303-1B63F179D362}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{457FD94B-42FB-4464-A79F-C1E633408746}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2FAA51A-3799-49DE-A4CD-4D6947C9C509}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E3EDB466-DD5A-4F78-82C6-7969DBFB82CE}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"UDP Query User{2B1F84B4-4234-4D41-B43A-377D6F3C2757}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"{497E08E7-9AE7-478D-BE8E-FB653B9BCBD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A3F2DD2-0C5D-44B5-B16C-5FEDF40C3D8A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5D9129BD-5747-4025-B517-76A2341B70BC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{651EB013-C0C0-40F2-971B-C4D5C944BD8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E7A8A5-8059-473B-8DF5-3E8DEF07410E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15D6192-1189-41A4-8553-BD5B03B63F56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F443942-61EB-44D6-BF96-01D9914A7480}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C687CDB-5485-4F28-93AD-7B774A7F20FA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{86783F27-7AAC-4F51-99A2-12C401AA4C1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{208B4958-C446-4C5A-AAFD-143342E82912}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5AD38741-24B4-4EFF-BAF0-CD4310AD6F94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BB8BA2BF-E5AD-4407-9481-4543D4741F4D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DD5F6621-766C-46C7-9D71-F06DE50E18F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC7C9FD2-38B3-4C0D-8BEB-F264D205D2FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0189769A-EFC0-4610-BEA0-718216F3A556}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DB752BD9-6B59-44C7-9D2D-029E9DCA4451}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{9BB88FC0-91F7-49D4-A2CC-59D2FFDD7686}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{C3EE461E-E6DE-438B-808A-31DB019D3EE0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3462BBC4-BF69-4E5F-BA20-A25329099C21}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16331EDC-545A-4B55-A233-646F51D00D3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1DC2925A-EF19-415B-A2C2-29082D9A5C65}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E67105-90C8-45ED-BFAD-9A6A6A6C6845}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{14A2F842-3959-4D9C-BA26-3278FF43977B}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{176158EE-F023-4FA6-828B-57846C680964}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{86F93F6C-EC26-48C7-8542-3ABBB1933DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A6D5767-5744-4969-9FDD-22744194A62A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B4942EDD-7F00-453B-9129-52BE49B8A946}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FB72137-2773-4665-BEC0-1284BF5EA3B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5A43F0DF-4140-4139-9ED7-C6A6BAE95E4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4629A5C3-517E-4C20-961B-394D978C0867}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"UDP Query User{19781375-FD7D-479F-BF41-BE195A68818C}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"{54C96DFA-4539-4B72-92C6-DC5277FEB5CD}"= UDP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{3357136C-3E59-4463-B312-05F785DD86A9}"= TCP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{6E7DD0AE-4EB4-478B-9BDA-A9DC571F6E35}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{DB6AB827-708A-46FC-A005-9534112567F5}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{678D287D-F3E0-46B7-9AF7-C38D1821C147}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{F3BA04F0-6354-4957-B4FB-C7883E533622}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{680998C1-732C-4C4C-9E87-3A34B25F7AD5}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{9E9CEEC2-DC71-4408-B994-69DD0174514E}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{1F66A07E-8E87-4665-86ED-855ECDF97B5A}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9314FDFD-0182-4286-B49C-5C0CAEA13C9B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{92629552-0D92-4118-AC29-3BBD1125E58D}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{15644D29-F85E-4335-8F4E-BFDD993ED637}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{046A7E2E-9A5B-4695-B060-35ACFE4D9A45}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{D61144FA-4B13-4BB9-A31D-E7155DAD3D73}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{378F8D91-6C75-4519-A642-9F916CE77E1C}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{6BE0EAFA-4A01-41D5-8DAB-362BE3307168}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"UDP Query User{E00A033B-7053-4C41-9159-CE77DEF01125}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"{F09729B3-49C4-44B7-A15F-58228CBF7C1B}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{B48E9F0E-D02F-418B-A8C8-9E4D2083DAA4}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{696C1171-A72A-453F-B02D-03D3ECD0D353}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{2256C85B-DC00-40B6-9F97-3599B8D54353}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{625397C8-C6EF-4A4D-B6EB-7319145A6DD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCB4EEA5-D155-4DBA-A084-ABBAC395543E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9B230EB6-C59D-48F5-B93B-9306D1C3091D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{39B221BB-E0F5-46C4-8160-AFBBDACA4D55}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{426F5956-A0E5-475C-B4EE-B1B714CC17C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABFC163C-7ABD-4972-9010-536FCDD6537C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7421A66D-170F-49C2-84A5-E7FD76456126}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E59C14B-C97C-4B52-90D5-2B1092C767CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E06A49B-8E3C-42FB-9150-21AE9D1EA920}"= c:\program files\Skype\Phone\Skype.exe:Skype

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [27.10.2008 22:51 127496]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

creating catchme.sys error: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 17:15
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3863862068-977853075-2380022765-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,07,1b,7c,12,71,ab,d3,d1,73,50,d6,b6,80,8c,10,87,68,32,40,52,
da,d5,99,bd,d7,1d,27,49,86,03,34,9f,b3,52,1b,35,9f,0e,e7,92,e4,ff,86,a4,23,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\conime.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-07-27 17:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 15:18
ComboFix2.txt 2009-07-27 14:25

Před spuštěním: Volných bajtů: 187 099 992 064
Po spuštění: Volných bajtů: 186 954 080 256

351 --- E O F --- 2009-07-24 07:27

novy log z HJT -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:27, on 27.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 2596 bytes

PC-HELP.CZ

Prosim o kontrolu logu, thx

Prosim o kontrolu logu, thx Vyřešeno

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx