Prosim o kontrolu logu, thx

bodly · Příspěvekod **bodly** » 27 črc 2009 15:18

Zkontrolujte mi to prosim :)
Jeste kdo by mi chtel pomoct s tim ze mi nejak nejde zvuk, tak tady link - viewtopic.php?f=7&t=42848
- LOG -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:09, on 27.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4324 bytes

- je vsechno v poradku?

Reklama

Damned · Příspěvekod **Damned** » 27 črc 2009 15:23

Mrkne se ti na to jaro3.

MbAM:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Příspěvekod **jaro3** » 27 črc 2009 15:27

Odinstaluj:
AskBar
AskBarDis

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Proveď Malwarebytes' Anti-Malware, jak píše Damned

bodly · Příspěvekod **bodly** » 27 črc 2009 15:54

Tady je to z toho MBAM:
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2511
Windows 6.0.6001 Service Pack 1

27.7.2009 15:52:46
mbam-log-2009-07-27 (15-52-38).txt

Typ skenu: Rychlý sken
Objektu skenováno: 78921
Uplynulý cas: 2 minute(s), 13 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\System32\mpgdec.ax (Backdoor.Bot) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

Příspěvekod **jaro3** » 27 črc 2009 15:57

Po odvirování si pořiď antivir a antispyware.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

bodly · Příspěvekod **bodly** » 27 črc 2009 16:15

Ok, diky. Takze zatim co to odvirovavam, nemohl by si mi poradit nejaky dobry free antivir a antispyware? Mam jeste na asi na rok registovanej AVG, ale ten je dost blbej a hlasi nejaky blbosti apod.

Příspěvekod **jaro3** » 27 črc 2009 16:18

Během činnosti Combofixu bys neměl spouštět žádné programy , ani prohlížeče....

Alternativa k AVG je Avira nebo Avast.
Jako antispyware. SpywareTerminator, Spybot, SpywareDoctor atd.

bodly · Příspěvekod **bodly** » 27 črc 2009 16:29

Neboj nic jsem behem toho nezapinal. Je normalni ze mi to hodilo ikonku Internet Explorer na plochu? Co dal?
Tady je ten log-

ComboFix 09-07-26.01 - Honza 27.07.2009 16:20.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3326.2538 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2500117487-2235122911-2534943667-500
c:\$recycle.bin\S-1-5-21-3700810016-554019719-410073285-500
c:\$recycle.bin\S-1-5-21-4287889261-3624371361-1655003048-500
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 14:23 . 2009-07-27 14:24 -------- d-----w- c:\users\Honza\AppData\Local\temp
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:13 . 2009-07-27 13:13 -------- d-----w- c:\program files\Trend Micro
2009-07-27 13:01 . 2009-07-27 13:57 -------- d-----w- c:\users\Honza\AppData\Roaming\vlc
2009-07-27 13:00 . 2009-07-27 13:00 -------- d-----w- c:\program files\VideoLAN
2009-07-27 12:02 . 2009-07-27 12:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-21 20:27 . 2009-07-21 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 20:27 . 2009-07-23 08:32 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 20:27 . 2009-07-23 08:32 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 19:59 . 2009-07-21 19:59 -------- d-----w- c:\program files\EA Games
2009-07-17 08:15 . 2007-10-14 13:29 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-07-16 08:17 . 2009-07-16 08:17 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-07-16 08:17 . 2009-07-16 08:17 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-07-16 08:17 . 2009-07-16 08:24 -------- d-----w- c:\programdata\NexonEU
2009-07-16 08:17 . 2009-07-16 08:17 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-07-16 08:17 . 2009-07-16 08:17 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-07-15 22:24 . 2009-07-16 08:17 -------- d-----w- C:\Nexon
2009-07-15 20:38 . 2009-07-16 07:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-15 20:12 . 2009-07-15 20:12 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-07-15 20:12 . 2009-07-15 20:12 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-07-15 20:12 . 2009-07-15 20:12 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-07-15 20:12 . 2009-07-15 20:12 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-07-15 20:12 . 2009-07-15 20:12 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-07-15 20:12 . 2009-07-15 20:12 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\programdata\NexonUS
2009-07-15 18:48 . 2009-07-16 08:21 -------- d-----w- c:\program files\combaaaaatarms
2009-07-15 18:47 . 2009-07-15 20:40 -------- d-----w- c:\users\Honza\AppData\Local\PMB Files
2009-07-15 18:47 . 2009-07-15 18:48 -------- d-----w- c:\programdata\PMB Files
2009-07-15 18:47 . 2009-07-15 18:47 -------- d-----w- c:\program files\Pando Networks
2009-07-15 05:25 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:25 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:25 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:25 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 10:41 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-13 12:05 . 2009-07-13 12:05 -------- d-----w- c:\programdata\Activision
2009-07-13 09:02 . 2009-07-13 09:02 -------- d-----w- c:\program files\CAPCOM
2009-07-12 16:35 . 2009-07-12 17:29 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-12 09:22 . 2009-07-12 20:12 -------- d-----w- c:\users\Honza\AppData\Roaming\TotalRecorder
2009-07-12 09:21 . 2009-07-12 09:21 -------- d-----w- c:\program files\HighCriteria

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 14:21 . 2008-01-21 06:46 619730 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 14:21 . 2008-01-21 06:46 123660 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 12:01 . 2009-04-09 06:25 737280 ----a-w- c:\windows\iun6002.exe
2009-07-27 11:44 . 2008-08-13 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 11:44 . 2008-08-13 14:06 -------- d-----w- c:\program files\Realtek
2009-07-27 11:44 . 2008-08-13 14:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-07-27 10:45 . 2009-03-29 11:33 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2009-07-27 10:30 . 2009-03-29 11:34 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2009-07-26 13:21 . 2009-04-18 17:07 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-07-25 12:43 . 2009-05-11 11:24 34 ----a-w- c:\users\Honza\jagex_runescape_preferences.dat
2009-07-24 18:13 . 2009-03-28 07:53 -------- d-----w- c:\users\Honza\AppData\Roaming\uTorrent
2009-07-17 08:47 . 2009-03-27 18:13 101024 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 17:56 . 2009-03-28 19:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-16 17:56 . 2009-03-28 19:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-09 19:12 . 2009-06-04 04:35 -------- d-----w- c:\program files\iriver
2009-07-09 16:14 . 2009-03-27 18:57 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:51 . 2009-06-26 10:59 -------- d-----w- c:\programdata\ijjigame
2009-06-26 14:17 . 2009-06-26 11:07 337197168 ----a-w- c:\users\Honza\AppData\Roaming\ijjigame\U_SFInstaller.exe
2009-06-26 11:47 . 2009-06-26 11:07 -------- d--h--w- c:\users\Honza\AppData\Roaming\ijjigame
2009-06-26 10:09 . 2009-06-26 07:15 -------- d-----w- c:\program files\TrojanHunter 4.2
2009-06-25 17:24 . 2009-06-25 17:24 -------- d-----w- c:\programdata\FLEXnet
2009-06-25 17:16 . 2009-06-25 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 17:14 . 2009-06-25 17:14 -------- d-----w- c:\program files\Adobe Media Player
2009-06-25 17:11 . 2009-06-25 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:02 . 2009-06-14 10:02 10134 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-14 10:02 . 2009-06-14 10:02 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 09:48 . 2009-06-11 09:45 -------- d-----w- c:\program files\ScreenShots
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\AskBarDis
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\users\Honza\AppData\Roaming\Foxit
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Foxit Software
2009-06-04 12:25 . 2009-03-27 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 12:25 . 2009-04-02 14:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-11 11:23 . 2009-05-11 11:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 08:51 . 2009-05-05 08:51 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-07-23 10:42 . 2009-04-15 05:13 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85728E7A-457F-4200-A649-F5F220014D7E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44F67C49-D6DB-42F6-9870-4D9C8E04DD64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6B835E10-F0E5-49E7-A94C-835298C690CB}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{26A12CA2-4F86-489C-B5C9-D4FFD350F0D7}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"{AA82E417-D18A-4B97-BBEF-04F675C2EBB6}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{2DFDE481-3606-47EC-AE73-4C22E88184D8}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{60263180-8337-45EA-8C43-EB50799796FA}c:\\program files\\grid\\grid.exe"= UDP:c:\program files\grid\grid.exe:GRID Executable
"UDP Query User{675A91B0-D247-4DC1-897D-F2661B18ACE5}c:\\program files\\grid\\grid.exe"= TCP:c:\program files\grid\grid.exe:GRID Executable
"{359A4368-D4E2-4610-8B53-206737CB8DF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FD7E90B3-4B8B-4821-A039-AFB274A5EB76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E34CF4B6-E6C5-4C20-9DFB-389E60141B66}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E958F3DD-C329-4B8F-BA79-37EAA571C034}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3383620-E8C2-46E2-8956-5C65FA57192F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3928226D-3EAC-4E05-829F-BD6E48E409E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A4EE0972-866E-4CBE-AEB5-1A0080E7F21F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F0EAF914-0ADA-46F2-A303-1C3D5A1F2BD3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E5991BF5-CFAC-4E60-A99B-7C319023705F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD9A1B4-D5AB-4797-B5EE-F3A5019474BD}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{F8756CA4-33CB-4E03-885D-D92DD0C8F60D}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{2E206226-5358-4F50-B2DC-53FE01C4405B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{FAC4342B-E92C-4EC6-AE3F-15B5DB3CA67F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{0776F640-C4EB-4EB8-8908-F72BDF6CC329}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{22275F05-1EE8-4223-A264-85F4EFC2507F}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"TCP Query User{24D20406-836B-421F-A0C3-A9418D635632}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CE0C8F59-D9E1-40BB-A0BC-AC833A4FD200}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB6E2DD1-AB4D-4316-A3DC-7826B78B0C71}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{56D3563D-05EA-4A43-A428-6F8A1BEA789F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{DE926708-E982-4A9A-9AA3-9C23A3195147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9330F08D-C4BB-4621-9CB9-4E03A5E536EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{17FEEDEB-072A-4E66-8659-2A327BFA58FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{390D95D1-B4C7-4D42-ADEE-9F30F8D918EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C381F547-1EEB-4729-B66E-DD51C8044DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A0473CB-4392-4929-8F9D-6737AD014099}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E74FF5-7EBF-4E29-AB33-3B95AF7FAABE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F7008A-F34E-46DD-96D5-9AA668FE4738}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{29793399-E21D-4924-865D-B64A8BF04B79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2063922-E5B8-445F-8DD3-4D5F0D700AAC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{178A6728-994B-404A-8289-B77D722939AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{221D56FB-DC52-4109-9524-3CA630C0DAB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6BE8E9C-582C-4D5A-816C-6F3CB98E6BB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E24C65-1A70-46B9-BB3E-73BD26679CE3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CFCE5B20-CB57-4903-9C78-1874C44495A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CDE748E-64B5-432A-AA9F-5A8EB6505082}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8245A478-24CF-43CC-92EB-FB8815C30D29}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FB61832C-E64A-49F1-801F-CA51215DC25C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{07A78323-4E6C-4823-99BD-E5908499546D}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= UDP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"UDP Query User{8EDA66CC-9946-44CC-9938-1FDFDC5124F4}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= TCP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"{D1764B52-1523-4A49-BECA-70B263EEB759}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0095498A-6658-464B-BF65-307A289821EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32AF1DA1-164D-4058-B8E4-B8FB5E0C4486}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F6172C65-B0D8-40BA-8F3D-699DF822BD45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30B14D63-EA46-4B42-9380-10F7981FD18F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F207B790-604E-4FD2-9F8A-B2B58A288D03}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C86E29FB-62C5-4A0E-91E7-02640318D0E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C5C5E8E-AC06-48D8-9303-1B63F179D362}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{457FD94B-42FB-4464-A79F-C1E633408746}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2FAA51A-3799-49DE-A4CD-4D6947C9C509}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E3EDB466-DD5A-4F78-82C6-7969DBFB82CE}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"UDP Query User{2B1F84B4-4234-4D41-B43A-377D6F3C2757}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"{497E08E7-9AE7-478D-BE8E-FB653B9BCBD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A3F2DD2-0C5D-44B5-B16C-5FEDF40C3D8A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5D9129BD-5747-4025-B517-76A2341B70BC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{651EB013-C0C0-40F2-971B-C4D5C944BD8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E7A8A5-8059-473B-8DF5-3E8DEF07410E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15D6192-1189-41A4-8553-BD5B03B63F56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F443942-61EB-44D6-BF96-01D9914A7480}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C687CDB-5485-4F28-93AD-7B774A7F20FA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{86783F27-7AAC-4F51-99A2-12C401AA4C1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{208B4958-C446-4C5A-AAFD-143342E82912}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5AD38741-24B4-4EFF-BAF0-CD4310AD6F94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BB8BA2BF-E5AD-4407-9481-4543D4741F4D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DD5F6621-766C-46C7-9D71-F06DE50E18F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC7C9FD2-38B3-4C0D-8BEB-F264D205D2FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0189769A-EFC0-4610-BEA0-718216F3A556}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DB752BD9-6B59-44C7-9D2D-029E9DCA4451}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{9BB88FC0-91F7-49D4-A2CC-59D2FFDD7686}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{C3EE461E-E6DE-438B-808A-31DB019D3EE0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3462BBC4-BF69-4E5F-BA20-A25329099C21}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16331EDC-545A-4B55-A233-646F51D00D3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1DC2925A-EF19-415B-A2C2-29082D9A5C65}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E67105-90C8-45ED-BFAD-9A6A6A6C6845}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{14A2F842-3959-4D9C-BA26-3278FF43977B}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{176158EE-F023-4FA6-828B-57846C680964}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{86F93F6C-EC26-48C7-8542-3ABBB1933DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A6D5767-5744-4969-9FDD-22744194A62A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B4942EDD-7F00-453B-9129-52BE49B8A946}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FB72137-2773-4665-BEC0-1284BF5EA3B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5A43F0DF-4140-4139-9ED7-C6A6BAE95E4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4629A5C3-517E-4C20-961B-394D978C0867}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"UDP Query User{19781375-FD7D-479F-BF41-BE195A68818C}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"{54C96DFA-4539-4B72-92C6-DC5277FEB5CD}"= UDP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{3357136C-3E59-4463-B312-05F785DD86A9}"= TCP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{6E7DD0AE-4EB4-478B-9BDA-A9DC571F6E35}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{DB6AB827-708A-46FC-A005-9534112567F5}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{678D287D-F3E0-46B7-9AF7-C38D1821C147}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{F3BA04F0-6354-4957-B4FB-C7883E533622}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{680998C1-732C-4C4C-9E87-3A34B25F7AD5}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{9E9CEEC2-DC71-4408-B994-69DD0174514E}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{1F66A07E-8E87-4665-86ED-855ECDF97B5A}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9314FDFD-0182-4286-B49C-5C0CAEA13C9B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{92629552-0D92-4118-AC29-3BBD1125E58D}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{15644D29-F85E-4335-8F4E-BFDD993ED637}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{046A7E2E-9A5B-4695-B060-35ACFE4D9A45}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{D61144FA-4B13-4BB9-A31D-E7155DAD3D73}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{378F8D91-6C75-4519-A642-9F916CE77E1C}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{6BE0EAFA-4A01-41D5-8DAB-362BE3307168}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"UDP Query User{E00A033B-7053-4C41-9159-CE77DEF01125}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"{F09729B3-49C4-44B7-A15F-58228CBF7C1B}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{B48E9F0E-D02F-418B-A8C8-9E4D2083DAA4}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{696C1171-A72A-453F-B02D-03D3ECD0D353}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{2256C85B-DC00-40B6-9F97-3599B8D54353}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{625397C8-C6EF-4A4D-B6EB-7319145A6DD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCB4EEA5-D155-4DBA-A084-ABBAC395543E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9B230EB6-C59D-48F5-B93B-9306D1C3091D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{39B221BB-E0F5-46C4-8160-AFBBDACA4D55}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{426F5956-A0E5-475C-B4EE-B1B714CC17C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABFC163C-7ABD-4972-9010-536FCDD6537C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7421A66D-170F-49C2-84A5-E7FD76456126}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E59C14B-C97C-4B52-90D5-2B1092C767CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E06A49B-8E3C-42FB-9150-21AE9D1EA920}"= c:\program files\Skype\Phone\Skype.exe:Skype

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [27.10.2008 22:51 127496]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-THGuard - c:\program files\TrojanHunter 4.2\THGuard.exe

.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 16:23
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\users\Honza\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3863862068-977853075-2380022765-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,07,1b,7c,12,71,ab,d3,d1,73,50,d6,b6,80,8c,10,87,68,32,40,52,
da,d5,99,bd,d7,1d,27,49,86,03,34,9f,b3,52,1b,35,9f,0e,e7,92,e4,ff,86,a4,23,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
Celkový čas: 2009-07-27 16:25
ComboFix-quarantined-files.txt 2009-07-27 14:25

Před spuštěním: Volných bajtů: 187 397 570 560
Po spuštění: Volných bajtů: 187 380 834 304

285 --- E O F --- 2009-07-24 07:27

Příspěvekod **jaro3** » 27 črc 2009 17:03

Tento program znáš:
c:\program files\combaaaaatarms ??

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\GameMon.des

Folder::
c:\program files\AskBarDis

Driver::
npggsvc;nProtect GameGuard Service
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

bodly · Příspěvekod **bodly** » 27 črc 2009 17:06

Ano znam ten program, je to hra CombatArms, konkretne myslim instalacni soubory. JDu dat do toho dalsiho

bodly · Příspěvekod **bodly** » 27 črc 2009 17:20

Log z combofixu -

ComboFix 09-07-26.03 - Honza 27.07.2009 17:11.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3326.2549 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-27 do 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-27 15:14 . 2009-07-27 15:15 -------- d-----w- c:\users\Honza\AppData\Local\temp
2009-07-27 14:50 . 2008-02-14 06:56 118784 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-07-27 14:49 . 2008-01-16 09:25 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\users\Honza\AppData\Roaming\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:49 . 2009-07-27 13:49 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 13:49 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:13 . 2009-07-27 13:13 -------- d-----w- c:\program files\Trend Micro
2009-07-27 13:01 . 2009-07-27 14:52 -------- d-----w- c:\users\Honza\AppData\Roaming\vlc
2009-07-27 13:00 . 2009-07-27 13:00 -------- d-----w- c:\program files\VideoLAN
2009-07-27 12:02 . 2009-07-27 12:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-21 20:27 . 2009-07-21 20:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 20:27 . 2009-07-23 08:32 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 20:27 . 2009-07-23 08:32 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 19:59 . 2009-07-21 19:59 -------- d-----w- c:\program files\EA Games
2009-07-17 08:15 . 2007-10-14 13:29 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-07-16 08:17 . 2009-07-16 08:17 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-07-16 08:17 . 2009-07-16 08:17 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-07-16 08:17 . 2009-07-16 08:17 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-07-16 08:17 . 2009-07-16 08:24 -------- d-----w- c:\programdata\NexonEU
2009-07-16 08:17 . 2009-07-16 08:17 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-07-16 08:17 . 2009-07-16 08:17 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-07-15 22:24 . 2009-07-16 08:17 -------- d-----w- C:\Nexon
2009-07-15 20:38 . 2009-07-16 07:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-15 20:12 . 2009-07-15 20:12 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-07-15 20:12 . 2009-07-15 20:12 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-07-15 20:12 . 2009-07-15 20:12 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-07-15 20:12 . 2009-07-15 20:12 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-07-15 20:12 . 2009-07-15 20:12 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-07-15 20:12 . 2009-07-15 20:12 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-07-15 20:12 . 2009-07-15 20:12 -------- d-----w- c:\programdata\NexonUS
2009-07-15 18:48 . 2009-07-16 08:21 -------- d-----w- c:\program files\combaaaaatarms
2009-07-15 18:47 . 2009-07-15 20:40 -------- d-----w- c:\users\Honza\AppData\Local\PMB Files
2009-07-15 18:47 . 2009-07-15 18:48 -------- d-----w- c:\programdata\PMB Files
2009-07-15 18:47 . 2009-07-15 18:47 -------- d-----w- c:\program files\Pando Networks
2009-07-15 05:25 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 05:25 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 05:25 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 05:25 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 10:41 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-14 10:41 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-13 12:05 . 2009-07-13 12:05 -------- d-----w- c:\programdata\Activision
2009-07-13 09:02 . 2009-07-13 09:02 -------- d-----w- c:\program files\CAPCOM
2009-07-12 16:35 . 2009-07-12 17:29 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-12 09:22 . 2009-07-12 20:12 -------- d-----w- c:\users\Honza\AppData\Roaming\TotalRecorder
2009-07-12 09:21 . 2009-07-12 09:21 -------- d-----w- c:\program files\HighCriteria

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 14:57 . 2008-01-21 06:46 619730 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 14:57 . 2008-01-21 06:46 123660 ----a-w- c:\windows\system32\perfc005.dat
2009-07-27 14:48 . 2008-08-13 14:06 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-07-27 14:48 . 2008-08-13 14:06 -------- d-----w- c:\program files\Realtek
2009-07-27 14:48 . 2008-08-13 14:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 14:36 . 2009-03-29 11:33 -------- d-----w- c:\users\Honza\AppData\Roaming\Skype
2009-07-27 14:35 . 2009-03-29 11:34 -------- d-----w- c:\users\Honza\AppData\Roaming\skypePM
2009-07-27 12:01 . 2009-04-09 06:25 737280 ----a-w- c:\windows\iun6002.exe
2009-07-26 13:21 . 2009-04-18 17:07 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-07-25 12:43 . 2009-05-11 11:24 34 ----a-w- c:\users\Honza\jagex_runescape_preferences.dat
2009-07-24 18:13 . 2009-03-28 07:53 -------- d-----w- c:\users\Honza\AppData\Roaming\uTorrent
2009-07-17 08:47 . 2009-03-27 18:13 101024 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 17:56 . 2009-03-28 19:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-16 17:56 . 2009-03-28 19:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-09 19:12 . 2009-06-04 04:35 -------- d-----w- c:\program files\iriver
2009-07-09 16:14 . 2009-03-27 18:57 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:51 . 2009-06-26 10:59 -------- d-----w- c:\programdata\ijjigame
2009-06-26 14:17 . 2009-06-26 11:07 337197168 ----a-w- c:\users\Honza\AppData\Roaming\ijjigame\U_SFInstaller.exe
2009-06-26 11:47 . 2009-06-26 11:07 -------- d--h--w- c:\users\Honza\AppData\Roaming\ijjigame
2009-06-26 10:09 . 2009-06-26 07:15 -------- d-----w- c:\program files\TrojanHunter 4.2
2009-06-25 17:24 . 2009-06-25 17:24 -------- d-----w- c:\programdata\FLEXnet
2009-06-25 17:16 . 2009-06-25 17:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 17:14 . 2009-06-25 17:14 -------- d-----w- c:\program files\Adobe Media Player
2009-06-25 17:11 . 2009-06-25 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:02 . 2009-06-14 10:02 10134 ----a-r- c:\users\Honza\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-14 10:02 . 2009-06-14 10:02 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 09:48 . 2009-06-11 09:45 -------- d-----w- c:\program files\ScreenShots
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\users\Honza\AppData\Roaming\Foxit
2009-06-09 10:05 . 2009-06-09 10:05 -------- d-----w- c:\program files\Foxit Software
2009-06-04 12:25 . 2009-03-27 19:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 12:25 . 2009-04-02 14:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-21 20:17 . 2009-03-31 12:42 22328 ----a-w- c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2009-05-11 11:23 . 2009-05-11 11:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-05 08:51 . 2009-05-05 08:51 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-07-23 10:42 . 2009-04-15 05:13 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-27_14.24.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-27 14:53 33728 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-27 14:17 33728 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-27 14:53 72456 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-27 14:48 . 2008-01-16 08:22 29696 c:\windows\System32\RtkCoInst.dll
+ 2009-07-27 14:48 . 2008-01-16 08:22 29696 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkCoInst.dll
+ 2006-11-02 10:25 . 2009-07-27 14:50 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-27 14:50 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-27 11:44 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-27 14:50 51200 c:\windows\inf\infpub.dat
+ 2009-03-27 18:15 . 2009-07-27 14:53 9810 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3863862068-977853075-2380022765-1000_UserData.bin
- 2009-03-27 18:15 . 2009-07-27 14:17 9810 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3863862068-977853075-2380022765-1000_UserData.bin
+ 2009-07-27 14:48 . 2007-07-25 01:33 135168 c:\windows\System32\SRSWOW.dll
+ 2009-07-27 14:48 . 2006-12-13 02:30 339968 c:\windows\System32\SRSTSXT.dll
+ 2009-07-27 14:48 . 2007-05-17 03:26 185776 c:\windows\System32\SRSTSHD.dll
+ 2009-07-27 14:48 . 2007-04-16 09:09 167936 c:\windows\System32\SRSHP360.dll
+ 2009-07-27 14:48 . 2008-01-21 09:18 638976 c:\windows\System32\RtkPgExt.dll
+ 2009-07-27 14:48 . 2007-12-27 05:30 285216 c:\windows\System32\RtkApoApi.dll
+ 2009-07-27 14:48 . 2007-12-21 10:01 139264 c:\windows\System32\RTCOM\RTLCPAPI.dll
+ 2009-07-27 14:48 . 2008-01-21 09:19 499712 c:\windows\System32\RTCOM\RTCOMDLL.dll
+ 2006-11-02 10:33 . 2009-07-27 14:57 607714 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-27 14:21 607714 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-27 14:21 109580 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-27 14:57 109580 c:\windows\System32\perfc009.dat
+ 2009-07-27 14:48 . 2007-07-30 10:26 126976 c:\windows\System32\maxxaudioapo.dll
+ 2009-07-27 14:50 . 2008-02-14 06:56 118784 c:\windows\System32\DriverStore\FileRepository\netrtx32.inf_f61b53e6\Rtlh86.sys
+ 2009-07-27 14:48 . 2007-07-25 01:33 135168 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSWOW.dll
+ 2009-07-27 14:48 . 2006-12-13 02:30 339968 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSTSXT.dll
+ 2009-07-27 14:48 . 2007-05-17 03:26 185776 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSTSHD.dll
+ 2009-07-27 14:48 . 2007-04-16 09:09 167936 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SRSHP360.dll
+ 2009-07-27 14:48 . 2007-12-21 10:01 139264 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTLCPAPI.dll
+ 2009-07-27 14:48 . 2008-01-21 09:18 638976 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkPgExt.dll
+ 2009-07-27 14:48 . 2007-12-27 05:30 285216 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkApoApi.dll
+ 2009-07-27 14:48 . 2008-01-21 09:19 499712 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTCOMDLL.dll
+ 2009-07-27 14:48 . 2007-07-30 10:26 126976 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\maxxaudioapo.dll
+ 2009-07-27 14:48 . 2007-07-26 09:09 520192 c:\windows\RtlExUpd.dll
+ 2009-07-27 14:48 . 2008-01-28 06:44 2158592 c:\windows\System32\RtkAPO.dll
+ 2009-07-27 14:48 . 2007-11-20 10:15 1826816 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\SkyTel.exe
+ 2009-07-27 14:48 . 2007-11-07 09:31 1191936 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtlUpd.exe
+ 2009-07-27 14:48 . 2008-01-30 03:34 2058528 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RTKVHDA.sys
+ 2009-07-27 14:48 . 2008-01-28 06:44 2158592 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtkAPO.dll
+ 2009-07-27 14:48 . 2008-01-29 10:51 4911104 c:\windows\System32\DriverStore\FileRepository\hdart.inf_2aef7199\RtHDVCpl.exe
+ 2009-07-27 14:48 . 2008-01-30 03:34 2058528 c:\windows\System32\drivers\RTKVHDA.sys
+ 2009-07-27 14:48 . 2007-11-20 10:15 1826816 c:\windows\SkyTel.exe
+ 2009-07-27 14:48 . 2007-11-07 09:31 1191936 c:\windows\RtlUpd.exe
+ 2009-07-27 14:48 . 2008-01-29 10:51 4911104 c:\windows\RtHDVCpl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85728E7A-457F-4200-A649-F5F220014D7E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44F67C49-D6DB-42F6-9870-4D9C8E04DD64}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6B835E10-F0E5-49E7-A94C-835298C690CB}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{26A12CA2-4F86-489C-B5C9-D4FFD350F0D7}c:\\program files\\valve\\steam\\steamapps\\esso737\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\counter-strike\hl.exe:Half-Life Launcher
"{AA82E417-D18A-4B97-BBEF-04F675C2EBB6}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{2DFDE481-3606-47EC-AE73-4C22E88184D8}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{60263180-8337-45EA-8C43-EB50799796FA}c:\\program files\\grid\\grid.exe"= UDP:c:\program files\grid\grid.exe:GRID Executable
"UDP Query User{675A91B0-D247-4DC1-897D-F2661B18ACE5}c:\\program files\\grid\\grid.exe"= TCP:c:\program files\grid\grid.exe:GRID Executable
"{359A4368-D4E2-4610-8B53-206737CB8DF5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FD7E90B3-4B8B-4821-A039-AFB274A5EB76}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E34CF4B6-E6C5-4C20-9DFB-389E60141B66}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E958F3DD-C329-4B8F-BA79-37EAA571C034}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3383620-E8C2-46E2-8956-5C65FA57192F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3928226D-3EAC-4E05-829F-BD6E48E409E9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A4EE0972-866E-4CBE-AEB5-1A0080E7F21F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F0EAF914-0ADA-46F2-A303-1C3D5A1F2BD3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E5991BF5-CFAC-4E60-A99B-7C319023705F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABD9A1B4-D5AB-4797-B5EE-F3A5019474BD}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{F8756CA4-33CB-4E03-885D-D92DD0C8F60D}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{2E206226-5358-4F50-B2DC-53FE01C4405B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{FAC4342B-E92C-4EC6-AE3F-15B5DB3CA67F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{0776F640-C4EB-4EB8-8908-F72BDF6CC329}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= UDP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"UDP Query User{22275F05-1EE8-4223-A264-85F4EFC2507F}c:\\users\\honza\\downloads\\left.4.dead.full-rip.skullptura\\left 4 dead\\left4dead.exe"= TCP:c:\users\honza\downloads\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe:left4dead.exe
"TCP Query User{24D20406-836B-421F-A0C3-A9418D635632}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{CE0C8F59-D9E1-40BB-A0BC-AC833A4FD200}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB6E2DD1-AB4D-4316-A3DC-7826B78B0C71}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{56D3563D-05EA-4A43-A428-6F8A1BEA789F}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{DE926708-E982-4A9A-9AA3-9C23A3195147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9330F08D-C4BB-4621-9CB9-4E03A5E536EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{17FEEDEB-072A-4E66-8659-2A327BFA58FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{390D95D1-B4C7-4D42-ADEE-9F30F8D918EE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C381F547-1EEB-4729-B66E-DD51C8044DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A0473CB-4392-4929-8F9D-6737AD014099}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E74FF5-7EBF-4E29-AB33-3B95AF7FAABE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F7008A-F34E-46DD-96D5-9AA668FE4738}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{29793399-E21D-4924-865D-B64A8BF04B79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2063922-E5B8-445F-8DD3-4D5F0D700AAC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{178A6728-994B-404A-8289-B77D722939AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{221D56FB-DC52-4109-9524-3CA630C0DAB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6BE8E9C-582C-4D5A-816C-6F3CB98E6BB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0E24C65-1A70-46B9-BB3E-73BD26679CE3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CFCE5B20-CB57-4903-9C78-1874C44495A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CDE748E-64B5-432A-AA9F-5A8EB6505082}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8245A478-24CF-43CC-92EB-FB8815C30D29}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FB61832C-E64A-49F1-801F-CA51215DC25C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{07A78323-4E6C-4823-99BD-E5908499546D}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= UDP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"UDP Query User{8EDA66CC-9946-44CC-9938-1FDFDC5124F4}c:\\users\\honza\\downloads\\race.driver.grid.multi-5.full-rip.skullptura\\grid\\grid.exe"= TCP:c:\users\honza\downloads\race.driver.grid.multi-5.full-rip.skullptura\grid\grid.exe:grid.exe
"{D1764B52-1523-4A49-BECA-70B263EEB759}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0095498A-6658-464B-BF65-307A289821EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{32AF1DA1-164D-4058-B8E4-B8FB5E0C4486}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F6172C65-B0D8-40BA-8F3D-699DF822BD45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30B14D63-EA46-4B42-9380-10F7981FD18F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F207B790-604E-4FD2-9F8A-B2B58A288D03}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C86E29FB-62C5-4A0E-91E7-02640318D0E9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C5C5E8E-AC06-48D8-9303-1B63F179D362}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{457FD94B-42FB-4464-A79F-C1E633408746}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2FAA51A-3799-49DE-A4CD-4D6947C9C509}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E3EDB466-DD5A-4F78-82C6-7969DBFB82CE}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"UDP Query User{2B1F84B4-4234-4D41-B43A-377D6F3C2757}c:\\program files\\valve\\steam\\steamapps\\esso737\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\esso737\team fortress 2\hl2.exe:hl2
"{497E08E7-9AE7-478D-BE8E-FB653B9BCBD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7A3F2DD2-0C5D-44B5-B16C-5FEDF40C3D8A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5D9129BD-5747-4025-B517-76A2341B70BC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{651EB013-C0C0-40F2-971B-C4D5C944BD8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E7A8A5-8059-473B-8DF5-3E8DEF07410E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D15D6192-1189-41A4-8553-BD5B03B63F56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3F443942-61EB-44D6-BF96-01D9914A7480}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6C687CDB-5485-4F28-93AD-7B774A7F20FA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{86783F27-7AAC-4F51-99A2-12C401AA4C1F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{208B4958-C446-4C5A-AAFD-143342E82912}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5AD38741-24B4-4EFF-BAF0-CD4310AD6F94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BB8BA2BF-E5AD-4407-9481-4543D4741F4D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DD5F6621-766C-46C7-9D71-F06DE50E18F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EC7C9FD2-38B3-4C0D-8BEB-F264D205D2FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0189769A-EFC0-4610-BEA0-718216F3A556}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DB752BD9-6B59-44C7-9D2D-029E9DCA4451}"= UDP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{9BB88FC0-91F7-49D4-A2CC-59D2FFDD7686}"= TCP:c:\users\Honza\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{C3EE461E-E6DE-438B-808A-31DB019D3EE0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3462BBC4-BF69-4E5F-BA20-A25329099C21}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16331EDC-545A-4B55-A233-646F51D00D3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1DC2925A-EF19-415B-A2C2-29082D9A5C65}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F0E67105-90C8-45ED-BFAD-9A6A6A6C6845}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{14A2F842-3959-4D9C-BA26-3278FF43977B}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{176158EE-F023-4FA6-828B-57846C680964}c:\\users\\honza\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\honza\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"{86F93F6C-EC26-48C7-8542-3ABBB1933DF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A6D5767-5744-4969-9FDD-22744194A62A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B4942EDD-7F00-453B-9129-52BE49B8A946}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3FB72137-2773-4665-BEC0-1284BF5EA3B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5A43F0DF-4140-4139-9ED7-C6A6BAE95E4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4629A5C3-517E-4C20-961B-394D978C0867}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"UDP Query User{19781375-FD7D-479F-BF41-BE195A68818C}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"{54C96DFA-4539-4B72-92C6-DC5277FEB5CD}"= UDP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{3357136C-3E59-4463-B312-05F785DD86A9}"= TCP:c:\users\Honza\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{6E7DD0AE-4EB4-478B-9BDA-A9DC571F6E35}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{DB6AB827-708A-46FC-A005-9534112567F5}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{678D287D-F3E0-46B7-9AF7-C38D1821C147}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{F3BA04F0-6354-4957-B4FB-C7883E533622}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{680998C1-732C-4C4C-9E87-3A34B25F7AD5}"= UDP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{9E9CEEC2-DC71-4408-B994-69DD0174514E}"= TCP:c:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV
"{1F66A07E-8E87-4665-86ED-855ECDF97B5A}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{9314FDFD-0182-4286-B49C-5C0CAEA13C9B}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{92629552-0D92-4118-AC29-3BBD1125E58D}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{15644D29-F85E-4335-8F4E-BFDD993ED637}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{046A7E2E-9A5B-4695-B060-35ACFE4D9A45}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{D61144FA-4B13-4BB9-A31D-E7155DAD3D73}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{378F8D91-6C75-4519-A642-9F916CE77E1C}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{6BE0EAFA-4A01-41D5-8DAB-362BE3307168}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"UDP Query User{E00A033B-7053-4C41-9159-CE77DEF01125}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine
"{F09729B3-49C4-44B7-A15F-58228CBF7C1B}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{B48E9F0E-D02F-418B-A8C8-9E4D2083DAA4}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{696C1171-A72A-453F-B02D-03D3ECD0D353}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{2256C85B-DC00-40B6-9F97-3599B8D54353}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{625397C8-C6EF-4A4D-B6EB-7319145A6DD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FCB4EEA5-D155-4DBA-A084-ABBAC395543E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9B230EB6-C59D-48F5-B93B-9306D1C3091D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{39B221BB-E0F5-46C4-8160-AFBBDACA4D55}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{426F5956-A0E5-475C-B4EE-B1B714CC17C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ABFC163C-7ABD-4972-9010-536FCDD6537C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7421A66D-170F-49C2-84A5-E7FD76456126}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E59C14B-C97C-4B52-90D5-2B1092C767CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E06A49B-8E3C-42FB-9150-21AE9D1EA920}"= c:\program files\Skype\Phone\Skype.exe:Skype

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\System32\drivers\TotRec7.sys [27.10.2008 22:51 127496]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\md21fcv3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

creating catchme.sys error: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 17:15
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3863862068-977853075-2380022765-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,07,1b,7c,12,71,ab,d3,d1,73,50,d6,b6,80,8c,10,87,68,32,40,52,
da,d5,99,bd,d7,1d,27,49,86,03,34,9f,b3,52,1b,35,9f,0e,e7,92,e4,ff,86,a4,23,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\conime.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-07-27 17:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-27 15:18
ComboFix2.txt 2009-07-27 14:25

Před spuštěním: Volných bajtů: 187 099 992 064
Po spuštění: Volných bajtů: 186 954 080 256

351 --- E O F --- 2009-07-24 07:27

bodly · Příspěvekod **bodly** » 27 črc 2009 17:21

novy log z HJT -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:27, on 27.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 2596 bytes

Prosim o kontrolu logu, thx Vyřešeno

Prosim o kontrolu logu, thx Vyřešeno

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Re: Prosim o kontrolu logu, thx

Kdo je online