Mám tu problém,když hraju např.(Quake,Counter Strike Source,NFS Carbon,atd...)tak sem mi hra saba od sebe vypne,a nejen hra třeba hamachi který dost po třebuji pro hraní s kámošem,třeba když hraju tak se mi hamachi vypne a spadne celá hra.
Prosím poraďte.
A jiné aplikace , třeba na prohlížení internetu, nebo na poslouchání hudby nepadají? Děje se to pořád, nebo se to začalo dít po nějaké instalaci SW/HW ?
No na prohliřeči internetu se mi to stalo jen tak 3krát,ale u těch her a programů se to vypne vždycky po 5minutách cca,ale dřív se mi to vůbec nedělo nevím čím to je,ale ani nevím co sem těd naposledy instaloval.
Prosím poraďte.
Tohle možná bude nějaká havěť, protože na HW problém to nevypadá. Zkuste to prubnout hijackem a hoďte sem log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:44:10, on 1.3.2009
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Verča\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 88.86.111.212 L2authd.Lineage2.com
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ieupdate] "C:\Windows\system32\ieexplorer32.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nvaux32
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mikomuyo.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mikomuyo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - (no file)
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11344 bytes
Fixněte
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
ve správci úloh ukončete běh procesu ieexplorer32.exe a fixněte O4 - HKCU\..\Run: [ieupdate] "C:\Windows\system32\ieexplorer32.exe"
pokud nepoužíváte toolbary, fixněte je
na www.virustotal.com otestujte soubory : mikomuyo.dll, nvaux32.dll (pokud jej najdete v počítači
otestujte počítač antivirem, adawarem a spybotem
je to plne bordelu... po dokonceni veci co psal tatik doporucuji:
1) stahni a uloz na plochu:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2) jestli mas nainstalovanou konzolu pro zotaveni, tak pokracuj bodem 3), jestli nemas nainstalovanou tak preskoc na 4)
3) restartuj, pri startu systemu mackej F8 a najed do nouzoveho rezimu
4) pust combofix a nech ho pracovat, po dokonceni restartuj pc
az bude hotovo, na plose ti vznikne txt soubor s logem z combofixu, jeho obsah zkopiruj sem a uvidime co dal...
to co napsal tatik sem udelal ted este to stim ComboFixem
TAK TADY TO JE
ComboFix 09-02-28.01 - Verča 2009-03-01 16:18:52.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.3070.2658 [GMT 1:00]
Spuštěný z: c:\users\Verča\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning enabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
C:\resycled
c:\windows\system32\afodupub.ini
c:\windows\system32\ajumayaj.ini
c:\windows\system32\aleboyid.ini
c:\windows\system32\arirahom.ini
c:\windows\system32\asavipol.ini
c:\windows\system32\aston.mt
c:\windows\system32\awijuloz.ini
c:\windows\system32\drivers\atmapi.sys
c:\windows\system32\ebejeyik.ini
c:\windows\system32\ejahijip.ini
c:\windows\system32\ekahaluh.ini
c:\windows\system32\ekaluyif.ini
c:\windows\system32\enohagab.ini
c:\windows\system32\epehuyib.ini
c:\windows\system32\igibimed.ini
c:\windows\system32\ikalejak.ini
c:\windows\system32\ikiwapoh.ini
c:\windows\system32\itosedij.ini
c:\windows\system32\izebazab.ini
c:\windows\system32\KBL.LOG
c:\windows\system32\nvaux32.dll
c:\windows\system32\obotunuy.ini
c:\windows\system32\ohagojoz.ini
c:\windows\system32\okinulef.ini
c:\windows\system32\olumasoz.ini
c:\windows\system32\opibibon.ini
c:\windows\system32\otejovut.ini
c:\windows\system32\oyewatev.ini
c:\windows\system32\ozaguyeb.ini
c:\windows\system32\ufusolog.ini
c:\windows\system32\ujorofel.ini
c:\windows\system32\upujigil.ini
c:\windows\system32\uyuhediy.ini
c:\windows\system32\winsrc.dll.tmp
D:\resycled
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-01 do 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-03-01 14:41 . 2009-03-01 14:41 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 10:41 . 2009-02-28 10:41 <DIR> d-------- C:\Q3Ademo
2009-02-28 10:41 . 1999-11-14 15:41 86,016 --a------ c:\windows\unvise32.exe
2009-02-26 19:00 . 2009-02-26 19:00 <DIR> d-------- C:\.jagex_cache_32
2009-02-21 19:45 . 2009-03-01 11:49 261,802,227 --a------ c:\windows\MEMORY.DMP
2009-02-21 16:55 . 2009-02-21 16:56 <DIR> d-------- c:\program files\Hamachi
2009-02-21 16:55 . 2009-02-21 16:55 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-18 16:39 . 2009-02-18 16:39 <DIR> d-------- c:\windows\System32\IOSUBSYS
2009-02-16 14:30 . 2009-02-16 14:30 65,024 --a------ c:\windows\System32\2rg3.es
2009-02-16 14:30 . 2009-02-16 14:30 64,512 --a------ c:\windows\System32\ef3p.ee
2009-02-16 14:30 . 2009-02-16 14:30 32,768 --a------ c:\windows\System32\zred.pa
2009-02-16 14:30 . 2009-02-16 14:30 32,768 --a------ c:\windows\System32\fks.as
2009-02-16 14:30 . 2009-02-16 14:30 24,576 --a------ c:\windows\System32\4rr.pa
2009-02-16 14:30 . 2009-02-16 14:30 21,504 --a------ c:\windows\System32\gr1.e
2009-02-12 18:22 . 2003-06-19 01:31 17,920 --a------ c:\windows\System32\mdimon.dll
2009-02-12 18:22 . 2009-02-12 18:22 384 --a------ c:\windows\ODBC.INI
2009-02-12 18:20 . 2009-02-12 18:20 <DIR> d-------- c:\windows\PCHEALTH
2009-02-12 18:10 . 2009-02-12 18:10 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-07 20:30 . 2009-02-07 20:30 <DIR> d-------- c:\program files\ICQLite
2009-02-06 16:38 . 2009-03-01 10:06 <DIR> d-------- c:\users\Verča\AppData\Roaming\Hamachi
2009-02-01 15:00 . 2009-03-01 14:26 <DIR> d-------- c:\users\Verča\AppData\Roaming\skypePM
2009-02-01 15:00 . 2009-02-01 15:00 48 --ah----- c:\windows\System32\ezsidmv.dat
2009-02-01 14:58 . 2009-03-01 15:46 <DIR> d-------- c:\users\Verča\AppData\Roaming\Skype
2009-02-01 14:57 . 2009-02-01 14:57 <DIR> d-------- c:\users\All Users\Skype
2009-02-01 14:57 . 2009-02-01 14:57 <DIR> d-------- c:\programdata\Skype
2009-02-01 14:57 . 2009-02-01 14:57 <DIR> d-------- c:\program files\Skype
2009-02-01 14:57 . 2009-02-01 14:57 <DIR> d-------- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 15:25 2,621,440 --sha-w c:\users\Verča\ntuser.dat
2009-03-01 15:25 2,621,440 --sha-w c:\users\Verča\ntuser.dat
2009-03-01 14:46 --------- d-----w c:\users\Verča\AppData\Roaming\Skype
2009-03-01 13:26 --------- d-----w c:\users\Verča\AppData\Roaming\skypePM
2009-03-01 12:22 34 ----a-w c:\users\Verča\jagex_runescape_preferences.dat
2009-03-01 12:22 34 ----a-w c:\users\Verča\jagex_runescape_preferences.dat
2009-03-01 09:06 --------- d-----w c:\users\Verča\AppData\Roaming\Hamachi
2009-02-25 13:22 --------- d-s---w c:\users\Verča\AppData\Roaming\Microsoft
2009-02-21 18:25 --------- d-----w c:\program files\Microsoft Games
2009-02-21 15:48 --------- d-----w c:\program files\Bonjour
2009-02-21 15:45 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-02-21 15:44 --------- d-----w c:\users\Verča\AppData\Roaming\LangSoft
2009-02-21 15:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 15:29 --------- d-----w c:\program files\Valve
2009-02-18 15:39 --------- d-----w c:\program files\Google
2009-02-15 19:39 27,335 ----a-w c:\users\Verča\AppData\Roaming\nvModes.dat
2009-02-15 12:43 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-10 14:37 --------- d-----w c:\program files\Counter-Strike Source
2009-02-01 13:43 286,720 ------w c:\windows\Setup1.exe
2009-01-29 21:08 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 13:18 --------- d-----w c:\users\Verča\AppData\Roaming\dvdcss
2009-01-27 10:23 --------- d-----w c:\program files\Diablo II
2009-01-27 10:07 73,216 ------w c:\windows\ST6UNST.EXE
2009-01-27 10:07 --------- d-----w c:\program files\Hero Editor
2009-01-22 18:47 --------- d-----w c:\program files\Conduit
2009-01-22 18:46 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-01-21 14:00 94,208 ----a-w c:\windows\DIIUnin.exe
2009-01-21 14:00 2,829 ----a-w c:\windows\DIIUnin.pif
2009-01-18 19:25 --------- d-----w c:\program files\GamePark
2009-01-18 19:15 --------- d-----w c:\users\Verča\AppData\Roaming\Xfire
2009-01-18 14:20 --------- d-----w c:\users\Verča\AppData\Roaming\teamspeak2
2009-01-15 14:58 --------- d-----w c:\users\Verča\AppData\Roaming\GetRightToGo
2009-01-13 20:43 --------- d-----w c:\program files\ATMA V
2009-01-09 06:45 --------- d-----w c:\users\Verča\AppData\Roaming\DMCache
2009-01-08 17:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-01-02 17:14 --------- d-----w c:\programdata\SweetIM
2009-01-02 17:14 --------- d-----w c:\program files\SweetIM
2008-07-19 15:17 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-15 171448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nvaux32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 13:35 125440 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2007-01-17 14:34 634880 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2007-08-16 22:13 218408 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3528065110-266136519-2712144506-1000]
"EnableNotificationsRef"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{726FF3A1-24CF-4BE4-89A0-DFE08E75E293}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{233AA8DC-6C7B-448A-9DE1-3A6001DD67C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{04754F58-1684-43E0-9178-D41C4F1D3127}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{72E6DBAA-F079-4CDA-B58D-F41379ED3DF7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{FAD7F899-0BFF-468E-92D0-4ABA554297C3}"= UDP:c:\windows\explorer.exe:Explorer
"{930BBEDD-74D6-415A-8406-569FD9EB0CB0}"= TCP:c:\windows\explorer.exe:Explorer
"{28A35FF4-2945-4557-A638-B236F01E588F}"= UDP:c:\windows\System32\wininit.exe:wininit
"{970FBC62-7B2A-4518-B1CD-C9B11DFDC261}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A5AE34AD-5735-4AFD-866F-CA5154F87353}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{96965E1D-1392-4532-A5DB-8273D56B702E}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{D37E02C8-1A15-4B08-A4D3-95C57062E3E3}"= UDP:c:\windows\System32\lsass.exe:lsass
"{7B33608A-3FFD-4A57-BB27-9308E9BFAE6F}"= TCP:c:\windows\System32\lsass.exe:lsass
"TCP Query User{41500812-2CBC-4D60-B3BD-6577D83C4AFE}c:\\program files\\nival interactive\\etherlords ii\\etherlords2.exe"= UDP:c:\program files\nival interactive\etherlords ii\etherlords2.exe:Etherlords 2 main executable file
"UDP Query User{5482E204-B316-4CA0-A93C-220FCDCDB8E1}c:\\program files\\nival interactive\\etherlords ii\\etherlords2.exe"= TCP:c:\program files\nival interactive\etherlords ii\etherlords2.exe:Etherlords 2 main executable file
"{A0688B09-C867-4BE2-85B1-FE420999CF3F}"= UDP:c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe:IAANTMon
"{30F247B6-D2C1-482C-B87A-5687FDF8C249}"= TCP:c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe:IAANTMon
"{6F36E8F3-1FDD-4569-A7AC-420AFA494A73}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{3D803336-6CF9-4BF3-8E39-D2C35B8D9272}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{E1BB2216-0442-4B69-ADA9-609DB4AA18B2}"= UDP:c:\windows\System32\services.exe:services
"{83624042-1C37-4D6B-ADC5-5FD6E65860A8}"= TCP:c:\windows\System32\services.exe:services
"{8990CD26-11F2-4DCA-8D38-8E3A5239C41C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0CB6035E-4F5B-4244-A684-DAC69DA2BD80}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB331A8D-DC1D-4DEF-8B29-A688DBEE9445}"= UDP:c:\windows\System32\lsm.exe:lsm
"{EF1179B4-F0DF-4FB4-AB5C-48CA4626BFD3}"= TCP:c:\windows\System32\lsm.exe:lsm
"{7FFDEF57-3D22-4E28-A496-87854C2AFF03}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{FFB24703-9CC0-45D2-ADF3-3CB60678C807}"= TCP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{56099978-A71F-4B79-A54D-FBCA76ED27E9}"= TCP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{2D91564C-BBB9-452D-A55C-3B18B9DDC6C3}"= UDP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{8E9100FD-CC69-4868-A9D1-B92CFE2E3619}"= TCP:c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"TCP Query User{72AB2850-1F47-4C1B-83C7-6BAF93CEAB11}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{40599668-7E96-47A9-A508-42473AC5F24D}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{4363CBD6-376E-4B59-B078-A2BDCD2AE857}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{A44D9195-BABA-4702-BDA8-D1D2B3D65CB7}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{AD8DF44C-39CD-47ED-BA8C-BC74CF06574B}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{BCF75E0B-C847-480E-B166-45CBFB812695}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{7B7199B1-3979-4832-92D2-20E1DF9263C8}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{EE663B6F-4F16-49C7-B23B-81496C316DC3}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{CE311CA9-85A8-4CDF-BDCF-8161921AC0E2}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{5178B9C4-453A-4526-AF88-C7280D870DB1}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{CA133090-91F3-496A-861C-73EE2BE8E4A7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7BEF7832-54F1-4E6C-A7C5-70278BC59EC7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{E6167CCC-6EAF-48DD-82CB-FD2C01211A94}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{3E529EA0-F179-4719-8DFD-C92D03A67FBB}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{7AC82183-5B61-44FF-8672-85401E7CB48B}c:\\program files\\metin2_tester\\metin2.bin"= UDP:c:\program files\metin2_tester\metin2.bin:metin2
"UDP Query User{15CE98DC-72DE-4233-AC1C-307B769AA06A}c:\\program files\\metin2_tester\\metin2.bin"= TCP:c:\program files\metin2_tester\metin2.bin:metin2
"TCP Query User{1707033F-B11E-4F58-9B5F-38A2FA529699}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{A0D3D447-BF60-42A7-9D71-D1F15E03ACD7}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{FDA4C6E1-80C9-4EC8-A832-161831275B75}c:\\program files\\xfire\\ua_lsp_inst.exe"= UDP:c:\program files\xfire\ua_lsp_inst.exe:ua_lsp_inst
"UDP Query User{CF66FCA9-8F19-4ADD-A2D8-66386CD32CF5}c:\\program files\\xfire\\ua_lsp_inst.exe"= TCP:c:\program files\xfire\ua_lsp_inst.exe:ua_lsp_inst
"TCP Query User{0F0A8C9D-BA19-4823-A53A-DE0EDCA929FF}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{E84B742E-3E0F-47AE-867C-DC3E11F8AAEB}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{82ECA382-1E43-4B2D-8C30-A491EBC7E39A}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{17FE9CE8-2606-43E7-AF5C-23DB1F717B1F}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{15DCA069-5314-4E61-B50D-6FCAC9303402}c:\\q3ademo\\quake3.exe"= UDP:c:\q3ademo\quake3.exe:quake3
"UDP Query User{85F0648D-C6CA-4398-B5E1-56A05ED90F23}c:\\q3ademo\\quake3.exe"= TCP:c:\q3ademo\quake3.exe:quake3
"{2BED5390-D71A-428A-B0BC-CEC86C6EFF34}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{38C0BAD8-7AD0-417E-9993-882F3B0689EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{99ADBCAC-903E-47F9-9EC8-973BB153C611}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{93ACDD8B-459D-4CDD-9175-53BDD48CA911}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{77E34EF9-8366-45F4-8951-2A856C70B3C9}c:\\users\\verča\\desktop\\diablo\\diablo 1.12\\game.exe"= UDP:c:\users\verča\desktop\diablo\diablo 1.12\game.exe:game.exe
"UDP Query User{10859A81-7B77-4CE6-BFDD-4C1C7F94A821}c:\\users\\verča\\desktop\\diablo\\diablo 1.12\\game.exe"= TCP:c:\users\verča\desktop\diablo\diablo 1.12\game.exe:game.exe
"TCP Query User{29E08ED7-DAF8-47EA-9444-8ABF00E38572}c:\\users\\verča\\desktop\\hry\\diablo\\diablo 1.12\\game.exe"= UDP:c:\users\verča\desktop\hry\diablo\diablo 1.12\game.exe:game.exe
"UDP Query User{E7D448E7-D199-4186-AE6C-512F9801AD35}c:\\users\\verča\\desktop\\hry\\diablo\\diablo 1.12\\game.exe"= TCP:c:\users\verča\desktop\hry\diablo\diablo 1.12\game.exe:game.exe
"TCP Query User{6482A03A-CD8E-4911-9E80-20FD1D4E5669}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C5E915C2-9C48-4465-A96A-CB9F6852EB4D}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-25 111184]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2007-11-28 70144]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-05-15 23:16:05 39408]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-25 51792]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-08 222456]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\System32\drivers\ndisprot.sys [2008-10-23 29192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{389a0bca-d74c-11dd-83d9-0021860bdf89}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{389a0bd9-d74c-11dd-83d9-0021860bdf89}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49023026-d1f4-11dd-bca6-0021860bdf89}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\game.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
HKCU-Run-OEXPRESS - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-079b547d - c:\windows\system32\diyobela.dll
MSConfigStartUp-84928024374531738599088246461712 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-CPM04a867e1 - c:\windows\system32\huyahife.dll
MSConfigStartUp-wblogon - c:\windows\System32\algg.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://windiwsfsearch.com
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=Pavilion&pf=laptop
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://windiwsfsearch.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 16:26:04
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3528065110-266136519-2712144506-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):03,44,af,8c,0e,25,c0,2b,6d,36,5c,66,c3,9f,9b,e9,fb,0d,9f,82,0a,
6d,5c,00,55,5a,74,d3,20,0e,3e,72,e3,f4,e7,16,4c,73,32,72,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-3528065110-266136519-2712144506-1000_Classes\CLSID\{cee4de03-1de0-46de-8b2e-dbdc6df34c4b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000008
"Therad"=dword:0000001e
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3980)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Celkový čas: 2009-03-01 16:31:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-01 15:31:43
Před spuštěním: Volných bajtů: 127 865 344 000
Po spuštění: Volných bajtů: 124,377,948,160
354 --- E O F --- 2008-10-17 16:45:51
To je ten log z Combofixu
dej start -> spustit -> Combofix /u
tim odinstalujes combofix
znova vypis z hijacku
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:41:39, on 1.3.2009
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Verča\Desktop\Hry\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nvaux32
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - (no file)
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9261 bytes
tady je
fix:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O20 - AppInit_DLLs: nvaux32
pak restart a vypis hijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:49:58, on 1.3.2009
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Users\Verča\Desktop\Hry\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=81&bd=...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - (no file)
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8553 bytes
Jo fixnul jsem je vsechny ty co si mi napsal a mas i vypis
jevi se to ciste... nejaka zmena v chovani pc? :shock:
Super programy a hry se nevypinaji.Super :)) :)) :)) diky moc si skvelej
rado se stalo 8:-) este to radsi sonduj sem tam... :)
Jen tak mimo téma... Taky bych chtěl umět poznat co fixnout a co ne :D. Jak to prosím tě šecko poznáš :D
jde o to, ze jsou to porad stejne problemy akorat u jinych lidi :) horsi to bude, az prijde neco noveho, skryteho a pekelne zakerneho... :???:
Heh ale i tak :D jinak dobrá práce :-)