je to už nějakou dobu, co jsme měl problém s právě touto "vychytávkou" od WMP. Jde o službu Windows Media Network Sharing (wmpnetwk.exe). V klidovém režimu PC mi většinou bere zhruba 70% procesoru (NÁHLED). Screenshot je pořízený po strartu systému, takže proto prozatím tak "malé" využití.
Počítač jsme prohnal přes CCleaner, SAS, Mbam a Avast. Ovšem ani jeden mi nenalezl žádný problém. Poprvé jsme to řešil zákazem služby přes msconfig, ovšem to mi přijde jen jako dočasný řešení a raději bych věděl co to je (jinak nejspíš zakažu celý WMP, jelikož ho nepoužívam, ale až po tom co zjistim jak se zbavit tohodle
)Dříve co jsme hledal, je to prý způsobeno nějakou havětí a všude k tomu dávali placený program pro FIX, ale myslim že vy si s tím poradíte i bez těch programů.
Tady na foru jsme ot také potkal, a poradili mu ať to prožene Combofixem, tak abych vam ušetřil pár řádku, tak jsme to prohnal hned podle návodu.
LOG:
ComboFix 10-08-14.02 - Jakub 15.08.2010 10:47:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3327.2512 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\7Loader.TAG
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-15 do 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 08:54 . 2010-08-15 08:56 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2010-08-15 08:54 . 2010-08-15 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 08:54 . 2010-08-15 08:54 -------- d-----w- c:\users\Huspekovi\AppData\Local\temp
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-15 08:09 . 2010-08-15 08:56 -------- d-----w- c:\windows\Internet Logs
2010-08-15 08:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-15 08:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-15 08:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-15 08:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-15 08:07 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-15 08:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-15 08:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\programdata\Alwil Software
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\program files\Alwil Software
2010-08-08 19:17 . 2010-08-08 19:19 -------- d-----w- c:\program files\Counter-Strike 1.6 NS
2010-08-06 15:28 . 2010-08-06 15:28 -------- d-----w- c:\program files\Lame for Audacity
2010-08-06 15:12 . 2010-08-06 15:28 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-08-06 15:12 . 2010-08-06 15:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-01 19:14 . 2010-08-01 19:14 -------- d-----w- c:\program files\QS
2010-07-31 21:57 . 2007-05-04 00:10 2781184 ----a-w- c:\users\Huspekovi\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-07-30 12:15 . 2010-07-30 12:15 -------- d-----w- c:\users\Jakub\AppData\Local\Microsoft_Research
2010-07-30 12:12 . 2010-07-30 12:12 -------- d-----w- c:\program files\Microsoft Research
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\users\Jakub\AppData\Local\Opera
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2010-07-29 17:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 17:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 14:04 . 2003-12-09 08:04 10368 ----a-w- c:\windows\system32\drivers\rramdisk.sys
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- C:\rsit
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- c:\program files\trend micro
2010-07-29 12:05 . 2010-07-29 12:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\Toxic Biohazard
2010-07-28 18:26 . 2010-07-28 18:26 -------- d-----w- c:\program files\CCleaner
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\PC Suite
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\Nokia
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\programdata\PC Suite
2010-07-27 21:12 . 2010-07-27 21:13 -------- d-----w- c:\program files\DIFX
2010-07-27 21:12 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-27 21:12 . 2010-07-29 11:58 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-27 21:12 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-07-27 21:11 . 2010-07-27 21:10 36684048 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze_web.exe
2010-07-27 21:11 . 2010-07-27 21:11 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-27 21:11 . 2010-07-27 21:11 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-27 21:11 . 2010-07-27 21:11 -------- d-----w- c:\programdata\Installations
2010-07-26 22:59 . 2010-06-15 16:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 08:56 . 2009-12-19 09:54 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-15 08:54 . 2010-08-15 08:55 1693696 ----a-w- c:\windows\Internet Logs\xDB65A0.tmp
2010-08-15 08:54 . 2010-08-15 08:55 86016 ----a-w- c:\windows\Internet Logs\xDB6031.tmp
2010-08-15 08:25 . 2009-12-22 19:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 08:25 . 2010-03-14 11:47 -------- d-----w- c:\users\Jakub\AppData\Roaming\Azureus
2010-08-15 08:11 . 2010-08-15 08:10 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-08-15 08:10 . 2010-08-15 08:10 -------- d-----w- c:\program files\Zone Labs
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-15 07:57 . 2009-12-07 21:42 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-08-15 07:18 . 2009-12-07 21:43 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-08-14 09:21 . 2010-03-11 00:22 -------- d-----w- c:\program files\Opera
2010-08-13 22:09 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\vlc
2010-08-12 20:18 . 2009-12-07 21:24 687756 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 20:18 . 2009-12-07 21:24 143014 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 20:22 . 2009-12-08 14:05 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\Skype
2010-08-11 18:39 . 2009-12-08 14:08 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\skypePM
2010-08-09 22:05 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\dvdcss
2010-08-08 14:08 . 2009-12-10 06:15 -------- d-----w- c:\users\Jakub\AppData\Roaming\FileZilla
2010-08-08 09:49 . 2010-07-02 08:35 -------- d-----w- c:\program files\ICQ7.2
2010-08-07 18:36 . 2009-12-08 14:03 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\ICQ
2010-08-05 14:48 . 2009-12-08 16:46 -------- d-----w- c:\program files\Common Files\Steam
2010-08-01 19:13 . 2010-01-08 20:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-07-13 21:19 . 2010-02-18 17:11 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-13 20:18 . 2010-07-13 20:18 -------- d-----w- c:\program files\PlayReady
2010-07-11 20:17 . 2010-07-11 19:50 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hamachi
2010-07-11 19:49 . 2010-07-11 19:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-11 09:38 . 2010-07-11 09:35 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-11 09:38 . 2009-12-07 21:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 09:37 . 2010-07-11 09:37 -------- d-----w- c:\program files\Realtek
2010-07-11 09:35 . 2010-07-11 09:35 315392 ----a-w- c:\windows\HideWin.exe
2010-07-06 09:07 . 2010-07-06 09:01 -------- d-----w- c:\program files\Mafia
2010-07-02 20:27 . 2010-01-17 13:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Winamp
2010-07-02 08:43 . 2010-07-02 08:43 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-28 16:05 . 2009-12-15 17:01 -------- d-----w- c:\program files\Java
2010-06-23 11:51 . 2010-08-15 08:10 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2010-08-15 08:10 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2010-08-15 08:10 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 08:31 . 2010-06-22 08:31 -------- d-----w- c:\program files\Activision
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-19 09:18 . 2010-06-19 09:18 -------- d--h--r- c:\users\Jakub\AppData\Roaming\SecuROM
2010-06-19 08:47 . 2010-05-12 13:49 -------- d-----w- c:\programdata\SystemKey
2010-06-03 06:28 . 2010-06-05 18:19 52224 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-03 06:28 . 2010-06-05 18:19 101376 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-05-29 11:46 . 2009-12-08 14:30 111960 ----a-w- c:\users\Huspekovi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 16:26 . 2009-12-08 16:55 111960 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]
"Skytel"="Skytel.exe" [2007-10-12 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\system\w98eject.exe [2010-6-11 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^Jakub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe
R2 icas;iTALC Client;c:\program files\iTALC\ica.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp [x]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-07-11 13824]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-18 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37054816-5633-4B28-0CDF-7F127CDC8634}*]
"iabngijhclcgiegpfb"=hex:69,61,6d,64,68,6f,69,67,65,6b,6e,62,6a,64,61,69,64,6d,
00,00
"hahnakidhhfnpmcj"=hex:69,61,6d,64,68,6f,69,67,65,6b,6e,62,6a,64,61,69,64,6d,
00,00
"haaopgoebpmafbkb"=hex:66,61,70,62,69,62,70,66,6c,67,6a,6a,00,00
[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,59,4f,df,d7,27,14,5f,db,18,24,0e,c3,69,65,21,f6,74,d5,55,80,
67,c2,e2,ef,ed,ee,bf,22,62,c7,0b,e0,44,77,9d,ad,9c,7a,80,a8,44,33,64,78,97,\
"rkeysecu"=hex:8a,ca,31,b5,72,11,9f,e1,c6,ca,99,ca,ce,aa,4d,ef
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4056)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-08-15 11:00:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-15 09:00
Před spuštěním: Volných bajtů: 182 603 771 904
Po spuštění: Volných bajtů: 183 137 710 080
- - End Of File - - 1223522A641DF293F4ECC9A2628092D1
EDIT: Ježiš já jsme to odeslal omylem dvakrát, poprosil bych o smazaní jednoho topicku. Omlovám se
Zase přiložím log, co mi to vyhodilo. Jistě smazat jsem nemyslel, ale když to zakážu ve funkcích systému (např. jako IE).
Přispějete na provoz fóra?
