VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

[Problém] Služba od MS

https://forum.viry.cz:443/viewtopic.php?t=103701

Stránka 1 z 1

[Problém] Služba od MS

Napsal: 15 srp 2010 10:19
od Sunshinekx
Ahoj,

je to už nějakou dobu, co jsme měl problém s právě touto "vychytávkou" od WMP. Jde o službu Windows Media Network Sharing (wmpnetwk.exe). V klidovém režimu PC mi většinou bere zhruba 70% procesoru (NÁHLED). Screenshot je pořízený po strartu systému, takže proto prozatím tak "malé" využití.
Počítač jsme prohnal přes CCleaner, SAS, Mbam a Avast. Ovšem ani jeden mi nenalezl žádný problém. Poprvé jsme to řešil zákazem služby přes msconfig, ovšem to mi přijde jen jako dočasný řešení a raději bych věděl co to je (jinak nejspíš zakažu celý WMP, jelikož ho nepoužívam, ale až po tom co zjistim jak se zbavit tohodle :P)
Dříve co jsme hledal, je to prý způsobeno nějakou havětí a všude k tomu dávali placený program pro FIX, ale myslim že vy si s tím poradíte i bez těch programů. :P
Tady na foru jsme ot také potkal, a poradili mu ať to prožene Combofixem, tak abych vam ušetřil pár řádku, tak jsme to prohnal hned podle návodu. :)


LOG:

ComboFix 10-08-14.02 - Jakub 15.08.2010 10:47:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3327.2512 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\7Loader.TAG
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-15 do 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 08:54 . 2010-08-15 08:56 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2010-08-15 08:54 . 2010-08-15 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 08:54 . 2010-08-15 08:54 -------- d-----w- c:\users\Huspekovi\AppData\Local\temp
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-15 08:09 . 2010-08-15 08:56 -------- d-----w- c:\windows\Internet Logs
2010-08-15 08:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-15 08:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-15 08:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-15 08:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-15 08:07 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-15 08:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-15 08:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\programdata\Alwil Software
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\program files\Alwil Software
2010-08-08 19:17 . 2010-08-08 19:19 -------- d-----w- c:\program files\Counter-Strike 1.6 NS
2010-08-06 15:28 . 2010-08-06 15:28 -------- d-----w- c:\program files\Lame for Audacity
2010-08-06 15:12 . 2010-08-06 15:28 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-08-06 15:12 . 2010-08-06 15:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-01 19:14 . 2010-08-01 19:14 -------- d-----w- c:\program files\QS
2010-07-31 21:57 . 2007-05-04 00:10 2781184 ----a-w- c:\users\Huspekovi\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-07-30 12:15 . 2010-07-30 12:15 -------- d-----w- c:\users\Jakub\AppData\Local\Microsoft_Research
2010-07-30 12:12 . 2010-07-30 12:12 -------- d-----w- c:\program files\Microsoft Research
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\users\Jakub\AppData\Local\Opera
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2010-07-29 17:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 17:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 14:04 . 2003-12-09 08:04 10368 ----a-w- c:\windows\system32\drivers\rramdisk.sys
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- C:\rsit
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- c:\program files\trend micro
2010-07-29 12:05 . 2010-07-29 12:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\Toxic Biohazard
2010-07-28 18:26 . 2010-07-28 18:26 -------- d-----w- c:\program files\CCleaner
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\PC Suite
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\Nokia
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\programdata\PC Suite
2010-07-27 21:12 . 2010-07-27 21:13 -------- d-----w- c:\program files\DIFX
2010-07-27 21:12 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-27 21:12 . 2010-07-29 11:58 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-27 21:12 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-07-27 21:11 . 2010-07-27 21:10 36684048 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze_web.exe
2010-07-27 21:11 . 2010-07-27 21:11 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-27 21:11 . 2010-07-27 21:11 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-27 21:11 . 2010-07-27 21:11 -------- d-----w- c:\programdata\Installations
2010-07-26 22:59 . 2010-06-15 16:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 08:56 . 2009-12-19 09:54 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-15 08:54 . 2010-08-15 08:55 1693696 ----a-w- c:\windows\Internet Logs\xDB65A0.tmp
2010-08-15 08:54 . 2010-08-15 08:55 86016 ----a-w- c:\windows\Internet Logs\xDB6031.tmp
2010-08-15 08:25 . 2009-12-22 19:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 08:25 . 2010-03-14 11:47 -------- d-----w- c:\users\Jakub\AppData\Roaming\Azureus
2010-08-15 08:11 . 2010-08-15 08:10 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-08-15 08:10 . 2010-08-15 08:10 -------- d-----w- c:\program files\Zone Labs
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-15 07:57 . 2009-12-07 21:42 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-08-15 07:18 . 2009-12-07 21:43 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-08-14 09:21 . 2010-03-11 00:22 -------- d-----w- c:\program files\Opera
2010-08-13 22:09 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\vlc
2010-08-12 20:18 . 2009-12-07 21:24 687756 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 20:18 . 2009-12-07 21:24 143014 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 20:22 . 2009-12-08 14:05 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\Skype
2010-08-11 18:39 . 2009-12-08 14:08 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\skypePM
2010-08-09 22:05 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\dvdcss
2010-08-08 14:08 . 2009-12-10 06:15 -------- d-----w- c:\users\Jakub\AppData\Roaming\FileZilla
2010-08-08 09:49 . 2010-07-02 08:35 -------- d-----w- c:\program files\ICQ7.2
2010-08-07 18:36 . 2009-12-08 14:03 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\ICQ
2010-08-05 14:48 . 2009-12-08 16:46 -------- d-----w- c:\program files\Common Files\Steam
2010-08-01 19:13 . 2010-01-08 20:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-07-13 21:19 . 2010-02-18 17:11 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-13 20:18 . 2010-07-13 20:18 -------- d-----w- c:\program files\PlayReady
2010-07-11 20:17 . 2010-07-11 19:50 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hamachi
2010-07-11 19:49 . 2010-07-11 19:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-11 09:38 . 2010-07-11 09:35 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-11 09:38 . 2009-12-07 21:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 09:37 . 2010-07-11 09:37 -------- d-----w- c:\program files\Realtek
2010-07-11 09:35 . 2010-07-11 09:35 315392 ----a-w- c:\windows\HideWin.exe
2010-07-06 09:07 . 2010-07-06 09:01 -------- d-----w- c:\program files\Mafia
2010-07-02 20:27 . 2010-01-17 13:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Winamp
2010-07-02 08:43 . 2010-07-02 08:43 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-28 16:05 . 2009-12-15 17:01 -------- d-----w- c:\program files\Java
2010-06-23 11:51 . 2010-08-15 08:10 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2010-08-15 08:10 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2010-08-15 08:10 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 08:31 . 2010-06-22 08:31 -------- d-----w- c:\program files\Activision
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-19 09:18 . 2010-06-19 09:18 -------- d--h--r- c:\users\Jakub\AppData\Roaming\SecuROM
2010-06-19 08:47 . 2010-05-12 13:49 -------- d-----w- c:\programdata\SystemKey
2010-06-03 06:28 . 2010-06-05 18:19 52224 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-03 06:28 . 2010-06-05 18:19 101376 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-05-29 11:46 . 2009-12-08 14:30 111960 ----a-w- c:\users\Huspekovi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 16:26 . 2009-12-08 16:55 111960 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]
"Skytel"="Skytel.exe" [2007-10-12 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\system\w98eject.exe [2010-6-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Jakub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

R2 icas;iTALC Client;c:\program files\iTALC\ica.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp [x]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-07-11 13824]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-18 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37054816-5633-4B28-0CDF-7F127CDC8634}*]
"iabngijhclcgiegpfb"=hex:69,61,6d,64,68,6f,69,67,65,6b,6e,62,6a,64,61,69,64,6d,
00,00
"hahnakidhhfnpmcj"=hex:69,61,6d,64,68,6f,69,67,65,6b,6e,62,6a,64,61,69,64,6d,
00,00
"haaopgoebpmafbkb"=hex:66,61,70,62,69,62,70,66,6c,67,6a,6a,00,00

[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,59,4f,df,d7,27,14,5f,db,18,24,0e,c3,69,65,21,f6,74,d5,55,80,
67,c2,e2,ef,ed,ee,bf,22,62,c7,0b,e0,44,77,9d,ad,9c,7a,80,a8,44,33,64,78,97,\
"rkeysecu"=hex:8a,ca,31,b5,72,11,9f,e1,c6,ca,99,ca,ce,aa,4d,ef

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4056)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-08-15 11:00:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-15 09:00

Před spuštěním: Volných bajtů: 182 603 771 904
Po spuštění: Volných bajtů: 183 137 710 080

- - End Of File - - 1223522A641DF293F4ECC9A2628092D1

EDIT: Ježiš já jsme to odeslal omylem dvakrát, poprosil bych o smazaní jednoho topicku. Omlovám se :|

Re: [Problém] Služba od MS

Napsal: 15 srp 2010 10:52
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Regnull::
[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{37054816-5633-4B28-0CDF-7F127CDC8634}*]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

WMP nelze odinstalovat (součást systému), můžete jej jen zakázat při spouštění tak, jak jste to již učinil.

Re: [Problém] Služba od MS

Napsal: 15 srp 2010 18:39
od Sunshinekx
Dobře, ten script jsem použil, ovšem ten hlavní problém s tou službou nezmizel. :o Zase přiložím log, co mi to vyhodilo. Jistě smazat jsem nemyslel, ale když to zakážu ve funkcích systému (např. jako IE).

Log:

ComboFix 10-08-14.02 - Jakub 15.08.2010 19:22:11.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3327.2236 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-15 do 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 17:28 . 2010-08-15 17:30 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2010-08-15 17:28 . 2010-08-15 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 17:28 . 2010-08-15 17:28 -------- d-----w- c:\users\Huspekovi\AppData\Local\temp
2010-08-15 17:28 . 2010-08-15 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 17:20 . 2010-08-15 17:20 -------- d-----w- C:\32788R22FWJFW
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-15 08:09 . 2010-08-15 17:30 -------- d-----w- c:\windows\Internet Logs
2010-08-15 08:07 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-15 08:07 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-15 08:07 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-15 08:07 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-15 08:07 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-15 08:06 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-15 08:06 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\programdata\Alwil Software
2010-08-15 08:06 . 2010-08-15 08:06 -------- d-----w- c:\program files\Alwil Software
2010-08-08 19:17 . 2010-08-08 19:19 -------- d-----w- c:\program files\Counter-Strike 1.6 NS
2010-08-06 15:28 . 2010-08-06 15:28 -------- d-----w- c:\program files\Lame for Audacity
2010-08-06 15:12 . 2010-08-06 15:28 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-08-06 15:12 . 2010-08-06 15:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-08-01 19:14 . 2010-08-01 19:14 -------- d-----w- c:\program files\QS
2010-07-31 21:57 . 2007-05-04 00:10 2781184 ----a-w- c:\users\Huspekovi\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-07-30 12:15 . 2010-07-30 12:15 -------- d-----w- c:\users\Jakub\AppData\Local\Microsoft_Research
2010-07-30 12:12 . 2010-07-30 12:12 -------- d-----w- c:\program files\Microsoft Research
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\users\Jakub\AppData\Local\Opera
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2010-07-29 17:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\programdata\Malwarebytes
2010-07-29 17:12 . 2010-07-29 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 17:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 14:04 . 2003-12-09 08:04 10368 ----a-w- c:\windows\system32\drivers\rramdisk.sys
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- C:\rsit
2010-07-29 13:16 . 2010-07-29 13:16 -------- d-----w- c:\program files\trend micro
2010-07-29 12:05 . 2010-07-29 12:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\Toxic Biohazard
2010-07-28 18:26 . 2010-07-28 18:26 -------- d-----w- c:\program files\CCleaner
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\PC Suite
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\users\Jakub\AppData\Roaming\Nokia
2010-07-27 21:17 . 2010-07-27 21:17 -------- d-----w- c:\programdata\PC Suite
2010-07-27 21:12 . 2010-07-27 21:13 -------- d-----w- c:\program files\DIFX
2010-07-27 21:12 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-27 21:12 . 2010-07-29 11:58 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-27 21:12 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-07-27 21:11 . 2010-07-27 21:10 36684048 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze_web.exe
2010-07-27 21:11 . 2010-07-27 21:11 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-27 21:11 . 2010-07-27 21:11 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-27 21:11 . 2010-07-27 21:11 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-27 21:11 . 2010-07-27 21:11 -------- d-----w- c:\programdata\Installations
2010-07-26 22:59 . 2010-06-15 16:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 17:30 . 2009-12-19 09:54 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-15 17:20 . 2010-03-14 11:46 -------- d-----w- c:\program files\Vuze
2010-08-15 17:20 . 2010-03-14 11:47 -------- d-----w- c:\users\Jakub\AppData\Roaming\Azureus
2010-08-15 17:20 . 2009-12-07 21:42 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-08-15 16:40 . 2009-12-07 21:43 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-08-15 08:54 . 2010-08-15 08:55 1693696 ----a-w- c:\windows\Internet Logs\xDB65A0.tmp
2010-08-15 08:54 . 2010-08-15 08:55 86016 ----a-w- c:\windows\Internet Logs\xDB6031.tmp
2010-08-15 08:25 . 2009-12-22 19:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 08:11 . 2010-08-15 08:10 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-08-15 08:10 . 2010-08-15 08:10 -------- d-----w- c:\program files\Zone Labs
2010-08-15 08:09 . 2010-08-15 08:09 -------- d-----w- c:\programdata\CheckPoint
2010-08-14 09:21 . 2010-03-11 00:22 -------- d-----w- c:\program files\Opera
2010-08-13 22:09 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\vlc
2010-08-12 20:18 . 2009-12-07 21:24 687756 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 20:18 . 2009-12-07 21:24 143014 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 20:22 . 2009-12-08 14:05 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\Skype
2010-08-11 18:39 . 2009-12-08 14:08 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\skypePM
2010-08-09 22:05 . 2009-12-20 01:05 -------- d-----w- c:\users\Jakub\AppData\Roaming\dvdcss
2010-08-08 14:08 . 2009-12-10 06:15 -------- d-----w- c:\users\Jakub\AppData\Roaming\FileZilla
2010-08-08 09:49 . 2010-07-02 08:35 -------- d-----w- c:\program files\ICQ7.2
2010-08-07 18:36 . 2009-12-08 14:03 -------- d-----w- c:\users\Huspekovi\AppData\Roaming\ICQ
2010-08-05 14:48 . 2009-12-08 16:46 -------- d-----w- c:\program files\Common Files\Steam
2010-08-01 19:13 . 2010-01-08 20:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-07-13 21:19 . 2010-02-18 17:11 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-13 20:18 . 2010-07-13 20:18 -------- d-----w- c:\program files\PlayReady
2010-07-11 20:17 . 2010-07-11 19:50 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hamachi
2010-07-11 19:49 . 2010-07-11 19:49 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-07-11 09:38 . 2010-07-11 09:35 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-11 09:38 . 2009-12-07 21:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 09:37 . 2010-07-11 09:37 -------- d-----w- c:\program files\Realtek
2010-07-11 09:35 . 2010-07-11 09:35 315392 ----a-w- c:\windows\HideWin.exe
2010-07-06 09:07 . 2010-07-06 09:01 -------- d-----w- c:\program files\Mafia
2010-07-02 20:27 . 2010-01-17 13:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Winamp
2010-07-02 08:43 . 2010-07-02 08:43 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-28 16:05 . 2009-12-15 17:01 -------- d-----w- c:\program files\Java
2010-06-23 11:51 . 2010-08-15 08:10 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2010-08-15 08:10 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2010-08-15 08:10 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 08:31 . 2010-06-22 08:31 -------- d-----w- c:\program files\Activision
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:32 138056 ----a-w- c:\users\Jakub\AppData\Roaming\PnkBstrK.sys
2010-06-20 10:07 . 2009-12-14 18:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-19 09:18 . 2010-06-19 09:18 -------- d--h--r- c:\users\Jakub\AppData\Roaming\SecuROM
2010-06-19 08:47 . 2010-05-12 13:49 -------- d-----w- c:\programdata\SystemKey
2010-06-03 06:28 . 2010-06-05 18:19 52224 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-03 06:28 . 2010-06-05 18:19 101376 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-05-29 11:46 . 2009-12-08 14:30 111960 ----a-w- c:\users\Huspekovi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 16:26 . 2009-12-08 16:55 111960 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]
"Skytel"="Skytel.exe" [2007-10-12 1826816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\system\w98eject.exe [2010-6-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Jakub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

R2 icas;iTALC Client;c:\program files\iTALC\ica.exe [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp [x]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-07-11 13824]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-18 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\b0472bzi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Jakub\AppData\Local\Temp\YIXEFA0.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2305036987-1124987092-1239147287-1001\Software\SecuROM\License information*]
"datasecu"=hex:a2,59,4f,df,d7,27,14,5f,db,18,24,0e,c3,69,65,21,f6,74,d5,55,80,
67,c2,e2,ef,ed,ee,bf,22,62,c7,0b,e0,44,77,9d,ad,9c,7a,80,a8,44,33,64,78,97,\
"rkeysecu"=hex:8a,ca,31,b5,72,11,9f,e1,c6,ca,99,ca,ce,aa,4d,ef

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1360)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-08-15 19:34:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-15 17:34
ComboFix2.txt 2010-08-15 09:00

Před spuštěním: Volných bajtů: 182 078 988 288
Po spuštění: Volných bajtů: 182 049 263 616

- - End Of File - - 3AACF8C8C95790C5FE7709A4B87DC039

Re: [Problém] Služba od MS

Napsal: 15 srp 2010 19:32
od Rudy
Ještě jednou spusťte CF tímto skriptem:
Driver::
Akamai
Vzhledem k tomu, že WMP je součást OS a nelze ho odinstalovat, nezbude jiné řešení, než jej zakázat přes msconfig.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz