VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Generic Host Process for Win32 Services

https://forum.viry.cz:443/viewtopic.php?t=104676

Stránka 1 z 1

Generic Host Process for Win32 Services

Napsal: 16 zář 2010 00:48
od trojka
Zdravím, potřeboval bych pomoct. Po naběhnutí počítače se mi zobrazí chybové hlášení "Generic Host Process for Win32 Services", přestane fungovat zvuk a chod počítače se zpomalí.

Log je zde:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Trojka at 2010-09-16 01:45:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 97 GB (63%) free of 153 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:20, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Trojka\Plocha\RSIT.exe
C:\Program Files\trend micro\Trojka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.freemusiczilla.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6374 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Samsung Common SM"=C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-07-03 372736]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2007-07-04 253000]
"PMCLoader"=C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [2007-07-26 105544]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-08-22 133432]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-11-08 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-09-16 01:45:13 ----D---- C:\rsit
2010-09-16 01:40:35 ----D---- C:\WINDOWS\LastGood
2010-09-16 01:33:44 ----SHD---- C:\Config.Msi
2010-09-16 01:17:18 ----HD---- C:\VritualRoot
2010-09-16 01:16:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\COMODO
2010-09-16 01:13:35 ----D---- C:\Program Files\Comodo
2010-09-16 01:13:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2010-09-16 01:01:45 ----SHD---- C:\RECYCLER
2010-09-16 00:35:59 ----RASHD---- C:\cmdcons
2010-09-16 00:34:23 ----A---- C:\WINDOWS\zip.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\SWSC.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\SWREG.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\sed.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\PEV.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\MBR.exe
2010-09-16 00:34:23 ----A---- C:\WINDOWS\grep.exe
2010-09-16 00:34:16 ----D---- C:\WINDOWS\ERDNT
2010-09-16 00:29:17 ----D---- C:\Program Files\trend micro
2010-09-09 14:53:38 ----D---- C:\Program Files\Common Files\DESIGNER
2010-08-30 13:38:23 ----D---- C:\downloads
2010-08-30 13:38:23 ----D---- C:\Documents and Settings\Trojka\Data aplikací\FMZilla

======List of files/folders modified in the last 1 months======

2010-09-16 01:40:51 ----HD---- C:\WINDOWS\inf
2010-09-16 01:40:51 ----D---- C:\WINDOWS
2010-09-16 01:40:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-16 01:40:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 01:39:58 ----D---- C:\WINDOWS\Temp
2010-09-16 01:39:02 ----D---- C:\Documents and Settings\Trojka\Data aplikací\ICQ
2010-09-16 01:36:38 ----D---- C:\Documents and Settings\Trojka\Data aplikací\Media Player Classic
2010-09-16 01:36:21 ----D---- C:\WINDOWS\Debug
2010-09-16 01:36:20 ----D---- C:\WINDOWS\Minidump
2010-09-16 01:34:35 ----SHD---- C:\WINDOWS\Installer
2010-09-16 01:34:21 ----D---- C:\WINDOWS\system32\drivers
2010-09-16 01:34:20 ----D---- C:\WINDOWS\system32
2010-09-16 01:13:35 ----RD---- C:\Program Files
2010-09-16 00:58:32 ----A---- C:\WINDOWS\system.ini
2010-09-16 00:55:51 ----D---- C:\WINDOWS\AppPatch
2010-09-16 00:55:48 ----D---- C:\Program Files\Common Files
2010-09-16 00:44:53 ----D---- C:\WINDOWS\Prefetch
2010-09-16 00:42:07 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-16 00:36:03 ----RASH---- C:\boot.ini
2010-09-15 23:08:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-15 23:02:50 ----D---- C:\WINDOWS\system32\config
2010-09-15 23:02:36 ----D---- C:\WINDOWS\system32\wbem
2010-09-15 23:02:36 ----D---- C:\WINDOWS\Registration
2010-09-15 23:02:11 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-15 20:25:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-14 20:07:55 ----D---- C:\Documents and Settings\Trojka\Data aplikací\Adobe
2010-09-14 20:07:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-09-13 11:21:43 ----D---- C:\Documents and Settings\Trojka\Data aplikací\FileZilla
2010-09-09 14:57:14 ----A---- C:\WINDOWS\ODBC.INI
2010-09-09 14:56:20 ----A---- C:\WINDOWS\win.ini
2010-09-09 14:55:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-09 14:55:09 ----RSD---- C:\WINDOWS\Fonts
2010-09-09 14:54:33 ----D---- C:\WINDOWS\SHELLNEW
2010-09-09 13:58:13 ----D---- C:\Program Files\Mozilla Firefox
2010-09-08 11:02:40 ----D---- C:\Program Files\FileZilla FTP Client
2010-08-24 09:21:24 ----D---- C:\Program Files\ICQ7.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2004-05-17 41984]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-11-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device; C:\WINDOWS\system32\DRIVERS\RoyalTS.sys [2006-08-16 124544]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Trojka\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-11-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-11-08 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 10:03
od stell
zdravim
:arrow:
Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.
:arrow:
vypnut Firewalla z Antivirak.
Download AVZ4
1:otvor a Rozbal mimo-na plochu avz4
2:Otvor vytvorenu zlozku a 2x klik AVZ.exe a spust-cierny stit z mecom>zafajknut disky ktore pouzivas,,

Teraz by si mal vidiet hlavne okno nastroje AVZ. Prosím, prejdi na File-> Custom Scripts. Zkopíruj nízsie uvedeny skript do okna avz>pomocou praveho tlacítka mysi.

Klikni na Spustit[run] dojde ku spusteníu skriptu,>>po skane dojde k restartu PC. Po restartu LOG je vytvoreny ve slozke AVZ, >> podzlozke >>soubor s nazvom virusinfo_syscure.zip . Nahraj tento soubor http://leteckaposta.cz/ a vloz odkaz tu.

Kód: Vybrat vše

begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 19:37
od trojka
Log z TDSS killer:
2010/09/16 20:28:54.0703 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 20:28:54.0703 ================================================================================
2010/09/16 20:28:54.0703 SystemInfo:
2010/09/16 20:28:54.0703
2010/09/16 20:28:54.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/16 20:28:54.0703 Product type: Workstation
2010/09/16 20:28:54.0703 ComputerName: USER-8DD4A55B8F
2010/09/16 20:28:54.0703 UserName: Trojka
2010/09/16 20:28:54.0703 Windows directory: C:\WINDOWS
2010/09/16 20:28:54.0703 System windows directory: C:\WINDOWS
2010/09/16 20:28:54.0703 Processor architecture: Intel x86
2010/09/16 20:28:54.0703 Number of processors: 1
2010/09/16 20:28:54.0703 Page size: 0x1000
2010/09/16 20:28:54.0703 Boot type: Normal boot
2010/09/16 20:28:54.0703 ================================================================================
2010/09/16 20:28:55.0062 Initialize success
2010/09/16 20:35:01.0500 ================================================================================
2010/09/16 20:35:01.0500 Scan started
2010/09/16 20:35:01.0500 Mode: Manual;
2010/09/16 20:35:01.0500 ================================================================================
2010/09/16 20:35:01.0843 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/16 20:35:01.0984 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/16 20:35:02.0062 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/16 20:35:02.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/16 20:35:02.0187 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2010/09/16 20:35:02.0234 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/16 20:35:02.0500 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/16 20:35:02.0843 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2010/09/16 20:35:02.0875 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/16 20:35:02.0921 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/16 20:35:02.0968 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/16 20:35:03.0000 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/16 20:35:03.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/16 20:35:03.0062 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/16 20:35:03.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/16 20:35:03.0187 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/16 20:35:03.0265 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/16 20:35:03.0453 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/16 20:35:03.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/16 20:35:03.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/16 20:35:03.0593 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/16 20:35:03.0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/16 20:35:03.0703 cglptnt (c8b5858aebb4782ae16533297ef1f9be) C:\totalcmd\cglptnt.sys
2010/09/16 20:35:04.0062 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/09/16 20:35:04.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/16 20:35:04.0218 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/16 20:35:04.0296 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/16 20:35:04.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/16 20:35:04.0406 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/16 20:35:04.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/16 20:35:04.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/16 20:35:04.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/16 20:35:04.0625 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/16 20:35:04.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/16 20:35:04.0734 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/16 20:35:04.0765 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/16 20:35:04.0796 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/16 20:35:04.0843 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/09/16 20:35:04.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/16 20:35:04.0984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/16 20:35:05.0093 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/16 20:35:05.0312 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/16 20:35:05.0406 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/16 20:35:05.0515 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/16 20:35:05.0562 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/16 20:35:05.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/16 20:35:05.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/16 20:35:05.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/16 20:35:05.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/16 20:35:05.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/16 20:35:05.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/16 20:35:05.0812 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/16 20:35:05.0859 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/16 20:35:05.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/16 20:35:05.0921 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/16 20:35:06.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/16 20:35:06.0093 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/16 20:35:06.0125 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/16 20:35:06.0187 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/16 20:35:06.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/16 20:35:06.0281 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/09/16 20:35:06.0359 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/16 20:35:06.0453 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/16 20:35:06.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/16 20:35:06.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/16 20:35:06.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/16 20:35:06.0625 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/16 20:35:06.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/16 20:35:06.0718 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/16 20:35:06.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/16 20:35:06.0796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/16 20:35:06.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/16 20:35:06.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/16 20:35:07.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/16 20:35:07.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/16 20:35:07.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/16 20:35:07.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/16 20:35:07.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/16 20:35:07.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/16 20:35:07.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/16 20:35:07.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/16 20:35:07.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/16 20:35:07.0703 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/16 20:35:07.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/16 20:35:07.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/16 20:35:08.0031 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/16 20:35:08.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/16 20:35:08.0093 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/16 20:35:08.0140 PCI (6ce351d149cb4befc702951e471e1770) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/16 20:35:08.0203 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/09/16 20:35:08.0218 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/16 20:35:08.0421 PinnacleRoyalTS (efa2d613159616929ae2c17a1d43cc4b) C:\WINDOWS\system32\DRIVERS\RoyalTS.sys
2010/09/16 20:35:08.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/16 20:35:08.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/16 20:35:08.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/16 20:35:08.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/16 20:35:08.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/16 20:35:08.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/16 20:35:08.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/16 20:35:08.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/16 20:35:08.0921 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/16 20:35:08.0984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/16 20:35:09.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/16 20:35:09.0125 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/16 20:35:09.0265 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/16 20:35:09.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/16 20:35:09.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/16 20:35:09.0421 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/16 20:35:09.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/16 20:35:09.0578 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/16 20:35:09.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/16 20:35:09.0750 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/16 20:35:09.0843 Srv (422e4508508015c7d12f40bf9763f158) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/16 20:35:09.0906 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/16 20:35:09.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/16 20:35:10.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/16 20:35:10.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/16 20:35:10.0218 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/16 20:35:10.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/16 20:35:10.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/16 20:35:10.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/16 20:35:10.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/16 20:35:10.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/16 20:35:10.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/16 20:35:10.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/16 20:35:10.0718 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/16 20:35:10.0781 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/16 20:35:10.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/16 20:35:10.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/16 20:35:10.0906 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/16 20:35:10.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/16 20:35:11.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/16 20:35:11.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/16 20:35:11.0343 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/16 20:35:11.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/16 20:35:11.0484 ================================================================================
2010/09/16 20:35:11.0484 Scan finished
2010/09/16 20:35:11.0484 ================================================================================

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 20:07
od trojka
Log z AVZ4, nahraný na leteckou poštu:

Kód: Vybrat vše

http://leteckaposta.cz/108242983

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 20:33
od stell
Ty sa cudujes?? Odstranit, a nepis mi sem ze mas nelegalny windows,, :?:
:arrow: D:\Instalacky\Legalizбcia Windows XP\keyfinder.exe :!: :!:


c:\program files\application updater\applicationupdater.exe
Otestovat na www.virustotal.com

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 21:37
od trojka
MD5 : 293e66aa529f0fba1aa56340e293a389
SHA1 : 48ce7f1e56dbfc352c67e8081b4381f4e6826b2f
SHA256: bb9a50948b0fe28011566a1d36c4e9b6485bac0d1e95eb2ded0b82422f495a81
ssdeep: 6144:vr/SAkKLe/YJNqofIC52Cp1Mz3PP0THhwn5LEL1IoYc9+dMYphAG2pXHyl:vr/SGVJNq3C
5swTH+5LExIXcyMB1Sl
File size : 380928 bytes
First seen: 2010-01-10 04:02:46
Last seen : 2010-09-16 20:33:00
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Spigot, Inc.
copyright....: Copyright (c) 2005-2010 Spigot, Inc.
product......: Application Updater
description..: Application Updater
original name: ApplicationUpdater.exe
internal name: ApplicationUpdater.exe
file version.: 1, 1, 2, 16
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x262B3
timedatestamp....: 0x4B466550 (Thu Jan 07 22:50:56 2010)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3C720, 0x3C800, 6.58, f195a9d454545c612d5a551a0bb2e2f0
.rdata, 0x3E000, 0xD9B6, 0xDA00, 4.40, 681fe8d140e5174e54f285ff2f8a8743
.data, 0x4C000, 0x3CD8, 0x2000, 3.91, f908c422863a7204286416e707954749
.rsrc, 0x50000, 0xC0B4, 0xC200, 4.37, 00aa443a264e5de7e350df883da84035
.reloc, 0x5D000, 0x46B0, 0x4800, 5.41, d0754f8de750fcd104350f2eea9de0df

[[ 9 import(s) ]]
KERNEL32.dll: CreateDirectoryW, MoveFileExW, DeleteFileW, CopyFileW, GetTempFileNameW, FindFirstFileW, FindNextFileW, FindClose, GetFileAttributesW, GetVersionExW, TerminateProcess, GetModuleHandleA, GetProcAddress, GetVersion, LoadLibraryW, OutputDebugStringA, GetTempPathW, CreateMutexW, GetPrivateProfileStringW, CreateThread, MultiByteToWideChar, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetErrorMode, FreeLibrary, SetEnvironmentVariableA, CompareStringW, CompareStringA, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, InitializeCriticalSectionAndSpinCount, LoadLibraryA, ExpandEnvironmentStringsW, ReadFile, WideCharToMultiByte, GetCurrentProcessId, GetCurrentThreadId, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, SetFilePointer, CreateFileW, WriteFile, HeapAlloc, FormatMessageW, HeapFree, GetProcessHeap, InterlockedIncrement, lstrlenA, OutputDebugStringW, DebugBreak, InterlockedDecrement, lstrlenW, OpenProcess, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetModuleHandleW, ReleaseMutex, OpenMutexW, Sleep, SetLastError, CloseHandle, LocalFree, RaiseException, SetEvent, WaitForSingleObject, CreateEventW, GetLastError, GetModuleFileNameW, InitializeCriticalSection, GetTimeZoneInformation, GetDateFormatA, GetTimeFormatA, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, VirtualFree, HeapCreate, GetModuleFileNameA, GetStdHandle, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, RtlUnwind, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, HeapDestroy
USER32.dll: RealGetWindowClassW, LoadStringW, ModifyMenuW, CharNextW, IsWindow, IsMenu, SetWindowTextW, wvsprintfW, LoadImageW, SendMessageW, LoadBitmapW, GetSystemMetrics
ADVAPI32.dll: RegCreateKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorLength, MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, CreateProcessAsUserW, OpenProcessToken, DuplicateTokenEx, GetTokenInformation, LookupAccountSidW, IsValidSid, GetLengthSid, ConvertSidToStringSidW, CopySid, DeleteService, OpenServiceW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, SetServiceStatus, RegisterServiceCtrlHandlerW, CloseServiceHandle, CreateServiceW, OpenSCManagerW, StartServiceCtrlDispatcherW
SHELL32.dll: ShellExecuteW, SHGetFolderPathW
ole32.dll: CoCreateInstance, CoTaskMemFree, OleRun
OLEAUT32.dll: -, -, -, -, -, -, -
SHLWAPI.dll: PathAppendW, PathAddBackslashW, PathFileExistsW, PathIsDirectoryW
USERENV.dll: LoadUserProfileW, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile
WININET.dll: HttpOpenRequestW, InternetGetConnectedState, InternetQueryOptionW, HttpQueryInfoW, InternetCrackUrlW, InternetCloseHandle, InternetReadFile, HttpSendRequestW, InternetConnectW, InternetOpenW

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 21:41
od stell
No co si tu vlozil?/, este raz a vloz sem link z testu,

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 21:44
od trojka
Ok, sry, nevěděl jsem co po mě chceš...

Kód: Vybrat vše

http://www.virustotal.com/file-scan/reanalysis.html?id=bb9a50948b0fe28011566a1d36c4e9b6485bac0d1e95eb2ded0b82422f495a81-1284669808

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 21:48
od stell
hm, tak co uz, ani teraz nevidim ze aky subor si testoval, ak c:\program files\application updater\applicationupdater.exe, tak je to ok,,

http://leteckaposta.cz/730262764

stiahni na plochu-pravy klik-spustit ako administrator-ok,,ok, restart,
a napis ako sa chova pc.

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 22:05
od trojka
Jo, testoval jsem tenhle soubor c:\program files\application updater\applicationupdater.exe.

Stáhnul jsem ten program z letecké pošty, ale bohužel i po restartu, to hlásí stále to samé.

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 22:07
od stell
:arrow: ak to budes mat este spust tieto programy, a logy vloz sem.
http://downloads.malwareremoval.com/CKScanner.exe CKScanner na plochu. Spust program dvojklikom na ikonu. Otvori sa okno, v nom klik na "Search For Files". Zacne scan, po jeho skonceni klikni na "Save List To File" -> "OK". Na ploche by sa mal objavit subor s nazvom CKFiles.txt, jeho obsah mi sem skopiruj, sem
:arrow:

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 22:17
od trojka
CKScanner:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
Security check:
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3 - Czech
Mozilla Firefox (3.6.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Re: Generic Host Process for Win32 Services

Napsal: 16 zář 2010 22:18
od stell
:arrow: Nainstaluj Firewall.
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836
:arrow: preskanuj pc AVPTOOL, log vloz sem.
http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

:arrow:
Prejsť na Štart / Spustiť a zadaj
services.msc
stlač klávesu Enter
Vyhľadaj Windows firewall.
Uisti sa, že spustenie je na automaticke.
vzdialené volanie procedúr a Windows Management služby majú byť nastavená tiez na automatické.

Re: Generic Host Process for Win32 Services

Napsal: 17 zář 2010 05:51
od trojka
Log z AVPTOOL:
Autoscan: completed 5 hours ago (events: 2, objects: 215670, time: 01:35:37)
16.9.2010 23:43:38 Task started
17.9.2010 1:19:16 Task completed
Vypadá to, že je vše v pořádku, hláška po spuštění nevyskakuje a zvuk už šlape jak má, nezbývá než poděkovat.

Re: Generic Host Process for Win32 Services

Napsal: 17 zář 2010 07:56
od stell
:) nemas zaco.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz