VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

csrss.exe

https://forum.viry.cz:443/viewtopic.php?t=114453

Stránka 1 z 1

csrss.exe

Napsal: 13 srp 2011 14:25
od PolBulva
Zdravim, mam takovy problem, pri startu PC se mi objevi tabulka ze chybi v tempu soubor csrss.exe a kdyz dam ok tak mi to napise neco o WIN.INI...Pak kdyz chci na net pres firefox, tak mi to napise ze mam spatne nastavenou proxinu a musim predelat nastaveni na automaticky detekovat, ale pri dalsim spusteni pocitace to dela porad to same dokola...posilam log z RSITU:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2011-08-13 15:24:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (36%) free of 38 GB
Total RAM: 2039 MB (70% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\rsr6t2y2.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\rsr6t2y2.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\rsr6t2y2.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-07-27 288312]
"AESTFltr"=C:\windows\system32\AESTFltr.exe [2009-02-18 737280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-29 1545512]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2010-09-04 2052096]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"BIH"=bih.dll, InitGauge []
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-17 1154048]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-17 1154048]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"686360.exe"=C:\temp\686360.exe []
"sysdriver32.exe"=C:\windows\sysdriver32.exe [2011-07-31 256000]
"sysdriver32_.exe"=C:\windows\sysdriver32_.exe [2011-07-31 256000]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-17 114176]
"l1rezerv.exe"=C:\windows\l1rezerv.exe [2011-08-08 232960]
"98052568-loader2.exe"=C:\temp\98052568-loader2.exe []
"81836554-loader2.exe"=C:\temp\81836554-loader2.exe []
"92524484-loader2.exe"=C:\temp\92524484-loader2.exe []
"7641306.exe"=C:\temp\7641306.exe []
"conhost"=C:\Documents and Settings\Honza\Data aplikací\Microsoft\conhost.exe []
"2067129.exe"=C:\temp\2067129.exe []
"w_distrib.exe"=C:\windows\update.3\svchost.exe [2011-08-09 273920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []

C:\Documents and Settings\Honza\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoInstrumentation"=1
"NoWindowsUpdate"=1
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\Honza\Plocha\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Honza\Plocha\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:iw3mp"
"C:\Metin2\Metin2\metin2.bin"="C:\Metin2\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Metin2\Metin2\metin2client.bin"="C:\Metin2\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Documents and Settings\Honza\Plocha\cs\cstrike.exe"="C:\Documents and Settings\Honza\Plocha\cs\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\cs\cstrike.exe"="C:\cs\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"H:\cs\cstrike.exe"="H:\cs\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Documents and Settings\Honza\Plocha\metin\Sindicate\client.bin"="C:\Documents and Settings\Honza\Plocha\metin\Sindicate\client.bin:*:Enabled:client"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Documents and Settings\Honza\Plocha\Flash-Player.exe"="C:\Documents and Settings\Honza\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Honza\Plocha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\windows\update.2\svchost.exe:*:Enabled:C:\windows\update.2\svchost.exe"
"C:\windows\update.2\2864.exe"="C:\windows\update.2\2864.exe:*:Enabled:C:\windows\update.2\2864.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\windows\update.3\svchost.exe"="C:\windows\update.3\svchost.exe:*:Enabled:C:\windows\update.3\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll

======List of files/folders created in the last 1 month======

2011-08-13 15:24:48 ----D---- C:\rsit
2011-08-13 15:24:48 ----D---- C:\Program Files\trend micro
2011-08-11 10:15:17 ----HDC---- C:\windows\$NtUninstallKB2567680$
2011-08-11 10:15:13 ----HDC---- C:\windows\$NtUninstallKB2536276-v2$
2011-08-11 10:15:09 ----HDC---- C:\windows\$NtUninstallKB2570222$
2011-08-11 10:15:07 ----A---- C:\windows\system32\MRT.INI
2011-08-11 10:11:05 ----HDC---- C:\windows\$NtUninstallKB2559049$
2011-08-11 10:11:00 ----HDC---- C:\windows\$NtUninstallKB2566454$
2011-08-11 10:08:09 ----HDC---- C:\windows\$NtUninstallKB2562937$
2011-08-09 08:36:04 ----A---- C:\windows\w_distrib_iplist.txt
2011-08-09 08:35:26 ----HD---- C:\windows\update.3
2011-08-03 22:21:15 ----D---- C:\Program Files\Common Files\Skype
2011-07-21 01:11:30 ----N---- C:\Documents and Settings\Honza\Data aplikací\dwmu.exe
2011-07-18 14:19:29 ----D---- C:\windows\rpcminer
2011-07-18 14:19:29 ----D---- C:\windows\phoenix
2011-07-18 14:19:28 ----A---- C:\windows\unrar.exe
2011-07-17 15:41:42 ----D---- C:\windows\ufa
2011-07-17 12:49:21 ----D---- C:\windows\av_ico
2011-07-17 12:45:16 ----A---- C:\windows\l1rezerv.exe
2011-07-17 12:45:12 ----A---- C:\windows\ddh_iplist.txt
2011-07-17 12:45:06 ----A---- C:\windows\systemup.exe
2011-07-17 12:44:49 ----D---- C:\Microsoft
2011-07-17 12:44:38 ----A---- C:\windows\gbot111.exe
2011-07-17 12:44:36 ----A---- C:\windows\iecheck_iplist.txt
2011-07-17 12:44:04 ----HD---- C:\windows\update.2
2011-07-17 12:44:01 ----A---- C:\windows\btc_client_iplist.txt
2011-07-17 12:43:40 ----HD---- C:\windows\update.5.0
2011-07-17 12:43:23 ----A---- C:\windows\sysdriver32_.exe
2011-07-17 12:43:15 ----A---- C:\windows\iplist.txt
2011-07-17 12:43:09 ----A---- C:\windows\sysdriver32.exe
2011-07-17 12:42:49 ----A---- C:\windows\front_ip_list.txt
2011-07-17 12:41:37 ----HD---- C:\windows\update.1
2011-07-17 12:41:31 ----HD---- C:\windows\update.tray-7-0-lnk
2011-07-17 12:41:31 ----HD---- C:\windows\update.tray-7-0
2011-07-17 12:29:37 ----A---- C:\windows\winlog-ids.txt
2011-07-17 12:29:37 ----A---- C:\windows\winlog-dirs.txt
2011-07-17 12:29:32 ----A---- C:\windows\services32.exe
2011-07-14 09:35:55 ----HDC---- C:\windows\$NtUninstallKB2507938$
2011-07-14 09:34:21 ----HDC---- C:\windows\$NtUninstallKB2555917$

======List of files/folders modified in the last 1 month======

2011-08-13 15:24:48 ----RD---- C:\Program Files
2011-08-13 15:23:25 ----D---- C:\temp
2011-08-13 15:16:44 ----D---- C:\WINDOWS
2011-08-13 15:15:48 ----A---- C:\windows\SchedLgU.Txt
2011-08-13 14:01:10 ----D---- C:\Documents and Settings\Honza\Data aplikací\Skype
2011-08-12 12:11:39 ----D---- C:\windows\Microsoft.NET
2011-08-12 12:11:36 ----RSD---- C:\windows\assembly
2011-08-11 22:01:02 ----D---- C:\Documents and Settings\Honza\Data aplikací\skypePM
2011-08-11 15:31:57 ----D---- C:\Program Files\ICQ7.5
2011-08-11 10:19:41 ----D---- C:\windows\system32
2011-08-11 10:17:08 ----SHD---- C:\windows\Installer
2011-08-11 10:17:05 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-08-11 10:16:47 ----D---- C:\windows\WinSxS
2011-08-11 10:15:18 ----D---- C:\windows\system32\DllCache
2011-08-11 10:15:16 ----HD---- C:\windows\inf
2011-08-11 10:15:15 ----D---- C:\windows\system32\drivers
2011-08-11 10:15:15 ----A---- C:\windows\imsins.BAK
2011-08-11 10:15:13 ----HD---- C:\windows\$hf_mig$
2011-08-11 10:15:05 ----D---- C:\Program Files\Windows NT
2011-08-11 10:11:16 ----A---- C:\windows\system32\MRT.exe
2011-08-11 10:10:56 ----D---- C:\windows\system32\CatRoot
2011-08-11 10:10:13 ----D---- C:\windows\system32\CatRoot2
2011-08-10 00:42:40 ----SD---- C:\Documents and Settings\Honza\Data aplikací\Microsoft
2011-08-05 22:31:39 ----D---- C:\cs
2011-08-05 00:08:01 ----D---- C:\Documents and Settings\Honza\Data aplikací\vlc
2011-08-03 22:21:15 ----RD---- C:\Program Files\Skype
2011-08-03 22:21:15 ----D---- C:\Program Files\Common Files
2011-08-03 22:21:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-20 17:03:00 ----D---- C:\Documents and Settings\Honza\Data aplikací\ICQ
2011-07-17 12:45:35 ----SHD---- C:\System Volume Information
2011-07-17 12:44:49 ----D---- C:\Program Files\Internet Explorer
2011-07-14 09:35:53 ----D---- C:\windows\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-09-04 691696]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AESTAud;AE Audio Service; C:\windows\system32\drivers\AESTAud.sys [2009-02-18 113536]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2009-03-19 9216]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\windows\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\windows\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-29 213680]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk51x86.sys [2009-06-04 297728]
S3 aa912itg;aa912itg; C:\windows\system32\drivers\aa912itg.sys []
S3 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-05-18 75136]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-31 348672]
R2 srviecheck;srviecheck; C:\windows\update.2\svchost.exe [2011-08-08 688640]
R2 srvsysdriver32;srvsysdriver32; C:\windows\sysdriver32.exe [2011-07-31 256000]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\windows\System32\WLTRYSVC.EXE [2010-09-04 25088]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-17 1154048]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: csrss.exe

Napsal: 13 srp 2011 14:41
od vyosek
Zdravim a pekny den preji :)

:arrow: Mate tam havet co se siri po FB, nepsal Vam nekdo anglicky a nechtel at se podivate na nejake video na youtube

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
:arrow: Aplikujte exeHelper by Raktor

Re: csrss.exe

Napsal: 13 srp 2011 15:37
od PolBulva
RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Honza [Admin rights]
Mode: Remove -- Date : 08/13/2011 16:36:42

Bad processes: 15
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] tv_w32.dll -- c:\temp\TeamViewer\Version6\tv_w32.dll -> UNLOADED
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SUSP PATH] tv_w32.dll -- c:\temp\TeamViewer\Version6\tv_w32.dll -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.3\svchost.exe -> KILLED [TermProc]
[SUSP PATH] TeamViewer.exe -- c:\temp\teamviewer\version6\teamviewer.exe -> KILLED [TermProc]
[SUSP PATH] TeamViewer_Desktop.exe -- c:\temp\teamviewer\version6\teamviewer_desktop.exe -> KILLED [TermProc]
[SUSP PATH] tv_w32.exe -- c:\temp\teamviewer\version6\tv_w32.exe -> KILLED [TermProc]

Registry Entries: 35
[BLACKLIST DLL] HKLM\[...]\Run : BIH (C:\WINDOWS\system32\rundll32.exe bih.dll, InitGauge) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-7-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 686360.exe ("C:\temp\686360.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 98052568-loader2.exe ("C:\temp\98052568-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 81836554-loader2.exe ("C:\temp\81836554-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 92524484-loader2.exe ("C:\temp\92524484-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7641306.exe ("C:\temp\7641306.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : conhost (C:\Documents and Settings\Honza\Data aplikací\Microsoft\conhost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2067129.exe ("C:\temp\2067129.exe") -> DELETED
[HJ NAME] HKLM\[...]\Run : w_distrib.exe ("C:\windows\update.3\svchost.exe" stand) -> DELETED
[SUSP PATH] HKCU\[...]\Windows : Load (c:\temp\csrss.exe) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:53455) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Honza [Admin rights]
Mode: HOSTSFix -- Date : 08/13/2011 16:38:12

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Honza [Admin rights]
Mode: ProxyFix -- Date : 08/13/2011 16:38:34

Bad processes: 0

Registry Entries: 2
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:53455) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

exeHelper by Raktor
Build 20100414
Run at 16:39:15 on 08/13/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 16:39:15 on 08/13/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 16:40:17 on 08/13/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Re: csrss.exe

Napsal: 13 srp 2011 15:50
od PolBulva
Tak vyresilo to ty dve vyskakujici okna, ale musim porad menit tu proxi adresu ve firefoxu :-(

Re: csrss.exe

Napsal: 13 srp 2011 19:54
od vyosek
Nebojte, jeste jsme neskoncili...zatim pouzivejte Internet Explorer, ten by mel jet uz OK

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz