Svchost.exe

[Jarda993]

Tak jsem si nainstaloval Avast udělal kompletní test a nic.

[vyosek]

To rikam ze je to falesny poplach toho kramu AVG.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[Jarda993]

Asi jo. Avg už jsem odinstaloval a hned potom jsem ccleanerem čistil registry a bylo tam toho moc hlavně nějaké Invalid rule a ve všem bylo Avg tak se chci ještě zeptat jestli je to normální. A tady je log.
# AdwCleaner v3.005 - Report created 24/09/2013 at 08:33:26
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jarda - JARDA-PC
# Running from : C:\Users\Jarda\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Jarda\AppData\Local\apn
Folder Deleted : C:\Users\Jarda\AppData\Local\Conduit
Folder Deleted : C:\Users\Jarda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jarda\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jarda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v16.0.2 (cs)

[ File : C:\Users\Jarda\AppData\Roaming\Mozilla\Firefox\Profiles\dc5me0zx.default\prefs.js ]

Line Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365953555390,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Jarda\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4386 octets] - [24/09/2013 08:32:53]
AdwCleaner[S0].txt - [4195 octets] - [24/09/2013 08:33:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4255 octets] ##########

[vyosek]

Ano, je to normalni. Je to zpusobeno nedokonalym odinstalatorem AVG, ktery zanechava neplatne zaznamy v registru

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Policies\Explorer: [NoControlPanel] 0
  HKLM\...\Policies\Explorer: [HideSCAHealth] 1
  MountPoints2: {47a45c0c-28a4-11e2-81b3-c0188597a4bc} - F:\setup.exe
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
  URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
  SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
  SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
  SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKCU - {D47849C5-5866-4105-AA62-848C294F1617} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
  Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
  Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
  CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  2013-08-26 13:10 - 2013-08-26 13:10 - 00000000 ____D C:\Users\Jarda\AppData\Roaming\AVG2013
  2013-08-26 13:09 - 2013-09-13 09:09 - 00000979 _____ C:\Users\Public\Desktop\AVG 2013.lnk
  2013-08-26 13:08 - 2013-08-26 13:09 - 00000000 ____D C:\ProgramData\AVG2013
  2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ___HD C:\$AVG
  2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\Program Files (x86)\AVG
  2013-08-26 12:57 - 2013-09-22 15:24 - 00000000 ____D C:\Users\Jarda\AppData\Local\Avg2013
  2013-09-22 18:50 - 2013-09-22 18:50 - 00010766 _____ C:\Users\Jarda\Desktop\attach.txt
  2013-09-22 18:49 - 2013-09-22 18:50 - 00021067 _____ C:\Users\Jarda\Desktop\dds.txt
  2013-09-22 16:42 - 2013-09-22 16:42 - 00688992 ____R (Swearware) C:\Users\Jarda\Downloads\dds.exe
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Program Files (x86)\TornTV.com
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000Core.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000UA.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  
  Hosts:
  CMD: shutdown /r /f /t 2
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Jarda993]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013
Ran by Jarda at 2013-09-24 11:32:11 Run:1
Running from C:\Users\Jarda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {47a45c0c-28a4-11e2-81b3-c0188597a4bc} - F:\setup.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D47849C5-5866-4105-AA62-848C294F1617} URL = http://search.conduit.com/ResultsExt.as ... =CT2504091
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2013-08-26 13:10 - 2013-08-26 13:10 - 00000000 ____D C:\Users\Jarda\AppData\Roaming\AVG2013
2013-08-26 13:09 - 2013-09-13 09:09 - 00000979 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-26 13:08 - 2013-08-26 13:09 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ___HD C:\$AVG
2013-08-26 13:08 - 2013-08-26 13:08 - 00000000 ____D C:\Program Files (x86)\AVG
2013-08-26 12:57 - 2013-09-22 15:24 - 00000000 ____D C:\Users\Jarda\AppData\Local\Avg2013
2013-09-22 18:50 - 2013-09-22 18:50 - 00010766 _____ C:\Users\Jarda\Desktop\attach.txt
2013-09-22 18:49 - 2013-09-22 18:50 - 00021067 _____ C:\Users\Jarda\Desktop\dds.txt
2013-09-22 16:42 - 2013-09-22 16:42 - 00688992 ____R (Swearware) C:\Users\Jarda\Downloads\dds.exe
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Program Files (x86)\TornTV.com
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47a45c0c-28a4-11e2-81b3-c0188597a4bc} => Key deleted successfully.
HKCR\CLSID\{47a45c0c-28a4-11e2-81b3-c0188597a4bc} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value not found.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D47849C5-5866-4105-AA62-848C294F1617} => Key deleted successfully.
HKCR\CLSID\{D47849C5-5866-4105-AA62-848C294F1617} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.
HKCR\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Value not found.
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje => Key not found.
"C:\Program Files (x86)\TornTV.com\torn2_10.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\Jarda\AppData\Roaming\AVG2013" => File/Directory not found.
"C:\Users\Public\Desktop\AVG 2013.lnk" => File/Directory not found.
"C:\ProgramData\AVG2013" => File/Directory not found.
"C:\$AVG" => File/Directory not found.
"C:\Program Files (x86)\AVG" => File/Directory not found.
C:\Users\Jarda\AppData\Local\Avg2013 => Moved successfully.
"C:\Users\Jarda\Desktop\attach.txt" => File/Directory not found.
"C:\Users\Jarda\Desktop\dds.txt" => File/Directory not found.
C:\Users\Jarda\Downloads\dds.exe => Moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job => Moved successfully.
"C:\Program Files (x86)\TornTV.com" => File/Directory not found.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000Core.job => Moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-496772227-2713612925-834611265-1000UA.job => Moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Jarda993]

Moc děkuji za pomoc

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat