Problem s mcxsvc

[vyosek]

Odinstalujte SpywareTerminator

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  
  HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-14] (Crawler.com)
  HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
  HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Run: [wcssvc] => C:\Users\Adi\AppData\Roaming\Services\wcssvc.exe [4004016 2012-05-21] (Microsoft Corporation)
  HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Run: [fussvc] => C:\Users\Adi\AppData\Roaming\User\fussvc.exe [1347584 2011-05-23] (Microsoft Corporation)
  HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Policies\Explorer: [ForceRunOnStartMenu] 1
  
  FF NetworkProxy: "http", "202.41.10.200"
  FF NetworkProxy: "http_port", 8080
  FF NetworkProxy: "type", 4
  FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\hi9wh3g8.default\Extensions\ascsurfingprotection@iobit.com [2014-06-15]
  
  S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
  R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-14] (Crawler.com)
  U3 ayzznkoz; C:\Windows\System32\Drivers\ayzznkoz.sys [0 ] (Microsoft Corporation)
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  
  C:\Users\Adi\AppData\Roaming\Service
  C:\Users\Adi\AppData\Roaming\User
  C:\Program Files (x86)\Spyware Terminator
  C:\Program Files (x86)\IObit
  2014-09-14 20:51 - 2014-09-14 20:51 - 00016133 _____ () C:\Users\Adi\Desktop\FRST.txt
  2014-09-14 20:29 - 2014-09-14 20:29 - 00000000 ___HD () C:\Users\Adi\AppData\Roaming\Network
  2014-09-14 20:26 - 2014-09-14 20:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-09-14 20:10 - 2014-09-14 20:28 - 00010812 _____ () C:\zoek-results.log
  2014-09-14 20:08 - 2014-09-14 20:22 - 00000000 ____D () C:\zoek_backup
  2014-09-14 20:07 - 2014-09-14 20:07 - 01290240 _____ () C:\Users\Adi\Desktop\zoek.exe
  2014-09-14 19:39 - 2014-09-14 19:39 - 00048369 _____ () C:\ComboFix.txt
  2014-09-14 19:15 - 2014-09-14 20:50 - 00000000 ____D () C:\Windows\erdnt
  2014-09-14 19:09 - 2014-09-14 19:09 - 00002604 _____ () C:\Users\Adi\Desktop\Rkill.txt
  2014-09-14 19:07 - 2014-09-14 19:06 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Adi\Desktop\rkill.com
  2014-09-14 19:03 - 2014-09-14 19:03 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
  2014-09-14 18:01 - 2014-09-14 18:01 - 00015327 _____ () C:\Users\Adi\Desktop\LM.bat
  2014-09-14 17:29 - 2014-09-14 17:03 - 00112640 _____ (forum.viry.cz) C:\Users\Adi\Desktop\FRSTLauncher.exe
  2014-09-14 16:59 - 2014-09-14 16:59 - 00000000 ____D () C:\Windows\ERUNT
  2014-09-14 16:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
  2014-09-14 19:27 - 2009-07-14 04:34 - 71704576 _____ () C:\Windows\system32\config\SOFTWARE.bak
  2014-09-14 19:27 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak
  2014-09-14 19:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
  2014-09-14 19:27 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
  2014-09-14 19:27 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
  2014-09-14 14:48 - 2014-06-22 19:13 - 71704576 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
  2014-09-14 14:48 - 2014-06-22 19:13 - 43950080 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
  2014-09-14 14:48 - 2014-06-22 19:13 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
  2014-09-14 14:48 - 2014-06-22 19:13 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
  2014-09-14 14:48 - 2014-06-22 19:13 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
  2014-08-15 21:43 - 2014-06-15 15:37 - 00000000 ____D () C:\Users\Adi\AppData\Roaming\IObit
  C:\Users\Adi\IP_Log_Data.js
  C:\Users\Adi\Network_Meter_Data.js
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Ondrys66]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Adi at 2014-09-14 22:14:58 Run:1
Running from C:\Users\Adi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-14] (Crawler.com)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Run: [wcssvc] => C:\Users\Adi\AppData\Roaming\Services\wcssvc.exe [4004016 2012-05-21] (Microsoft Corporation)
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Run: [fussvc] => C:\Users\Adi\AppData\Roaming\User\fussvc.exe [1347584 2011-05-23] (Microsoft Corporation)
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\...\Policies\Explorer: [ForceRunOnStartMenu] 1

FF NetworkProxy: "http", "202.41.10.200"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\hi9wh3g8.default\Extensions\ascsurfingprotection@iobit.com [2014-06-15]

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-14] (Crawler.com)
U3 ayzznkoz; C:\Windows\System32\Drivers\ayzznkoz.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

C:\Users\Adi\AppData\Roaming\Service
C:\Users\Adi\AppData\Roaming\User
C:\Program Files (x86)\Spyware Terminator
C:\Program Files (x86)\IObit
2014-09-14 20:51 - 2014-09-14 20:51 - 00016133 _____ () C:\Users\Adi\Desktop\FRST.txt
2014-09-14 20:29 - 2014-09-14 20:29 - 00000000 ___HD () C:\Users\Adi\AppData\Roaming\Network
2014-09-14 20:26 - 2014-09-14 20:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-14 20:10 - 2014-09-14 20:28 - 00010812 _____ () C:\zoek-results.log
2014-09-14 20:08 - 2014-09-14 20:22 - 00000000 ____D () C:\zoek_backup
2014-09-14 20:07 - 2014-09-14 20:07 - 01290240 _____ () C:\Users\Adi\Desktop\zoek.exe
2014-09-14 19:39 - 2014-09-14 19:39 - 00048369 _____ () C:\ComboFix.txt
2014-09-14 19:15 - 2014-09-14 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 19:09 - 2014-09-14 19:09 - 00002604 _____ () C:\Users\Adi\Desktop\Rkill.txt
2014-09-14 19:07 - 2014-09-14 19:06 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Adi\Desktop\rkill.com
2014-09-14 19:03 - 2014-09-14 19:03 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-09-14 18:01 - 2014-09-14 18:01 - 00015327 _____ () C:\Users\Adi\Desktop\LM.bat
2014-09-14 17:29 - 2014-09-14 17:03 - 00112640 _____ (forum.viry.cz) C:\Users\Adi\Desktop\FRSTLauncher.exe
2014-09-14 16:59 - 2014-09-14 16:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 16:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-14 19:27 - 2009-07-14 04:34 - 71704576 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-14 19:27 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-14 19:27 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-14 19:27 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-09-14 19:27 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-14 14:48 - 2014-06-22 19:13 - 71704576 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-09-14 14:48 - 2014-06-22 19:13 - 43950080 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-09-14 14:48 - 2014-06-22 19:13 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-09-14 14:48 - 2014-06-22 19:13 - 00028672 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-09-14 14:48 - 2014-06-22 19:13 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-08-15 21:43 - 2014-06-15 15:37 - 00000000 ____D () C:\Users\Adi\AppData\Roaming\IObit
C:\Users\Adi\IP_Log_Data.js
C:\Users\Adi\Network_Meter_Data.js

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NCInstallQueue => value deleted successfully.
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wcssvc => value deleted successfully.
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fussvc => value deleted successfully.
HKU\S-1-5-21-4028636639-3535163432-3999029935-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceRunOnStartMenu => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\hi9wh3g8.default\Extensions\ascsurfingprotection@iobit.com not found.
LiveUpdateSvc => Service not found.
ST2012_Svc => Service not found.
ayzznkoz => Service not found.
catchme => Service deleted successfully.
"C:\Users\Adi\AppData\Roaming\Service" => File/Directory not found.
C:\Users\Adi\AppData\Roaming\User => Moved successfully.
"C:\Program Files (x86)\Spyware Terminator" => File/Directory not found.
"C:\Program Files (x86)\IObit" => File/Directory not found.
C:\Users\Adi\Desktop\FRST.txt => Moved successfully.
C:\Users\Adi\AppData\Roaming\Network => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Adi\Desktop\zoek.exe => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Windows\erdnt => Moved successfully.
C:\Users\Adi\Desktop\Rkill.txt => Moved successfully.
C:\Users\Adi\Desktop\rkill.com => Moved successfully.
C:\Windows\Tasks\ImCleanDisabled => Moved successfully.
C:\Users\Adi\Desktop\LM.bat => Moved successfully.
C:\Users\Adi\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\Windows\system32\config\SOFTWARE.bak => Moved successfully.
C:\Windows\system32\config\SYSTEM.bak => Moved successfully.
C:\Windows\system32\config\DEFAULT.bak => Moved successfully.
C:\Windows\system32\config\SAM.bak => Moved successfully.
C:\Windows\system32\config\SECURITY.bak => Moved successfully.
C:\Windows\system32\config\SOFTWARE.iodefrag.bak => Moved successfully.
C:\Windows\system32\config\COMPONENTS.iodefrag.bak => Moved successfully.
C:\Windows\system32\config\DEFAULT.iodefrag.bak => Moved successfully.
C:\Windows\system32\config\SAM.iodefrag.bak => Moved successfully.
C:\Windows\system32\config\SECURITY.iodefrag.bak => Moved successfully.
C:\Users\Adi\AppData\Roaming\IObit => Moved successfully.
C:\Users\Adi\IP_Log_Data.js => Moved successfully.
C:\Users\Adi\Network_Meter_Data.js => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 130.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[Ondrys66]

Muzu se zeptat,v cem byl problem?
Po vymazani ComboFixem se to vratilo ?

Prakticky od nove instalace Win7 v cervnu,jsem nemel zadny problem a byly od zacatku nainstalovane i Iobit i Spyware Terminator.

[vyosek]

IOBit je cinsky kram, ktery vas neochrani. SpywareTerminator ma jiz tez nejlepsi za sebou

Byl tam jeste jeden zapomenuty soubour, ktery to vse obnovil

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Ondrys66]

Takze vsechno procisteno.
Jeste jednou bych rad podekoval.

A na zaver ,jenom mala poznamka.
Celkem chapu log z FRST,program rkill taktez,combofix je mi jasny,da se rict ze script do Zoeka jsem celkem pochopil(pouze bych ho nedokazal sam vytvorit),
ale treba fixlist pro FRST je pro me spanelska vesnice. Sice chapu o co v nem jde ,ale vytvorit ten script......
Skoda,nejsem zadny profi IT ,ale tyto veci me dost zajimaji,jen kde se je naucit :+))))
A jeste k tomu Iobit a Spywareterminatoru. Jsem ze stare skoly ,taky uz nejjsem nejmladsi a prechazet na novinky je u me problem.
Treba prechod na nove windows z XP jsem tak dlouho odkladal ,ze jsem to uskutecnil az letos v cervnu :+))) No a tyto programy jsem pouzival uz na xp.
Jinak k cisteni pouzivam mbam,ccleaner,na xp jsem jeste pouzival superantispyware.
Tot asi vse jeste jednou diky.

[vyosek]

Prace s programy je jednak o znalosti registru, jednak o zpusobu odstranovani haveti a pak o znalosti\pristupu k navodum pro praci s nimi