Ahoj,
byl jsem zde přesměrován, že byste mi prý zde pomohli s kontrolou logu z HiJackThis...
Svchost mi bere uz měsíc 50% výkonu a ne a ne se nabažit, kdyz ho vypnu, přestane fungovat zvuk a možná i něco dalšího...
Děkuji.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:07, on 22.10.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\aswidsagent.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Cleaning\0_log_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
--
End of file - 4318 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Svchost
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119666
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Svchost
Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 . HijackThis je už za zenitem.
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 . HijackThis je už za zenitem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Svchost
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2017
Ran by Greggy (administrator) on DOUPE (22-10-2017 19:06:55)
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TODO: <Company name>) C:\WINDOWS\system32\WinSys2.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() D:\Cleaning\6_3264_log_RogueKiller.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1029" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1
Tcpip\..\Interfaces\{2B5E2055-782A-4327-AB47-85890C5DFB59}: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-09-23] (Společnost Microsoft)
FireFox:
========
FF DefaultProfile: fqyj0nkx.default
FF ProfilePath: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default [2017-10-22]
FF user.js: detected! => C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\user.js [2017-02-23]
FF Homepage: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default -> hxxps://www.seznam.cz/
FF Extension: (uBlock Origin) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-21]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\wrc@avast.com.xpi [2017-10-09]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-14] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2017-02-23] (Advanced Micro Devices)
S3 AmUStor; C:\WINDOWS\System32\drivers\AmUStor.SYS [75416 2017-02-23] (Alcor Micro, Corp.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777952 2017-10-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-05] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-05] (AVAST Software)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-02-23] (REALiX(tm))
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 IUFileFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [20368 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys [24976 2017-06-13] (IObit.com)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-09] (Malwarebytes)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2006-03-22] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2017-02-23] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2006-03-22] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2017-10-22] ()
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 GMSIPCI; \??\L:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 19:06 - 2017-10-22 19:07 - 000010131 _____ C:\Documents and Settings\Greggy\Plocha\FRST.txt
2017-10-22 19:06 - 2017-10-22 19:06 - 000000000 ____D C:\FRST
2017-10-22 19:05 - 2017-10-22 19:06 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe
2017-10-22 19:05 - 2017-10-22 19:05 - 001799168 _____ (Farbar) C:\Documents and Settings\Greggy\Plocha\FRST.exe
2017-10-22 18:19 - 2017-10-22 18:19 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2017-10-12 20:31 - 2017-10-12 20:31 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\CrashRpt
2017-10-09 23:45 - 2017-10-09 23:57 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Metropolis Software
2017-10-09 23:29 - 2017-10-09 23:29 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-09 23:29 - 2017-10-09 23:29 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-08 20:21 - 2017-10-08 20:21 - 000000471 _____ C:\Documents and Settings\Greggy\Plocha\Gorky17.lnk
2017-10-05 10:19 - 2017-10-10 00:05 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes
2017-10-05 10:19 - 2017-10-05 10:19 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-05 10:19 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-10-05 09:42 - 2017-10-22 18:19 - 000035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-05 08:36 - 2017-10-05 08:36 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Downloaded Installers
2017-10-05 08:30 - 2017-10-05 08:30 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-30 19:52 - 2017-10-08 20:21 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Hry
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Program Files\Elaborate Bytes
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Elaborate Bytes
2017-09-26 17:19 - 2017-09-26 17:19 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Milionářské dětičky - léčba prací
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 19:08 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Temp
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ___HD C:\Documents and Settings\Greggy\Local Settings\Data aplikací
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Plocha
2017-10-22 19:05 - 2017-02-23 13:22 - 000007336 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-10-22 18:53 - 2017-04-10 23:55 - 000198656 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 18:19 - 2017-02-23 12:12 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-10-22 18:18 - 2017-02-23 11:39 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-22 15:34 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-10-22 15:34 - 2017-02-23 13:18 - 000000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-10-22 15:31 - 2017-02-23 12:03 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-22 15:31 - 2017-02-23 11:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-22 15:31 - 2008-04-14 14:00 - 000002422 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-21 20:26 - 2017-02-25 21:06 - 000032584 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-21 20:26 - 2017-02-23 11:41 - 000000178 ___SH C:\Documents and Settings\Greggy\ntuser.ini
2017-10-21 20:01 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy
2017-10-20 17:47 - 2017-02-23 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-10-14 07:40 - 2017-02-24 00:00 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-14 07:40 - 2017-02-24 00:00 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-14 07:40 - 2017-02-24 00:00 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-14 07:40 - 2017-02-23 11:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-14 07:38 - 2017-02-23 12:12 - 000192976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 20:47 - 2017-04-10 23:54 - 000000000 ____D C:\KMPlayer
2017-10-12 20:39 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-10-12 20:39 - 2017-02-23 11:41 - 000000000 __RHD C:\Documents and Settings\Greggy\Data aplikací
2017-10-12 20:32 - 2017-02-23 12:01 - 000046176 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-10-12 20:27 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users
2017-10-10 00:54 - 2017-02-25 19:22 - 000000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2017-10-10 00:51 - 2017-02-23 12:16 - 000000000 ____D C:\Documents and Settings\Greggy\Dokumenty\Stažené soubory
2017-10-10 00:14 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-10-09 23:52 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2017-10-09 23:45 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Nabídka Start\Programy
2017-10-08 10:31 - 2017-02-25 23:21 - 000000000 ____D C:\Documents and Settings\Greggy\Data aplikací\foobar2000
2017-10-05 09:33 - 2017-02-23 12:05 - 000000000 ___HD C:\WINDOWS\inf
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Program Files\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2017-10-05 08:52 - 2017-09-14 19:19 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\Avast Software
2017-10-05 08:36 - 2017-02-23 12:12 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-10-05 08:30 - 2017-02-23 12:03 - 000777952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000203848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-05 08:30 - 2017-02-23 12:01 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-10-05 08:29 - 2017-02-23 12:03 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-01 12:19 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Dokumenty\Obrázky
2017-09-30 20:12 - 2017-02-24 02:16 - 001061634 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1343024091-343818398-1801674531-1004-0.dat
2017-09-30 20:12 - 2017-02-24 02:16 - 000211738 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-09-30 14:00 - 2017-02-23 12:16 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-30 12:38 - 2017-06-10 05:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-24 09:30 - 2017-02-25 19:22 - 000000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2017-04-10 23:55 - 2017-10-22 18:53 - 000198656 _____ () C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-10-22 18:19 - 2010-12-09 17:15 - 000713216 _____ (Microsoft Corporation) C:\Documents and Settings\Greggy\Local Settings\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Greggy\Plocha" je 431 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe"="C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe:*:Enabled:SP_FF"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Greggy (administrator) on DOUPE (22-10-2017 19:06:55)
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TODO: <Company name>) C:\WINDOWS\system32\WinSys2.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() D:\Cleaning\6_3264_log_RogueKiller.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1029" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1
Tcpip\..\Interfaces\{2B5E2055-782A-4327-AB47-85890C5DFB59}: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-09-23] (Společnost Microsoft)
FireFox:
========
FF DefaultProfile: fqyj0nkx.default
FF ProfilePath: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default [2017-10-22]
FF user.js: detected! => C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\user.js [2017-02-23]
FF Homepage: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default -> hxxps://www.seznam.cz/
FF Extension: (uBlock Origin) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-21]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\wrc@avast.com.xpi [2017-10-09]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-14] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2017-02-23] (Advanced Micro Devices)
S3 AmUStor; C:\WINDOWS\System32\drivers\AmUStor.SYS [75416 2017-02-23] (Alcor Micro, Corp.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777952 2017-10-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-05] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-05] (AVAST Software)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-02-23] (REALiX(tm))
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 IUFileFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [20368 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys [24976 2017-06-13] (IObit.com)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-09] (Malwarebytes)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2006-03-22] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2017-02-23] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2006-03-22] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2017-10-22] ()
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 GMSIPCI; \??\L:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 19:06 - 2017-10-22 19:07 - 000010131 _____ C:\Documents and Settings\Greggy\Plocha\FRST.txt
2017-10-22 19:06 - 2017-10-22 19:06 - 000000000 ____D C:\FRST
2017-10-22 19:05 - 2017-10-22 19:06 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe
2017-10-22 19:05 - 2017-10-22 19:05 - 001799168 _____ (Farbar) C:\Documents and Settings\Greggy\Plocha\FRST.exe
2017-10-22 18:19 - 2017-10-22 18:19 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2017-10-12 20:31 - 2017-10-12 20:31 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\CrashRpt
2017-10-09 23:45 - 2017-10-09 23:57 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Metropolis Software
2017-10-09 23:29 - 2017-10-09 23:29 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-09 23:29 - 2017-10-09 23:29 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-08 20:21 - 2017-10-08 20:21 - 000000471 _____ C:\Documents and Settings\Greggy\Plocha\Gorky17.lnk
2017-10-05 10:19 - 2017-10-10 00:05 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes
2017-10-05 10:19 - 2017-10-05 10:19 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-05 10:19 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-10-05 09:42 - 2017-10-22 18:19 - 000035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-05 08:36 - 2017-10-05 08:36 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Downloaded Installers
2017-10-05 08:30 - 2017-10-05 08:30 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-30 19:52 - 2017-10-08 20:21 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Hry
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Program Files\Elaborate Bytes
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Elaborate Bytes
2017-09-26 17:19 - 2017-09-26 17:19 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Milionářské dětičky - léčba prací
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-22 19:08 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Temp
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ___HD C:\Documents and Settings\Greggy\Local Settings\Data aplikací
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Plocha
2017-10-22 19:05 - 2017-02-23 13:22 - 000007336 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-10-22 18:53 - 2017-04-10 23:55 - 000198656 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 18:19 - 2017-02-23 12:12 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-10-22 18:18 - 2017-02-23 11:39 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-22 15:34 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-10-22 15:34 - 2017-02-23 13:18 - 000000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-10-22 15:31 - 2017-02-23 12:03 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-22 15:31 - 2017-02-23 11:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-22 15:31 - 2008-04-14 14:00 - 000002422 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-21 20:26 - 2017-02-25 21:06 - 000032584 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-21 20:26 - 2017-02-23 11:41 - 000000178 ___SH C:\Documents and Settings\Greggy\ntuser.ini
2017-10-21 20:01 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy
2017-10-20 17:47 - 2017-02-23 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-10-14 07:40 - 2017-02-24 00:00 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-14 07:40 - 2017-02-24 00:00 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-14 07:40 - 2017-02-24 00:00 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-14 07:40 - 2017-02-23 11:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-14 07:38 - 2017-02-23 12:12 - 000192976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 20:47 - 2017-04-10 23:54 - 000000000 ____D C:\KMPlayer
2017-10-12 20:39 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-10-12 20:39 - 2017-02-23 11:41 - 000000000 __RHD C:\Documents and Settings\Greggy\Data aplikací
2017-10-12 20:32 - 2017-02-23 12:01 - 000046176 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-10-12 20:27 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users
2017-10-10 00:54 - 2017-02-25 19:22 - 000000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2017-10-10 00:51 - 2017-02-23 12:16 - 000000000 ____D C:\Documents and Settings\Greggy\Dokumenty\Stažené soubory
2017-10-10 00:14 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-10-09 23:52 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2017-10-09 23:45 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Nabídka Start\Programy
2017-10-08 10:31 - 2017-02-25 23:21 - 000000000 ____D C:\Documents and Settings\Greggy\Data aplikací\foobar2000
2017-10-05 09:33 - 2017-02-23 12:05 - 000000000 ___HD C:\WINDOWS\inf
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Program Files\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2017-10-05 08:52 - 2017-09-14 19:19 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\Avast Software
2017-10-05 08:36 - 2017-02-23 12:12 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-10-05 08:30 - 2017-02-23 12:03 - 000777952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000203848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-05 08:30 - 2017-02-23 12:01 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-10-05 08:29 - 2017-02-23 12:03 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-01 12:19 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Dokumenty\Obrázky
2017-09-30 20:12 - 2017-02-24 02:16 - 001061634 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1343024091-343818398-1801674531-1004-0.dat
2017-09-30 20:12 - 2017-02-24 02:16 - 000211738 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-09-30 14:00 - 2017-02-23 12:16 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-30 12:38 - 2017-06-10 05:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-24 09:30 - 2017-02-25 19:22 - 000000000 ____D C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2017-04-10 23:55 - 2017-10-22 18:53 - 000198656 _____ () C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-10-22 18:19 - 2010-12-09 17:15 - 000713216 _____ (Microsoft Corporation) C:\Documents and Settings\Greggy\Local Settings\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Greggy\Plocha" je 431 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe"="C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe:*:Enabled:SP_FF"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (329 bajtů) Staženo 81 x
-
Rudy
- Site Admin
- Příspěvky: 119666
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Svchost
OK. Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Svchost
omlouvam se, píše mi to, že to není platná aplikace win32... 
Co s tím...? Asi to už nepodporuje XPčka...
Co s tím...? Asi to už nepodporuje XPčka...
-
Rudy
- Site Admin
- Příspěvky: 119666
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Svchost
Podporovat by to měly. Nic, zkusíme to růčo. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
C:\WINDOWS\system32\winsys2.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Greggy\Local Settings\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Svchost
Tohle šlo...
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-10-2017
Ran by Greggy (22-10-2017 22:10:00) Run:1
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
C:\WINDOWS\system32\winsys2.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Greggy\Local Settings\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 => value removed successfully.
C:\WINDOWS\system32\winsys2.exe => moved successfully
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\RemoteRegistry => key removed successfully.
RemoteRegistry => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Documents and Settings\Greggy\Local Settings\Temp => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 12289 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 991 B
Windows/system/dllcache/drivers => 322584 B
Edge => 0 B
Chrome => 0 B
Firefox => 376336687 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16677 B
All Users => 0 B
systemprofile => 128735 B
LocalService => 628 B
NetworkService => 16677 B
Greggy => 5239 B
Administrator => 16677 B
RecycleBin => 0 B
EmptyTemp: => 359.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:10:37 ====
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-10-2017
Ran by Greggy (22-10-2017 22:10:00) Run:1
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
C:\WINDOWS\system32\winsys2.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Greggy\Local Settings\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 => value removed successfully.
C:\WINDOWS\system32\winsys2.exe => moved successfully
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\RemoteRegistry => key removed successfully.
RemoteRegistry => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Documents and Settings\Greggy\Local Settings\Temp => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 12289 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 991 B
Windows/system/dllcache/drivers => 322584 B
Edge => 0 B
Chrome => 0 B
Firefox => 376336687 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16677 B
All Users => 0 B
systemprofile => 128735 B
LocalService => 628 B
NetworkService => 16677 B
Greggy => 5239 B
Administrator => 16677 B
RecycleBin => 0 B
EmptyTemp: => 359.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:10:37 ====
-
Rudy
- Site Admin
- Příspěvky: 119666
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Svchost
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Svchost
Ahoj,
už 2 dny je svchost na nule !!!
Takže pomohlo a moc...
Ještě jsem doístal radu na Sophos virus removal tool - našel jednu pořádně schovanou breberku (Generic X) a od té doby paráda...
Děkuji moc za pomoc...
už 2 dny je svchost na nule !!!
Takže pomohlo a moc...
Ještě jsem doístal radu na Sophos virus removal tool - našel jednu pořádně schovanou breberku (Generic X) a od té doby paráda...
Děkuji moc za pomoc...
-
Rudy
- Site Admin
- Příspěvky: 119666
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Svchost
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?