VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Svchost

https://forum.viry.cz:443/viewtopic.php?t=153068

Stránka 1 z 1

Svchost

Napsal: 22 říj 2017 16:38
od Jonsh
Ahoj,

byl jsem zde přesměrován, že byste mi prý zde pomohli s kontrolou logu z HiJackThis...
Svchost mi bere uz měsíc 50% výkonu a ne a ne se nabažit, kdyz ho vypnu, přestane fungovat zvuk a možná i něco dalšího...

Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:07, on 22.10.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\aswidsagent.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Cleaning\0_log_HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe

--
End of file - 4318 bytes

Re: Svchost

Napsal: 22 říj 2017 17:16
od Rudy
Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 . HijackThis je už za zenitem.

Re: Svchost

Napsal: 22 říj 2017 18:13
od Jonsh
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2017
Ran by Greggy (administrator) on DOUPE (22-10-2017 19:06:55)
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TODO: <Company name>) C:\WINDOWS\system32\WinSys2.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() D:\Cleaning\6_3264_log_RogueKiller.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1029" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1
Tcpip\..\Interfaces\{2B5E2055-782A-4327-AB47-85890C5DFB59}: [DhcpNameServer] 213.226.248.1 213.226.252.252 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
Toolbar: HKU\S-1-5-21-1343024091-343818398-1801674531-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2013-09-23] (Společnost Microsoft)

FireFox:
========
FF DefaultProfile: fqyj0nkx.default
FF ProfilePath: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default [2017-10-22]
FF user.js: detected! => C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\user.js [2017-02-23]
FF Homepage: C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default -> hxxps://www.seznam.cz/
FF Extension: (uBlock Origin) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-21]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\wrc@avast.com.xpi [2017-10-09]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\fqyj0nkx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-10-14] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-10-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2017-02-23] (Advanced Micro Devices)
S3 AmUStor; C:\WINDOWS\System32\drivers\AmUStor.SYS [75416 2017-02-23] (Alcor Micro, Corp.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [255624 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [157416 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [276736 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [50384 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [42856 2017-10-05] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [124952 2017-10-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [70112 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [70864 2017-10-05] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777952 2017-10-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [499560 2017-10-05] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [203848 2017-10-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [297840 2017-10-05] (AVAST Software)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-21] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-02-23] (REALiX(tm))
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 IUFileFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [20368 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys [24976 2017-06-13] (IObit.com)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-10-09] (Malwarebytes)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2006-03-22] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2017-02-23] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2006-03-22] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2017-10-22] ()
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S3 GMSIPCI; \??\L:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 19:06 - 2017-10-22 19:07 - 000010131 _____ C:\Documents and Settings\Greggy\Plocha\FRST.txt
2017-10-22 19:06 - 2017-10-22 19:06 - 000000000 ____D C:\FRST
2017-10-22 19:05 - 2017-10-22 19:06 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\Greggy\Plocha\FRSTLauncher.exe
2017-10-22 19:05 - 2017-10-22 19:05 - 001799168 _____ (Farbar) C:\Documents and Settings\Greggy\Plocha\FRST.exe
2017-10-22 18:19 - 2017-10-22 18:19 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2017-10-12 20:31 - 2017-10-12 20:31 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\CrashRpt
2017-10-09 23:45 - 2017-10-09 23:57 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Metropolis Software
2017-10-09 23:29 - 2017-10-09 23:29 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-09 23:29 - 2017-10-09 23:29 - 000040384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-08 20:21 - 2017-10-08 20:21 - 000000471 _____ C:\Documents and Settings\Greggy\Plocha\Gorky17.lnk
2017-10-05 10:19 - 2017-10-10 00:05 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes
2017-10-05 10:19 - 2017-10-05 10:19 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-10-05 10:19 - 2017-10-04 13:15 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-05 10:18 - 2017-10-05 10:18 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2017-10-05 09:42 - 2017-10-22 18:19 - 000035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-10-05 08:36 - 2017-10-05 08:36 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Downloaded Installers
2017-10-05 08:30 - 2017-10-05 08:30 - 000304816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-30 19:52 - 2017-10-08 20:21 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\Hry
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Program Files\Elaborate Bytes
2017-09-30 19:49 - 2017-09-30 19:49 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Elaborate Bytes
2017-09-26 17:19 - 2017-09-26 17:19 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Milionářské dětičky - léčba prací

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-22 19:08 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Temp
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ___HD C:\Documents and Settings\Greggy\Local Settings\Data aplikací
2017-10-22 19:06 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy\Plocha
2017-10-22 19:05 - 2017-02-23 13:22 - 000007336 _____ C:\WINDOWS\system32\nvAppTimestamps
2017-10-22 18:53 - 2017-04-10 23:55 - 000198656 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-22 18:19 - 2017-02-23 12:12 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-10-22 18:18 - 2017-02-23 11:39 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-10-22 15:34 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-10-22 15:34 - 2017-02-23 13:18 - 000000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-10-22 15:31 - 2017-02-23 12:03 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-10-22 15:31 - 2017-02-23 11:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-22 15:31 - 2008-04-14 14:00 - 000002422 _____ C:\WINDOWS\system32\wpa.dbl
2017-10-21 20:26 - 2017-02-25 21:06 - 000032584 _____ C:\WINDOWS\SchedLgU.Txt
2017-10-21 20:26 - 2017-02-23 11:41 - 000000178 ___SH C:\Documents and Settings\Greggy\ntuser.ini
2017-10-21 20:01 - 2017-02-23 11:41 - 000000000 ____D C:\Documents and Settings\Greggy
2017-10-20 17:47 - 2017-02-23 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-10-14 07:40 - 2017-02-24 00:00 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-14 07:40 - 2017-02-24 00:00 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-14 07:40 - 2017-02-24 00:00 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-10-14 07:40 - 2017-02-23 11:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-14 07:38 - 2017-02-23 12:12 - 000192976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 20:47 - 2017-04-10 23:54 - 000000000 ____D C:\KMPlayer
2017-10-12 20:39 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-10-12 20:39 - 2017-02-23 11:41 - 000000000 __RHD C:\Documents and Settings\Greggy\Data aplikací
2017-10-12 20:32 - 2017-02-23 12:01 - 000046176 _____ C:\Documents and Settings\Greggy\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-10-12 20:27 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users
2017-10-10 00:54 - 2017-02-25 19:22 - 000000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2017-10-10 00:51 - 2017-02-23 12:16 - 000000000 ____D C:\Documents and Settings\Greggy\Dokumenty\Stažené soubory
2017-10-10 00:14 - 2017-02-23 12:12 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-10-09 23:52 - 2017-02-23 13:18 - 001399860 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2017-10-09 23:45 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Nabídka Start\Programy
2017-10-08 10:31 - 2017-02-25 23:21 - 000000000 ____D C:\Documents and Settings\Greggy\Data aplikací\foobar2000
2017-10-05 09:33 - 2017-02-23 12:05 - 000000000 ___HD C:\WINDOWS\inf
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Program Files\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\Greggy\Nabídka Start\Programy\WinRAR
2017-10-05 09:09 - 2017-02-24 21:45 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\WinRAR
2017-10-05 08:52 - 2017-09-14 19:19 - 000000000 ____D C:\Documents and Settings\Greggy\Local Settings\Data aplikací\Avast Software
2017-10-05 08:36 - 2017-02-23 12:12 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-10-05 08:30 - 2017-02-23 12:03 - 000777952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000499560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000297840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000203848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000124952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000070112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-10-05 08:30 - 2017-02-23 12:03 - 000042856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-05 08:30 - 2017-02-23 12:01 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-10-05 08:29 - 2017-02-23 12:03 - 000276736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000255624 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000157416 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-10-05 08:29 - 2017-02-23 12:03 - 000050384 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-10-01 12:19 - 2017-02-23 11:41 - 000000000 ___RD C:\Documents and Settings\Greggy\Dokumenty\Obrázky
2017-09-30 20:12 - 2017-02-24 02:16 - 001061634 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1343024091-343818398-1801674531-1004-0.dat
2017-09-30 20:12 - 2017-02-24 02:16 - 000211738 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-09-30 14:00 - 2017-02-23 12:16 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-30 12:38 - 2017-06-10 05:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-24 09:30 - 2017-02-25 19:22 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2017-04-10 23:55 - 2017-10-22 18:53 - 000198656 _____ () C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2017-10-22 18:19 - 2010-12-09 17:15 - 000713216 _____ (Microsoft Corporation) C:\Documents and Settings\Greggy\Local Settings\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Greggy\Plocha" je 431 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe"="C:\\Program Files\\IObit\\IObit Malware Fighter\\Surfing Protection\\FFNativeMessage.exe:*:Enabled:SP_FF"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Svchost

Napsal: 22 říj 2017 19:12
od Rudy
OK. Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Svchost

Napsal: 22 říj 2017 20:43
od Jonsh
omlouvam se, píše mi to, že to není platná aplikace win32... :(

Co s tím...? Asi to už nepodporuje XPčka...

Re: Svchost

Napsal: 22 říj 2017 20:59
od Rudy
Podporovat by to měly. Nic, zkusíme to růčo. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
C:\WINDOWS\system32\winsys2.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Greggy\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Greggy\Local Settings\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Svchost

Napsal: 22 říj 2017 21:15
od Jonsh
Tohle šlo...:)

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-10-2017
Ran by Greggy (22-10-2017 22:10:00) Run:1
Running from C:\Documents and Settings\Greggy\Plocha
Loaded Profiles: Greggy (Available Profiles: Greggy & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [WinSys2] => C:\WINDOWS\system32\winsys2.exe [217088 2006-12-15] (TODO: <Company name>)
C:\WINDOWS\system32\winsys2.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd44-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\...\MountPoints2: {35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} - H:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S4 IntelIde; no ImagePath
U4 RemoteRegistry; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Greggy\Local Settings\Temp

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 => value removed successfully.
C:\WINDOWS\system32\winsys2.exe => moved successfully
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd44-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4c-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKU\S-1-5-21-1343024091-343818398-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key removed successfully.
HKLM\Software\Classes\CLSID\{35cfcd4f-4d8f-11e7-b4aa-001617d65a5e} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\RemoteRegistry => key removed successfully.
RemoteRegistry => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Greggy\Local Settings\Data aplikac\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Documents and Settings\Greggy\Local Settings\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12289 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 991 B
Windows/system/dllcache/drivers => 322584 B
Edge => 0 B
Chrome => 0 B
Firefox => 376336687 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16677 B
All Users => 0 B
systemprofile => 128735 B
LocalService => 628 B
NetworkService => 16677 B
Greggy => 5239 B
Administrator => 16677 B

RecycleBin => 0 B
EmptyTemp: => 359.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:10:37 ====

Re: Svchost

Napsal: 23 říj 2017 15:59
od Rudy
Smazáno. Nastala nějaká změna?

Re: Svchost

Napsal: 25 říj 2017 17:43
od Jonsh
Ahoj,

už 2 dny je svchost na nule !!! :)
Takže pomohlo a moc...
Ještě jsem doístal radu na Sophos virus removal tool - našel jednu pořádně schovanou breberku (Generic X) a od té doby paráda... :)

Děkuji moc za pomoc...

Re: Svchost

Napsal: 25 říj 2017 18:05
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz