VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

periodická blokace webu skrze svchost.exe

https://forum.viry.cz:443/viewtopic.php?t=153587

Stránka 1 z 2

periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 10:35
od afroun
Zdravím,

usídlila se mi nejspíš nějaká blbost někde v systému a MBAM Premium mi neustále blokuje odchozí spojení na 2 weby - lesycr.cz a dllfix.update.drivethelife.com . Co zkoušel jsem - klasiku projet CCleanerem a AdwCleanerem, ale tohle nezvládly.
Co jsem prolítl logy z FRST jen tak ze zájmu, tak v SySWOW64 je nějaký muzapp.exe, což mi nic neříká. Nicméně, co můžu udělat?

Díky za radu.

Re: periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 10:36
od Rudy
Zdravím!
WinRar hlásí poškození archivu. Uložte buď jako *.zip, nebo log někam upněte a sem dejte odkaz. Děkuji.

Re: periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 10:53
od afroun
Teď by to snad mělo být v pohodě.

Kód: Vybrat vše

https://www.edisk.cz/stahni/75069/frst.txt_89.18kb.html/

Kód: Vybrat vše

https://www.edisk.cz/stahni/91806/addition.txt_46.47kb.html/

Re: periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 13:13
od Rudy
Dal jste sice 2x FRST, nicméně teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 14:03
od afroun
Jsou to ty co jsem dělal, jak jsem říkal, nic se od té doby nedělo - ale není problém spustit znovu.

Kód: Vybrat vše

 https://www.edisk.cz/stahni/14799/adwcleaner_c0.txt_2.36kb.html

Kód: Vybrat vše

 https://www.edisk.cz/stahni/57006/adwcleaner_s0.txt_2.58kb.html

Re: periodická blokace webu skrze svchost.exe

Napsal: 16 led 2018 15:03
od Rudy
Ten E-disk po mne chce kredit, jinak mne nepusí k stažení více, než jednoho souboru za den. Upněte to raději na stahuj.cz. Potřebuji teď ty původní logy FRST a Addition.

Re: periodická blokace webu skrze svchost.exe

Napsal: 17 led 2018 09:16
od afroun
Dobré ráno,

Na stahuj.cz nevím, kde se to nahrává, ale uloz.to už musí prostě šlapat bez keců xD

Kód: Vybrat vše

https://uloz.to/tam/_dFxO1ntDxJJR

Re: periodická blokace webu skrze svchost.exe

Napsal: 17 led 2018 12:55
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {0F09381D-F0B1-47AB-B1C6-4F1F108D83CD} - System32\Tasks\txngat => C:\Users\Ondra\AppData\Local\djtdrgzrelg.bat [2017-11-10] () <==== ATTENTION
Task: {9E68166F-047E-4484-B134-A159E81CE142} - System32\Tasks\lbdctuuo => C:\Users\Ondra\AppData\Local\yklzvdmj.bat [2017-11-10] () <==== ATTENTION
Task: {D07733C1-8BC1-443E-9980-4444E0F3287C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
Task: {EC252B97-69D0-4B2C-8D93-B75EE2EBDD84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
S3 RegFilter; no ImagePath
S4 IMFFilter; no ImagePath
S4 IUFileFilter; no ImagePath
S3 cpuz139; no ImagePath
C:\Windows\LastGood.Tmp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: periodická blokace webu skrze svchost.exe

Napsal: 18 led 2018 12:16
od afroun
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Lumír (18-01-2018 12:10:30) Run:1
Running from C:\Users\Lumír\Desktop
Loaded Profiles: Lumír (Available Profiles: Lumír & Jiřinka & Ondra)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
Task: {0F09381D-F0B1-47AB-B1C6-4F1F108D83CD} - System32\Tasks\txngat => C:\Users\Ondra\AppData\Local\djtdrgzrelg.bat [2017-11-10] () <==== ATTENTION
Task: {9E68166F-047E-4484-B134-A159E81CE142} - System32\Tasks\lbdctuuo => C:\Users\Ondra\AppData\Local\yklzvdmj.bat [2017-11-10] () <==== ATTENTION
Task: {D07733C1-8BC1-443E-9980-4444E0F3287C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
Task: {EC252B97-69D0-4B2C-8D93-B75EE2EBDD84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File]
S3 RegFilter; no ImagePath
S4 IMFFilter; no ImagePath
S4 IUFileFilter; no ImagePath
S3 cpuz139; no ImagePath
C:\Windows\LastGood.Tmp

EmptyTemp:
End
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F09381D-F0B1-47AB-B1C6-4F1F108D83CD} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F09381D-F0B1-47AB-B1C6-4F1F108D83CD}" => removed successfully
C:\Windows\System32\Tasks\txngat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\txngat" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E68166F-047E-4484-B134-A159E81CE142}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E68166F-047E-4484-B134-A159E81CE142}" => removed successfully
C:\Windows\System32\Tasks\lbdctuuo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\lbdctuuo" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D07733C1-8BC1-443E-9980-4444E0F3287C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D07733C1-8BC1-443E-9980-4444E0F3287C}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC252B97-69D0-4B2C-8D93-B75EE2EBDD84}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC252B97-69D0-4B2C-8D93-B75EE2EBDD84}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => removed successfully
"HKLM\System\CurrentControlSet\Services\RegFilter" => removed successfully
RegFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\IMFFilter" => removed successfully
IMFFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
IUFileFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz139" => removed successfully
cpuz139 => service removed successfully
C:\Windows\LastGood.Tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63874139 B
Java, Flash, Steam htmlcache => 470 B
Windows/system/drivers => 153888 B
Edge => 28672 B
Chrome => 231192624 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 74080 B
LocalService => 6530 B
NetworkService => 16038 B
Lumír => 47886322 B
Jiřinka => 9160988 B
Ondra => 100705581 B

RecycleBin => 8198552 B
EmptyTemp: => 450.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:11:20 ====

Re: periodická blokace webu skrze svchost.exe

Napsal: 18 led 2018 12:31
od Rudy
Smazáno. Nastala nějaká změna?

Re: periodická blokace webu skrze svchost.exe

Napsal: 18 led 2018 15:25
od afroun
Bohužel, vyskakuje to stále - každých 5 minut. v HOSTS jsem nic nenašel a MBAM akorát říká, že to zablokoval. Koukal jsem přes TCP/IP Viewer a v momentě kdy vyskočí the drivethelife, tak ukáže:
svchost.exe 3404 TCP Lumir-PC 1811 localhost 43227 FIN_WAIT2
a po chvilce tam skočí
svchost.exe 5328 TCP lumir-pc 1851 40.77.226.249 https ESTABLISHED


což je dle WHOIS Microsoftí cosi.

Jinak SVCHOST.exe. v mezičase kouká na:
svchost.exe 964 TCP Lumir-PC epmap Lumir-PC 0 LISTENING
svchost.exe 1584 TCP Lumir-PC 1537 Lumir-PC 0 LISTENING
svchost.exe 1288 TCP Lumir-PC 1538 Lumir-PC 0 LISTENING
svchost.exe 9932 TCP lumir-pc 5040 Lumir-PC 0 LISTENING
svchost.exe 3344 UDP Lumir-PC isakmp * *
svchost.exe 3344 UDP Lumir-PC ipsec-msft * *
svchost.exe 9932 UDP Lumir-PC 5050 * *
svchost.exe 2616 UDP Lumir-PC 5353 * * 35 2 135
svchost.exe 2616 UDP Lumir-PC llmnr * *
svchost.exe 3404 UDP Lumir-PC 49735 * * 14 434 31 1
svchost.exe 964 TCPV6 lumir-pc epmap lumir-pc 0 LISTENING
svchost.exe 1584 TCPV6 lumir-pc 1537 lumir-pc 0 LISTENING
svchost.exe 1288 TCPV6 lumir-pc 1538 lumir-pc 0 LISTENING
svchost.exe 3344 UDPV6 lumir-pc 500 * *
svchost.exe 3344 UDPV6 lumir-pc 4500 * *
svchost.exe 2616 UDPV6 lumir-pc 5353 * *
svchost.exe 2616 UDPV6 lumir-pc 5355 * *
svchost.exe 3404 UDP Lumir-PC 65188 * * 3 189
svchost.exe 3460 TCP lumir-pc 1795 db5sch101101001.wns.windows.com https ESTABLISHED 8 2 234 10 4 350

Re: periodická blokace webu skrze svchost.exe

Napsal: 18 led 2018 15:59
od Rudy
Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;




Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: periodická blokace webu skrze svchost.exe

Napsal: 19 led 2018 10:40
od afroun
Malá změna se udála - už to neleze na lesycr.cz, ale jen na to drivethelife.com, což ale na mě vyskočilo hned po rebootu.
Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Lumˇr on 19.01.2018 at 10:30:55,38.
Microsoft Windows 10 Pro 10.0.16299 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUMR~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.01.2018 10:31:27 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gfe_rd=cr&dcr=0& ... gws_rd=ssl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0AC3F103-75C7-41B6-ADDA-211CF9561DAE}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{00AFC237-E70D-4F05-9EF5-2C6BB9AC3894} - http://www.novinky.cz/hledej?w={searchT ... arch_29530
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{0AC3F103-75C7-41B6-ADDA-211CF9561DAE} - https://www.google.com/search?q={search ... utEncoding?}
HKCU\SearchScopes\{2743FE42-3540-4A53-818A-E794BEE83E85} - http://tv.seznam.cz/hledej?w={searchTer ... arch_29530
HKCU\SearchScopes\{42C6AD50-11CC-4E10-B07F-E28DB66ADEEA} - http://slovnik.seznam.cz/?q={searchTerm ... arch_29530
HKCU\SearchScopes\{5230D720-B551-4F3A-B22C-282348AD7B87} - http://search.seznam.cz/?q={searchTerms ... arch_29530
HKCU\SearchScopes\{5D8E5F05-26FF-4993-95AB-E39E49C1CE4C} - http://www.firmy.cz/?q={searchTerms}&so ... arch_29530
HKCU\SearchScopes\{60046DF7-D109-4CF6-9CB9-2AA746CB92C2} - http://encyklopedie.seznam.cz/search?q= ... arch_29530
HKCU\SearchScopes\{726C399B-CB7F-4BB5-BEF6-1CE0EE4D4369} - http://slovnik.seznam.cz/?q={searchTerm ... arch_29530
HKCU\SearchScopes\{8527397F-5D69-4306-BB14-134037E0F0DD} - http://www.mapy.cz/?query={searchTerms} ... arch_29530
HKCU\SearchScopes\{8FB37C0F-B1AC-447F-BBF0-7CD9A844F288} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_29530

==== Reset Google Chrome ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIINKA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JIINKA~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\JIINKA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\JIINKA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\JIINKA~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\LUMR~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ondra\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\JIINKA~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\LUMR~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\JIINKA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LUMR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\LUMR~1\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on 19.01.2018 at 10:33:30,12 ======================

Re: periodická blokace webu skrze svchost.exe

Napsal: 19 led 2018 13:15
od Rudy
Tak Zoek něco smazal. A co Junkware?

Re: periodická blokace webu skrze svchost.exe

Napsal: 19 led 2018 13:52
od afroun
Toho Junkware jsem si nějak nevšiml :?: , nicméně log už je - ještě za chvilku dám Adwcleaner
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Lumˇr (Administrator) on 19.01.2018 at 13:49:12,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\thunder network (Folder)
Successfully deleted: C:\Users\Lumˇr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Lumˇr\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Lumˇr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Ondra) (Task)



Registry: 4

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Registry Key)
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5230D720-B551-4F3A-B22C-282348AD7B87} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.01.2018 at 13:51:02,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz