~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Patrik (Administrator) on st 21.09.2016 at 13:55:54,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 16
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TIE4D6S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q88VXL2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D50B3Y1R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSD7VE8U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5L8GXV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8LWKDRV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIG5H8MQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIHRMFXQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TIE4D6S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q88VXL2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D50B3Y1R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSD7VE8U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S5L8GXV3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8LWKDRV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIG5H8MQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIHRMFXQ (Temporary Internet Files Folder)
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 21.09.2016 at 13:58:51,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU Vyřešeno
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
RogueKiller.exe nejde spustit.
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
NEpomáhá ani spustit několikrát či přejmenovat
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
SystemLook 30.07.11 by jpshortstuff
Log created at 14:35 on 21/09/2016 by Patrik
Administrator - Elevation successful
========== filefind ==========
Searching for "mcafee"
No files found.
========== dir ==========
mcafee - Unable to find folder.
========== regfind ==========
Searching for "mcafee"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\McAfee Security Scan]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32]
@=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32]
@="C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\HELPDIR]
@="C:\Program Files\McAfee Security Scan\3.11.266"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"DisplayName"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"DisplayIcon"=""C:\Program Files\McAfee Security Scan\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"UninstallString"=""C:\Program Files\McAfee Security Scan\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"ExePath"="C:\Program Files\McAfee Security Scan\3.11.266\McUICnt.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"InstallVersionDirectory"="C:\Program Files\McAfee Security Scan\3.11.266\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"InstallDirectory"="C:\Program Files\McAfee Security Scan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"Publisher"="McAfee, Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\McAfee Security Scan]
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
========== folderfind ==========
Searching for "mcafee"
No folders found.
========== process ==========
mcafee
Log created at 14:35 on 21/09/2016 by Patrik
Administrator - Elevation successful
========== filefind ==========
Searching for "mcafee"
No files found.
========== dir ==========
mcafee - Unable to find folder.
========== regfind ==========
Searching for "mcafee"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\McAfee Security Scan]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32]
@=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32]
@="C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\HELPDIR]
@="C:\Program Files\McAfee Security Scan\3.11.266"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"DisplayName"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"DisplayIcon"=""C:\Program Files\McAfee Security Scan\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"UninstallString"=""C:\Program Files\McAfee Security Scan\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"ExePath"="C:\Program Files\McAfee Security Scan\3.11.266\McUICnt.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"InstallVersionDirectory"="C:\Program Files\McAfee Security Scan\3.11.266\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"InstallDirectory"="C:\Program Files\McAfee Security Scan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan]
"Publisher"="McAfee, Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"ImagePath"=""C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"DisplayName"="McAfee Security Scan Component Host Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService]
"Description"="McAfee Security Scan Component Host Service"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\McAfee Security Scan]
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\McAfee Security Scan\uninstall.exe"="McAfee Security Scan Plus Installer"
[HKEY_USERS\S-1-5-21-2261712208-956578385-3250285075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Patrik\AppData\Local\temp\MCPR\McClnUI.exe"="McAfee CleanUp Tool"
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
========== folderfind ==========
Searching for "mcafee"
No folders found.
========== process ==========
mcafee
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
ComboFix 16-09-14.01 - Patrik 21.09.2016 20:44:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.1558 [GMT 2:00]
Spuštěný z: c:\users\Patrik\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oem23.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-21 do 2016-09-21 )))))))))))))))))))))))))))))))
.
.
2016-09-21 18:54 . 2016-09-21 18:54 -------- d-----w- c:\users\Patrik\AppData\Local\temp
2016-09-21 18:54 . 2016-09-21 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-19 21:01 . 2016-09-19 21:01 -------- d-----w- c:\program files\VS Revo Group
2016-09-19 18:05 . 2016-09-19 18:05 -------- d-----w- c:\users\Patrik\AppData\Local\WellWeWeb
2016-09-19 18:04 . 2016-09-19 18:04 -------- d-----w- c:\users\Patrik\AppData\Local\Chevolume.com
2016-09-19 17:39 . 2016-09-19 17:39 -------- d-----w- C:\mfe
2016-09-19 17:14 . 2016-09-19 17:14 -------- d-----w- C:\8b0055e4064785f327927050
2016-09-19 17:14 . 2016-09-19 17:14 -------- d-----w- c:\programdata\Package Cache
2016-09-19 17:13 . 2016-09-19 17:13 -------- d-----w- c:\program files\CheVolume
2016-09-18 16:13 . 2016-09-18 16:13 -------- d-----w- c:\users\Patrik\AppData\Local\Adobe
2016-09-18 15:53 . 2016-09-19 18:15 -------- d-----w- c:\program files\Rockstar Games
2016-09-18 15:53 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2016-09-18 15:53 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2016-09-18 15:53 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2016-09-18 15:53 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2016-09-18 15:53 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2016-09-18 15:53 . 2016-09-18 15:53 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2016-09-18 15:53 . 2016-09-18 15:53 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2016-09-18 15:52 . 2016-09-21 12:38 -------- d-----w- c:\users\Patrik\AppData\Local\CrashDumps
2016-09-18 15:08 . 2016-09-21 11:51 -------- d-----w- C:\AdwCleaner
2016-09-18 14:32 . 2016-09-18 14:32 -------- d-----w- c:\users\Patrik\AppData\Local\CEF
2016-09-18 06:56 . 2016-09-18 06:56 -------- d-----w- c:\program files\Noël Danjou
2016-09-18 05:29 . 2016-09-18 05:29 -------- d-----w- c:\users\Patrik\AppData\Roaming\Fallout
2016-09-18 05:23 . 2016-09-18 05:23 -------- d-----w- C:\GOG Games
2016-09-17 23:35 . 2016-09-17 23:35 -------- d-----w- c:\program files\Fraps
2016-09-16 21:18 . 2016-09-16 21:20 -------- d-----w- c:\program files\Opera
2016-09-16 16:30 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iusF197.tmp
2016-09-16 14:57 . 2016-09-16 21:17 -------- d-----w- c:\users\Patrik\Valley
2016-09-16 04:48 . 2016-09-16 04:48 -------- d-----w- c:\windows\system32\Adobe
2016-09-16 04:41 . 2016-09-16 04:41 -------- d-----w- c:\users\Patrik\AppData\Local\Macromedia
2016-09-16 04:40 . 2016-09-16 04:40 -------- d-----w- c:\users\Patrik\AppData\Local\Mozilla
2016-09-16 04:39 . 2016-09-16 04:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-09-16 01:54 . 2016-09-16 01:54 -------- d-----w- c:\programdata\McAfee Security Scan
2016-09-16 01:54 . 2016-09-16 01:54 -------- d-----w- c:\program files\McAfee Security Scan
2016-09-15 00:17 . 2016-09-15 00:17 -------- d-----w- c:\program files\Common Files\Gretech Corporation
2016-09-15 00:17 . 2016-09-15 00:17 -------- d-----w- c:\program files\GRETECH
2016-09-14 22:41 . 2016-09-14 22:41 -------- d-----w- c:\users\Patrik\AppData\Local\Opera Software
2016-09-14 22:41 . 2016-09-14 22:41 -------- d-----w- c:\users\Patrik\AppData\Roaming\Opera Software
2016-09-13 16:31 . 2016-09-13 16:31 -------- d-----w- c:\users\Patrik\AppData\Roaming\InstallShield
2016-09-13 14:40 . 2009-02-20 14:56 1882616 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2016-09-13 14:40 . 2016-09-13 14:40 -------- d-----w- c:\programdata\Broadcom
2016-09-12 14:11 . 2016-09-13 13:11 -------- d-----w- c:\users\Patrik\AppData\Roaming\My Battle for Middle-earth Files
2016-09-12 13:31 . 2016-09-12 13:31 -------- d-----w- c:\program files\EA GAMES
2016-09-11 21:37 . 2016-09-11 21:36 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-09-11 21:34 . 2016-09-11 21:34 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-11 21:34 . 2016-09-11 21:34 -------- d-----w- c:\users\Patrik\AppData\Roaming\AVAST Software
2016-09-11 21:33 . 2016-09-11 21:32 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-09-11 21:33 . 2016-09-11 21:32 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-09-11 21:33 . 2016-09-11 21:32 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-09-11 21:33 . 2016-09-11 21:32 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-11 21:33 . 2016-09-11 21:32 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-11 21:33 . 2016-09-11 21:32 434144 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-09-11 21:33 . 2016-09-11 21:32 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-09-11 21:33 . 2016-09-11 21:32 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-11 21:33 . 2016-09-13 11:28 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-11 21:32 . 2016-09-11 21:31 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-11 21:32 . 2016-09-11 21:31 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-11 21:31 . 2016-09-11 21:31 53208 ----a-w- c:\windows\avastSS.scr
2016-09-11 21:30 . 2016-09-11 21:36 -------- d-----w- c:\program files\AVAST Software
2016-09-11 21:30 . 2016-09-11 21:36 -------- d-----w- c:\programdata\AVAST Software
2016-09-11 21:20 . 2016-09-11 21:20 -------- d-----w- C:\ec7fd3b91c5dec9ae09c222e9c
2016-09-11 21:18 . 2016-09-11 21:18 -------- d-----w- c:\users\Patrik\AppData\Local\Disc_Soft_Ltd
2016-09-11 21:17 . 2016-09-11 21:17 40504 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-09-11 21:17 . 2016-09-11 21:17 26168 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-09-11 21:17 . 2016-09-11 21:19 -------- d-----w- c:\users\Patrik\AppData\Roaming\DAEMON Tools Lite
2016-09-11 21:16 . 2016-09-11 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2016-09-11 21:16 . 2016-09-11 21:16 -------- d-----w- c:\programdata\DAEMON Tools Lite
2016-09-11 20:42 . 2016-09-11 20:42 -------- d-----w- c:\users\Patrik\AppData\Roaming\Samsung
2016-09-11 20:26 . 2016-09-11 20:26 -------- d-----w- C:\c6859910e28c487980726fd58e55c6
2016-09-11 19:52 . 2016-09-11 19:59 -------- d-----w- C:\AVG_Remover
2016-09-11 16:02 . 2016-09-11 16:02 -------- d-----w- c:\programdata\WindowsSearch
2016-09-09 11:30 . 2016-09-09 11:12 24064 ----a-w- c:\windows\zoek-delete.exe
2016-09-08 20:05 . 2016-09-08 20:05 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-08 20:05 . 2016-09-08 20:05 -------- d-----w- c:\programdata\RogueKiller
2016-09-08 18:06 . 2016-09-21 12:26 -------- d-----w- c:\users\Patrik\AppData\Roaming\GameLauncher
2016-09-08 17:34 . 2016-09-21 12:01 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-08 17:33 . 2016-09-08 17:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-08 17:33 . 2016-09-08 17:33 -------- d-----w- c:\programdata\Malwarebytes
2016-09-08 17:33 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-08 17:33 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-08 17:33 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-08 15:24 . 2016-09-08 15:24 -------- d-----w- c:\windows\system32\x64
2016-09-07 14:30 . 2016-09-07 14:30 -------- d-----w- c:\windows\Sun
2016-09-07 11:55 . 2016-05-18 12:49 144664 ----a-w- c:\windows\system32\secman.dll
2016-09-07 11:55 . 2016-05-18 12:49 4659712 ----a-w- c:\windows\system32\Redemption.dll
2016-09-07 11:54 . 2016-05-18 12:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2016-09-07 11:54 . 2016-05-18 12:49 821824 ----a-w- c:\windows\system32\dgderapi.dll
2016-09-07 11:51 . 2016-09-07 11:56 -------- d-----w- c:\programdata\Samsung
2016-09-07 11:49 . 2016-09-07 11:49 -------- d-----w- c:\users\Patrik\AppData\Local\Downloaded Installations
2016-09-07 11:37 . 2016-09-07 11:37 -------- d-----w- c:\program files\Common Files\Java
2016-09-07 11:37 . 2016-09-07 11:37 -------- d-----w- c:\users\Patrik\.oracle_jre_usage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-07 11:35 . 2014-11-19 15:14 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-11 21:31 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-03 3281600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-12 9107616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\5x5zllr9.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-09-21 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\Patrik\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2016-09-21 20:57:00
ComboFix-quarantined-files.txt 2016-09-21 18:56
.
Před spuštěním: Volných bajtů: 146 855 936 000
Po spuštění: Volných bajtů: 146 856 939 520
.
- - End Of File - - 5812A91DDC9119BFDEC163CD971D2859
A36C5E4F47E84449FF07ED3517B43A31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3001.1558 [GMT 2:00]
Spuštěný z: c:\users\Patrik\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oem23.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-08-21 do 2016-09-21 )))))))))))))))))))))))))))))))
.
.
2016-09-21 18:54 . 2016-09-21 18:54 -------- d-----w- c:\users\Patrik\AppData\Local\temp
2016-09-21 18:54 . 2016-09-21 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-19 21:01 . 2016-09-19 21:01 -------- d-----w- c:\program files\VS Revo Group
2016-09-19 18:05 . 2016-09-19 18:05 -------- d-----w- c:\users\Patrik\AppData\Local\WellWeWeb
2016-09-19 18:04 . 2016-09-19 18:04 -------- d-----w- c:\users\Patrik\AppData\Local\Chevolume.com
2016-09-19 17:39 . 2016-09-19 17:39 -------- d-----w- C:\mfe
2016-09-19 17:14 . 2016-09-19 17:14 -------- d-----w- C:\8b0055e4064785f327927050
2016-09-19 17:14 . 2016-09-19 17:14 -------- d-----w- c:\programdata\Package Cache
2016-09-19 17:13 . 2016-09-19 17:13 -------- d-----w- c:\program files\CheVolume
2016-09-18 16:13 . 2016-09-18 16:13 -------- d-----w- c:\users\Patrik\AppData\Local\Adobe
2016-09-18 15:53 . 2016-09-19 18:15 -------- d-----w- c:\program files\Rockstar Games
2016-09-18 15:53 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2016-09-18 15:53 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2016-09-18 15:53 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2016-09-18 15:53 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2016-09-18 15:53 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2016-09-18 15:53 . 2016-09-18 15:53 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2016-09-18 15:53 . 2016-09-18 15:53 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2016-09-18 15:52 . 2016-09-21 12:38 -------- d-----w- c:\users\Patrik\AppData\Local\CrashDumps
2016-09-18 15:08 . 2016-09-21 11:51 -------- d-----w- C:\AdwCleaner
2016-09-18 14:32 . 2016-09-18 14:32 -------- d-----w- c:\users\Patrik\AppData\Local\CEF
2016-09-18 06:56 . 2016-09-18 06:56 -------- d-----w- c:\program files\Noël Danjou
2016-09-18 05:29 . 2016-09-18 05:29 -------- d-----w- c:\users\Patrik\AppData\Roaming\Fallout
2016-09-18 05:23 . 2016-09-18 05:23 -------- d-----w- C:\GOG Games
2016-09-17 23:35 . 2016-09-17 23:35 -------- d-----w- c:\program files\Fraps
2016-09-16 21:18 . 2016-09-16 21:20 -------- d-----w- c:\program files\Opera
2016-09-16 16:30 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iusF197.tmp
2016-09-16 14:57 . 2016-09-16 21:17 -------- d-----w- c:\users\Patrik\Valley
2016-09-16 04:48 . 2016-09-16 04:48 -------- d-----w- c:\windows\system32\Adobe
2016-09-16 04:41 . 2016-09-16 04:41 -------- d-----w- c:\users\Patrik\AppData\Local\Macromedia
2016-09-16 04:40 . 2016-09-16 04:40 -------- d-----w- c:\users\Patrik\AppData\Local\Mozilla
2016-09-16 04:39 . 2016-09-16 04:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-09-16 01:54 . 2016-09-16 01:54 -------- d-----w- c:\programdata\McAfee Security Scan
2016-09-16 01:54 . 2016-09-16 01:54 -------- d-----w- c:\program files\McAfee Security Scan
2016-09-15 00:17 . 2016-09-15 00:17 -------- d-----w- c:\program files\Common Files\Gretech Corporation
2016-09-15 00:17 . 2016-09-15 00:17 -------- d-----w- c:\program files\GRETECH
2016-09-14 22:41 . 2016-09-14 22:41 -------- d-----w- c:\users\Patrik\AppData\Local\Opera Software
2016-09-14 22:41 . 2016-09-14 22:41 -------- d-----w- c:\users\Patrik\AppData\Roaming\Opera Software
2016-09-13 16:31 . 2016-09-13 16:31 -------- d-----w- c:\users\Patrik\AppData\Roaming\InstallShield
2016-09-13 14:40 . 2009-02-20 14:56 1882616 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2016-09-13 14:40 . 2016-09-13 14:40 -------- d-----w- c:\programdata\Broadcom
2016-09-12 14:11 . 2016-09-13 13:11 -------- d-----w- c:\users\Patrik\AppData\Roaming\My Battle for Middle-earth Files
2016-09-12 13:31 . 2016-09-12 13:31 -------- d-----w- c:\program files\EA GAMES
2016-09-11 21:37 . 2016-09-11 21:36 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-09-11 21:34 . 2016-09-11 21:34 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-11 21:34 . 2016-09-11 21:34 -------- d-----w- c:\users\Patrik\AppData\Roaming\AVAST Software
2016-09-11 21:33 . 2016-09-11 21:32 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-09-11 21:33 . 2016-09-11 21:32 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-09-11 21:33 . 2016-09-11 21:32 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-09-11 21:33 . 2016-09-11 21:32 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-11 21:33 . 2016-09-11 21:32 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-11 21:33 . 2016-09-11 21:32 434144 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-09-11 21:33 . 2016-09-11 21:32 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-09-11 21:33 . 2016-09-11 21:32 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-11 21:33 . 2016-09-13 11:28 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-11 21:32 . 2016-09-11 21:31 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-11 21:32 . 2016-09-11 21:31 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-11 21:31 . 2016-09-11 21:31 53208 ----a-w- c:\windows\avastSS.scr
2016-09-11 21:30 . 2016-09-11 21:36 -------- d-----w- c:\program files\AVAST Software
2016-09-11 21:30 . 2016-09-11 21:36 -------- d-----w- c:\programdata\AVAST Software
2016-09-11 21:20 . 2016-09-11 21:20 -------- d-----w- C:\ec7fd3b91c5dec9ae09c222e9c
2016-09-11 21:18 . 2016-09-11 21:18 -------- d-----w- c:\users\Patrik\AppData\Local\Disc_Soft_Ltd
2016-09-11 21:17 . 2016-09-11 21:17 40504 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-09-11 21:17 . 2016-09-11 21:17 26168 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-09-11 21:17 . 2016-09-11 21:19 -------- d-----w- c:\users\Patrik\AppData\Roaming\DAEMON Tools Lite
2016-09-11 21:16 . 2016-09-11 21:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2016-09-11 21:16 . 2016-09-11 21:16 -------- d-----w- c:\programdata\DAEMON Tools Lite
2016-09-11 20:42 . 2016-09-11 20:42 -------- d-----w- c:\users\Patrik\AppData\Roaming\Samsung
2016-09-11 20:26 . 2016-09-11 20:26 -------- d-----w- C:\c6859910e28c487980726fd58e55c6
2016-09-11 19:52 . 2016-09-11 19:59 -------- d-----w- C:\AVG_Remover
2016-09-11 16:02 . 2016-09-11 16:02 -------- d-----w- c:\programdata\WindowsSearch
2016-09-09 11:30 . 2016-09-09 11:12 24064 ----a-w- c:\windows\zoek-delete.exe
2016-09-08 20:05 . 2016-09-08 20:05 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-08 20:05 . 2016-09-08 20:05 -------- d-----w- c:\programdata\RogueKiller
2016-09-08 18:06 . 2016-09-21 12:26 -------- d-----w- c:\users\Patrik\AppData\Roaming\GameLauncher
2016-09-08 17:34 . 2016-09-21 12:01 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-08 17:33 . 2016-09-08 17:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-08 17:33 . 2016-09-08 17:33 -------- d-----w- c:\programdata\Malwarebytes
2016-09-08 17:33 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-08 17:33 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-08 17:33 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-08 15:24 . 2016-09-08 15:24 -------- d-----w- c:\windows\system32\x64
2016-09-07 14:30 . 2016-09-07 14:30 -------- d-----w- c:\windows\Sun
2016-09-07 11:55 . 2016-05-18 12:49 144664 ----a-w- c:\windows\system32\secman.dll
2016-09-07 11:55 . 2016-05-18 12:49 4659712 ----a-w- c:\windows\system32\Redemption.dll
2016-09-07 11:54 . 2016-05-18 12:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2016-09-07 11:54 . 2016-05-18 12:49 821824 ----a-w- c:\windows\system32\dgderapi.dll
2016-09-07 11:51 . 2016-09-07 11:56 -------- d-----w- c:\programdata\Samsung
2016-09-07 11:49 . 2016-09-07 11:49 -------- d-----w- c:\users\Patrik\AppData\Local\Downloaded Installations
2016-09-07 11:37 . 2016-09-07 11:37 -------- d-----w- c:\program files\Common Files\Java
2016-09-07 11:37 . 2016-09-07 11:37 -------- d-----w- c:\users\Patrik\.oracle_jre_usage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-07 11:35 . 2014-11-19 15:14 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-11 21:31 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-03 3281600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-12 9107616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\5x5zllr9.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-09-21 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\Patrik\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2016-09-21 20:57:00
ComboFix-quarantined-files.txt 2016-09-21 18:56
.
Před spuštěním: Volných bajtů: 146 855 936 000
Po spuštění: Volných bajtů: 146 856 939 520
.
- - End Of File - - 5812A91DDC9119BFDEC163CD971D2859
A36C5E4F47E84449FF07ED3517B43A31
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\programdata\McAfee Security Scan
c:\program files\McAfee Security Scan
Označené složky smaž.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT + informuj o problémech
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\programdata\McAfee Security Scan
c:\program files\McAfee Security Scan
Označené složky smaž.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-22 09:26:24
-----------------------------
09:26:24.430 OS Version: Windows 6.0.6002 Service Pack 2
09:26:24.430 Number of processors: 2 586 0x170A
09:26:24.430 ComputerName: ELRODOS-PC UserName: Patrik
09:26:25.881 Initialize success
09:26:25.912 VM: initialized successfully
09:26:25.912 VM: Intel CPU virtualization not supported
09:26:33.977 AVAST engine defs: 16092200
09:26:44.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:26:44.554 Disk 0 Vendor: WDC_WD2500BEVT-22ZCT0 11.01A11 Size: 238475MB BusType: 3
09:26:45.178 Disk 0 MBR read successfully
09:26:45.178 Disk 0 MBR scan
09:26:45.178 Disk 0 Windows 7 default MBR code
09:26:46.192 Disk 0 PE file @ sector 488393368/488397168
09:26:46.239 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
09:26:46.254 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228229 MB offset 20981760
09:26:46.270 Disk 0 scanning sectors +488395120
09:26:46.551 Disk 0 scanning C:\Windows\system32\drivers
09:27:05.598 Service scanning
09:28:00.791 Modules scanning
09:28:00.791 Disk 0 trace - called modules:
09:28:00.822 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:28:00.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bbcac8]
09:28:00.838 3 CLASSPNP.SYS[8a59f8b3] -> nt!IofCallDriver -> [0x854c7340]
09:28:00.854 5 acpi.sys[806a36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x854b8b98]
09:28:02.180 AVAST engine scan C:\Windows
09:28:07.218 AVAST engine scan C:\Windows\system32
09:31:20.424 AVAST engine scan C:\Windows\system32\drivers
09:31:45.587 AVAST engine scan C:\Users\Patrik
09:34:49.527 AVAST engine scan C:\ProgramData
09:37:40.050 Disk 0 statistics 2376020/0/0 @ 2,39 MB/s
09:37:40.066 Scan finished successfully
09:37:52.062 Disk 0 MBR has been saved successfully to "C:\Users\Patrik\Desktop\MBR.dat"
09:37:52.062 The log file has been saved successfully to "C:\Users\Patrik\Desktop\aswMBR.txt"
Run date: 2016-09-22 09:26:24
-----------------------------
09:26:24.430 OS Version: Windows 6.0.6002 Service Pack 2
09:26:24.430 Number of processors: 2 586 0x170A
09:26:24.430 ComputerName: ELRODOS-PC UserName: Patrik
09:26:25.881 Initialize success
09:26:25.912 VM: initialized successfully
09:26:25.912 VM: Intel CPU virtualization not supported
09:26:33.977 AVAST engine defs: 16092200
09:26:44.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:26:44.554 Disk 0 Vendor: WDC_WD2500BEVT-22ZCT0 11.01A11 Size: 238475MB BusType: 3
09:26:45.178 Disk 0 MBR read successfully
09:26:45.178 Disk 0 MBR scan
09:26:45.178 Disk 0 Windows 7 default MBR code
09:26:46.192 Disk 0 PE file @ sector 488393368/488397168
09:26:46.239 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
09:26:46.254 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228229 MB offset 20981760
09:26:46.270 Disk 0 scanning sectors +488395120
09:26:46.551 Disk 0 scanning C:\Windows\system32\drivers
09:27:05.598 Service scanning
09:28:00.791 Modules scanning
09:28:00.791 Disk 0 trace - called modules:
09:28:00.822 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:28:00.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bbcac8]
09:28:00.838 3 CLASSPNP.SYS[8a59f8b3] -> nt!IofCallDriver -> [0x854c7340]
09:28:00.854 5 acpi.sys[806a36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x854b8b98]
09:28:02.180 AVAST engine scan C:\Windows
09:28:07.218 AVAST engine scan C:\Windows\system32
09:31:20.424 AVAST engine scan C:\Windows\system32\drivers
09:31:45.587 AVAST engine scan C:\Users\Patrik
09:34:49.527 AVAST engine scan C:\ProgramData
09:37:40.050 Disk 0 statistics 2376020/0/0 @ 2,39 MB/s
09:37:40.066 Scan finished successfully
09:37:52.062 Disk 0 MBR has been saved successfully to "C:\Users\Patrik\Desktop\MBR.dat"
09:37:52.062 The log file has been saved successfully to "C:\Users\Patrik\Desktop\aswMBR.txt"
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:34, on 22.9.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16633)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Patrik\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Patrik\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 213&m=e725
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4838 bytes
Scan saved at 9:39:34, on 22.9.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16633)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Patrik\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Patrik\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 213&m=e725
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4838 bytes
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
Hlavní problém přetrvává "svchost.exe" stále žere polovinu CPU
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
a co máš u něj spuštěné za programy , musí být přítomen u každého spuštěného programu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Návod
Kód: Vybrat vše
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"svchost.exe" stále žere polovinu CPU
a co máš u něj spuštěné za programy , musí být přítomen u každého spuštěného programu.
Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html
Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, svchost.exe (netsvcs) využívá cca 50% CPU
a co máš u něj spuštěné za programy , musí být přítomen u každého spuštěného programu.
Omlouvám se, ale nějak nerozumím otázce.
Jak to zjistím ?
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 123 hostů