Svchost.exe

[valista7]

zdarec nemel uz nahodou nekdo zkusenost se souborem svchost.exe? Nekde jsem toho zebraka chytl a nejde smazat mam ho v systemu 32 ve windows a proste uz si nevim rady jak ho smazat nicim mi to zatim neslo.. ten soubor nebo vir totiz spousti procesor na 100% jedine dkyz zapnu spravce uloh tak mi to klesne na optimum ale kdyz jej vypnu tak se to opet rozjede.. Pls pomocte kdo vi

[JaRon]

ahoj,
svchost je systemovy subor - je dobre, ze sa Ti nepodarilo ho zmazat
prescanuj PC s MBAM - v nudzovom rezime PC

[valista7]

nj ale diky nemu mi jede procesor porad na 100% nebo to muze byt jinym virem? vsim jsem to prijel ani esset 6 a ani advance system care a pod nic nenasel uz si fakt nevim rady cim to je ze mi jede procak porad na 100% jedine zapnu spravce tak ne

[JaRon]

pouzi navod kolegu z 15:47 http://forum.viry.cz/viewtopic.php?f=13 ... l#p1193918

[valista7]

udelal jsem to dle toho navodu a toto mi na konec vyjelo.. Ale stale mi to dela
ComboFix 13-02-13.02 - Karlos 14.02.2013 15:38:34.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8174.6364 [GMT 1:00]
Spuštěný z: c:\users\Karlos\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\windows\SysWow64\update\diablo121016.cl
c:\windows\SysWow64\update\diakgcn121016.cl
c:\windows\SysWow64\update\igfxupdate.exe
c:\windows\SysWow64\update\libcurl-4.dll
c:\windows\SysWow64\update\libeay32.dll
c:\windows\SysWow64\update\libidn-11.dll
c:\windows\SysWow64\update\libusb-1.0.dll
c:\windows\SysWow64\update\phatk121016.cl
c:\windows\SysWow64\update\poclbm121016.cl
c:\windows\SysWow64\update\poclbm121016GeForce GTS 450gv1w256l4.bin
c:\windows\SysWow64\update\pthreadGC2.dll
c:\windows\SysWow64\update\scrypt121016.cl
c:\windows\SysWow64\update\ssleay32.dll
c:\windows\SysWow64\update\zlib1.dll
c:\windows\SysWow64\update . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-14 do 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-13 20:18 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:18 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:42 . 2013-02-13 18:42 -------- d-----w- c:\users\Karlos\AppData\Roaming\Malwarebytes
2013-02-13 18:42 . 2013-02-13 18:42 -------- d-----w- c:\programdata\Malwarebytes
2013-02-13 18:42 . 2013-02-13 18:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-13 18:42 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-13 16:20 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 16:20 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 16:20 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 16:20 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 16:20 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 16:20 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 16:20 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 16:20 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 16:20 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 16:20 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 16:20 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 16:20 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 22:30 . 2013-02-12 22:30 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-02-12 22:14 . 2013-02-12 22:15 -------- d-----w- c:\program files (x86)\Cacheman
2013-02-12 21:42 . 2013-02-12 21:42 -------- d-----w- c:\users\Karlos\AppData\Roaming\SUPERAntiSpyware.com
2013-02-12 21:33 . 2013-02-12 21:41 -------- d-----w- c:\programdata\SecTaskMan
2013-02-12 21:17 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2457B1DB-6DF7-4CF4-A707-8904EDB0F4F2}\mpengine.dll
2013-02-12 20:37 . 2013-02-12 20:42 -------- d-----w- C:\Creo Folder
2013-02-12 20:34 . 2013-02-12 20:34 -------- d-----w- c:\program files (x86)\Common Files\PTC
2013-02-12 20:32 . 2013-02-12 20:32 -------- d-----w- c:\users\Karlos\AppData\Roaming\NVIDIA
2013-02-12 20:32 . 2013-02-12 20:34 -------- d-----w- c:\users\Karlos\AppData\Roaming\PTC
2013-02-12 18:55 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-02-12 18:55 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-02-12 18:45 . 2013-02-12 18:45 -------- d-----w- c:\program files (x86)\PTC
2013-02-12 18:45 . 2013-02-12 18:48 -------- d-----w- c:\program files\PTC
2013-02-12 18:45 . 2013-02-12 18:45 -------- d-----w- c:\programdata\PTC
2013-02-12 18:38 . 2013-02-12 18:53 -------- d-----w- c:\users\Karlos\AppData\Roaming\pim
2013-02-12 18:34 . 2013-02-12 20:33 -------- d-----w- c:\users\Karlos\AppData\Local\PTC
2013-02-11 20:10 . 2013-02-14 14:47 -------- d-----w- c:\users\Karlos\AppData\Local\Temp
2013-02-11 19:57 . 2013-02-11 19:57 -------- d-----w- c:\users\Karlos\AppData\Roaming\DriverCure
2013-02-11 19:57 . 2013-02-11 19:57 -------- d-----w- c:\users\Karlos\AppData\Roaming\ParetoLogic
2013-02-11 19:56 . 2013-02-12 22:39 -------- d-----w- c:\programdata\ParetoLogic
2013-02-11 17:01 . 2013-02-11 17:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-11 17:01 . 2013-02-11 17:01 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-11 17:01 . 2013-02-11 17:01 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-11 17:01 . 2013-02-11 17:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-11 17:01 . 2013-02-11 17:01 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-11 17:01 . 2013-02-11 17:01 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-11 17:01 . 2013-02-11 17:01 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-11 17:00 . 2013-02-11 17:00 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-02-11 17:00 . 2013-02-11 17:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-02-11 17:00 . 2012-10-12 18:09 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-02-11 16:50 . 2013-02-11 16:50 -------- d-----w- c:\users\Karlos\AppData\Roaming\Apple Computer
2013-02-11 16:48 . 2013-02-12 18:37 -------- d-----w- c:\programdata\IObit
2013-02-11 16:48 . 2013-02-12 18:55 -------- d-----w- c:\users\Karlos\AppData\Roaming\IObit
2013-02-11 16:48 . 2013-02-12 18:55 -------- d-----w- c:\program files (x86)\IObit
2013-02-10 12:27 . 2013-02-08 12:27 269824 ----a-w- c:\windows\SysWow64\igfxupdate.exe
2013-02-08 12:27 . 2013-02-14 14:46 -------- d-----w- c:\windows\SysWow64\update
2013-02-08 12:27 . 2013-02-08 12:27 410112 ----a-w- c:\windows\system32\taskhost.rs
2013-02-08 12:27 . 2013-02-08 12:27 307712 ----a-w- c:\windows\system32\SearchIndexer.dll
2013-02-08 12:27 . 2013-02-08 12:27 269824 ----a-w- c:\windows\system32\SearchEngine.rs
2013-02-08 12:12 . 2013-02-08 12:12 -------- d-----w- c:\users\Karlos\AppData\Local\Activision
2013-02-08 04:22 . 2013-02-08 04:23 -------- d-----w- c:\program files (x86)\Intelore
2013-02-03 22:04 . 2013-02-04 11:04 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-02-03 19:56 . 2013-02-11 18:43 -------- d-----w- C:\Hry
2013-02-03 18:42 . 2013-02-03 18:42 -------- d-----w- c:\windows\system32\appmgmt
2013-02-02 18:40 . 2013-02-03 18:42 -------- d-----w- c:\users\Karlos\AppData\Local\Sony
2013-02-02 18:40 . 2013-02-02 18:40 -------- d-----w- c:\windows\SysWow64\spool
2013-02-02 18:35 . 2013-02-02 18:41 -------- d-----w- c:\users\Karlos\AppData\Roaming\Sony
2013-01-31 18:20 . 2013-02-11 18:09 -------- d-----w- c:\users\Karlos\AppData\Local\Diagnostics
2013-01-21 08:22 . 2013-01-21 08:22 -------- d-----w- c:\programdata\CanonIJ
2013-01-21 08:22 . 2013-01-21 08:22 -------- d-----w- c:\users\Karlos\AppData\Roaming\Canon
2013-01-18 01:20 . 2013-01-18 01:20 -------- d-----w- c:\windows\SysWow64\Adobe
2013-01-17 22:34 . 2013-02-12 21:50 -------- d-----w- c:\program files (x86)\Google
2013-01-17 22:34 . 2013-01-17 22:34 -------- d-----w- c:\users\Karlos\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 19:49 . 2013-01-02 17:08 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-11 17:01 . 2013-02-11 17:01 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-11 17:01 . 2013-02-11 17:01 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-11 10:26 . 2013-01-02 14:46 6656 ----a-w- c:\windows\system32\lpcio.dll
2013-02-09 12:38 . 2013-01-02 14:24 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 12:38 . 2013-01-02 14:24 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-23 16:37 . 2013-01-04 07:15 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-23 16:37 . 2013-01-04 07:15 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-17 00:28 . 2013-01-02 14:25 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 17:18 . 2013-01-04 07:15 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-05 10:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-05 10:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-04 07:15 . 2013-01-04 07:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-04 04:43 . 2013-02-13 16:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-02 16:59 . 2013-01-02 16:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-01-02 16:59 . 2013-01-02 16:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-01-02 16:59 . 2013-01-02 16:59 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-01-02 16:59 . 2013-01-02 16:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-02 16:59 . 2013-01-02 16:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-01-02 16:59 . 2013-01-02 16:59 82432 ----a-w- c:\windows\system32\icardie.dll
2013-01-02 16:59 . 2013-01-02 16:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-02 16:59 . 2013-01-02 16:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-01-02 16:59 . 2013-01-02 16:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-02 16:59 . 2013-01-02 16:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-01-02 16:59 . 2013-01-02 16:59 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-01-02 16:59 . 2013-01-02 16:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-01-02 16:59 . 2013-01-02 16:59 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-01-02 16:59 . 2013-01-02 16:59 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-01-02 16:59 . 2013-01-02 16:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-01-02 16:59 . 2013-01-02 16:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-01-02 16:59 . 2013-01-02 16:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-01-02 16:59 . 2013-01-02 16:59 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-01-02 16:59 . 2013-01-02 16:59 448512 ----a-w- c:\windows\system32\html.iec
2013-01-02 16:59 . 2013-01-02 16:59 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-01-02 16:59 . 2013-01-02 16:59 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-01-02 16:59 . 2013-01-02 16:59 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-01-02 16:59 . 2013-01-02 16:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-01-02 16:59 . 2013-01-02 16:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-01-02 16:59 . 2013-01-02 16:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-02 16:59 . 2013-01-02 16:59 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-01-02 16:59 . 2013-01-02 16:59 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-01-02 16:59 . 2013-01-02 16:59 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-02 16:59 . 2013-01-02 16:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-01-02 16:59 . 2013-01-02 16:59 222208 ----a-w- c:\windows\system32\msls31.dll
2013-01-02 16:59 . 2013-01-02 16:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-01-02 16:59 . 2013-01-02 16:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-01-02 16:59 . 2013-01-02 16:59 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-01-02 16:59 . 2013-01-02 16:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-01-02 16:59 . 2013-01-02 16:59 160256 ----a-w- c:\windows\system32\wextract.exe
2013-01-02 16:59 . 2013-01-02 16:59 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-01-02 16:59 . 2013-01-02 16:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-01-02 16:59 . 2013-01-02 16:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-01-02 16:59 . 2013-01-02 16:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-01-02 16:59 . 2013-01-02 16:59 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-01-02 16:59 . 2013-01-02 16:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-01-02 16:59 . 2013-01-02 16:59 12288 ----a-w- c:\windows\system32\mshta.exe
2013-01-02 16:59 . 2013-01-02 16:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-01-02 16:59 . 2013-01-02 16:59 114176 ----a-w- c:\windows\system32\admparse.dll
2013-01-02 16:59 . 2013-01-02 16:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-02 16:59 . 2013-01-02 16:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-01-02 16:59 . 2013-01-02 16:59 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-01-02 16:59 . 2013-01-02 16:59 103936 ----a-w- c:\windows\system32\inseng.dll
2013-01-02 16:59 . 2013-01-02 16:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-01-02 14:33 . 2013-01-02 14:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-29 10:34 . 2013-01-06 16:21 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-29 10:34 . 2013-01-06 16:21 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 16:21 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-06 16:21 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 16:21 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-06 16:21 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 16:21 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-06 16:21 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-06 16:21 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 16:21 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2013-01-06 16:21 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 16:21 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-06 16:21 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2013-01-06 16:21 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-06 16:21 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-06 16:21 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2013-01-02 16:05 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-01-02 16:05 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2013-01-02 16:05 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2013-01-02 16:05 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2013-01-02 16:05 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2010-07-31 14:46 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2010-07-31 14:46 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2010-07-31 14:46 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2010-07-31 14:46 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 08:40 . 2010-07-31 07:52 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2010-07-31 07:52 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2013-01-02 16:05 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2010-07-31 07:52 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2010-07-31 07:52 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 08:40 . 2010-07-31 07:52 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2010-07-31 07:52 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-24 18:00 . 2013-01-10 11:49 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-12-16 17:11 . 2013-01-02 16:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-02 16:51 367616 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-19 1645856]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NuTCSetupEnviron"="c:\progra~1\PTC\MKSTOO~1\bin\ncoeenv.exe" [2009-11-23 37160]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-02-11 19456]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-02-11 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-02 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-02 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 CachemanService;Cacheman Service;c:\program files (x86)\Cacheman\CachemanServ.exe [2012-01-04 236896]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2009-11-10 563424]
S2 SearchIndexer;Search Indexer;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 12:38]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 22:34]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17 22:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 2184520]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-09-07 8151040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Karlos\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Karlos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\nutafun4.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ln87xp40.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: 2013-01-04 06:44; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-09 14:41; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2013-02-11 17:50; ascsurfingprotection@iobit.com; c:\users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ln87xp40.default\extensions\ascsurfingprotection@iobit.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortmapperService]
"ImagePath"="c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Datafocus]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Mortice Kern Systems]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
c:\windows\SysWOW64\igfxupdate.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-02-14 15:50:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-14 14:50
.
Před spuštěním: Volných bajtů: 678 322 163 712
Po spuštění: Volných bajtů: 677 743 001 600
.
- - End Of File - - A19289DA82CC8F6A76BEF7EA843E8CE1

[JaRon]

odinstaluj vsetko od IOBit a vloz log z TDSSKiller

[valista7]

zasilam vysledek tdsskiller

[valista7]

Problém vyřešen po te kontrole. Děkuji ))

[JaRon]

to ma tesi