iexplore v procesech ale není nic vidět

[vipernj]

ComboFix 14-10-29.01 - wwwwww 02.11.2014 17:49:07.3.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.8191.6559 [GMT 1:00]
Spuštěný z: c:\users\wwwwww\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-02 do 2014-11-02 )))))))))))))))))))))))))))))))
.
.
2014-11-02 17:02 . 2014-11-02 17:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-11-02 16:35 . 2014-11-02 16:35 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-02 10:24 . 2014-11-02 10:25 -------- d-----w- c:\program files\Windows7FirewallControl
2014-11-02 09:10 . 2014-11-02 16:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-02 09:10 . 2014-11-02 09:10 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-02 09:09 . 2014-11-02 09:09 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-02 08:47 . 2014-11-02 08:47 -------- d-----w- c:\programdata\CheckPoint
2014-11-02 08:33 . 2014-11-02 08:35 -------- d-----w- c:\users\wwwwww\AppData\Local\Google
2014-11-02 08:33 . 2014-11-02 08:34 -------- d-----w- c:\program files (x86)\Google
2014-11-01 11:00 . 2014-11-01 11:00 -------- d-----w- c:\program files\CCleaner
2014-10-31 17:01 . 2014-10-31 17:02 -------- d-----w- C:\PMSC zaloha
2014-10-31 16:44 . 2014-10-31 16:44 -------- d-----w- c:\users\wwwwww\AppData\Local\GHISLER
2014-10-31 16:44 . 2014-10-31 17:15 -------- d-----w- C:\Created 2014-10-12 1945
2014-10-31 16:35 . 2014-10-31 16:38 -------- d-----w- c:\users\wwwwww\AppData\Roaming\GHISLER
2014-10-31 16:35 . 2014-10-31 16:36 -------- d-----w- C:\totalcmd
2014-10-31 16:16 . 2014-10-31 16:16 -------- d-----w- c:\users\wwwwww\AppData\Local\MidSpace
2014-10-31 16:07 . 2014-10-31 16:07 -------- d-----w- c:\program files (x86)\MidSpace
2014-10-27 21:03 . 2014-10-27 21:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-27 21:02 . 2014-10-27 21:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-27 21:01 . 2014-10-27 21:01 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-10-27 21:01 . 2014-10-27 21:00 319912 ----a-w- c:\windows\system32\javaws.exe
2014-10-27 21:01 . 2014-10-27 21:00 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-27 21:01 . 2014-10-27 21:00 189352 ----a-w- c:\windows\system32\javaw.exe
2014-10-27 21:01 . 2014-10-27 21:00 189352 ----a-w- c:\windows\system32\java.exe
2014-10-27 20:51 . 2014-10-27 20:51 -------- d-----w- c:\users\wwwwww\AppData\Roaming\AVAST Software
2014-10-27 20:47 . 2014-10-27 20:47 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-27 20:47 . 2014-10-27 20:47 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-10-27 20:47 . 2014-10-27 20:47 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-27 20:47 . 2014-10-31 20:48 83280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-27 20:47 . 2014-10-27 20:47 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-27 20:47 . 2014-10-27 20:47 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-27 20:47 . 2014-10-27 20:47 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-27 20:47 . 2014-10-31 20:48 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-10-27 20:47 . 2014-10-27 20:47 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-27 20:47 . 2014-10-27 20:47 43152 ----a-w- c:\windows\avastSS.scr
2014-10-27 20:44 . 2014-10-27 20:44 -------- d-----w- c:\program files\AVAST Software
2014-10-27 20:44 . 2014-10-27 20:44 -------- d-----w- c:\programdata\AVAST Software
2014-10-05 18:40 . 2014-11-01 19:19 -------- d-----w- C:\FRST
2014-10-05 11:48 . 2014-10-05 11:48 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-10-04 19:25 . 2014-10-04 19:25 -------- d-----w- c:\program files\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 22:19 . 2014-09-10 22:19 17903792 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2010-01-26 09:11 . 2014-06-23 19:09 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-02-22 3019376]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
.
c:\users\wwwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - d:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-6-11 390256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R4 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R4 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
R4 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP 6\HideMyIpSRV.exe;c:\program files (x86)\Hide My IP 6\HideMyIpSRV.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
R4 wxpSvc;webcamXP Service;c:\program files (x86)\wLite\wService.exe;c:\program files (x86)\wLite\wService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 84949275
*Deregistered* - 84949275
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-02 08:34 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02 08:33]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02 08:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-27 20:47 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\wwwwww\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-15 1496064]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
SafeBoot-77788548.sys
SafeBoot-84949275.sys
AddRemove-InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} - c:\program files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe
AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe
AddRemove-{92606477-9366-4D3B-8AE3-6BE4B29727AB} - c:\program files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wxpSvc]
"ImagePath"="c:\program files (x86)\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2014-11-02 18:06:22
ComboFix-quarantined-files.txt 2014-11-02 17:06
ComboFix2.txt 2014-10-05 17:45
.
Před spuštěním: Volných bajtů: 15 144 390 656
Po spuštění: Volných bajtů: 14 959 271 936
.
- - End Of File - - 3D6D4EE4D0C129D9F33F89BB3B1C7791
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Odinstalujtevse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Tohle Windows7FirewallControl mate nainstalovano umyslne?

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  HideMyIpSRV
  WinRing0_1_2_0
  NAUpdate
  PanService
  
  Folder::
  c:\program files (x86)\IObit
  c:\program files (x86)\Hide My IP 6
  c:\program files (x86)\PANDORA.TV
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[vipernj]

Ano Windows7FirewallControl jsem mel nainstalovan umyslne ale jiz jsem ho i odstranil.

[vyosek]

Tak aplikujte ten skript pro ComboFix

[vipernj]

Tak chtěl jsem aplikovat skript ale vypadla na mě hláška ... btw problém už nepřetrvává

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :services
  HideMyIpSRV
  WinRing0_1_2_0
  NAUpdate
  PanService
  
  :files
  c:\program files (x86)\IObit
  c:\program files (x86)\Hide My IP 6
  c:\program files (x86)\PANDORA.TV
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[vipernj]

All processes killed
========== SERVICES/DRIVERS ==========
Service HideMyIpSRV stopped successfully!
Service HideMyIpSRV deleted successfully!
Service WinRing0_1_2_0 stopped successfully!
Service WinRing0_1_2_0 deleted successfully!
Service NAUpdate stopped successfully!
Service NAUpdate deleted successfully!
Service PanService stopped successfully!
Service PanService deleted successfully!
========== FILES ==========
c:\program files (x86)\IObit\Game Booster 3\Update folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Tweak folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Scroll folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Performance folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\News folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Defrag folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\button folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Border folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default\Boost folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin\Default folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Skin folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\LatestNews folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\LatestGames folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Language folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\Driver folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3\DB folder moved successfully.
c:\program files (x86)\IObit\Game Booster 3 folder moved successfully.
c:\program files (x86)\IObit folder moved successfully.
c:\program files (x86)\Hide My IP 6\flags folder moved successfully.
c:\program files (x86)\Hide My IP 6 folder moved successfully.
c:\program files (x86)\PANDORA.TV\PanService folder moved successfully.
c:\program files (x86)\PANDORA.TV folder moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: wwwwww
->Temp folder emptied: 15412940 bytes
->Temporary Internet Files folder emptied: 164430324 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 255363501 bytes
->Flash cache emptied: 507 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290520 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 1170 bytes

Total Files Cleaned = 415,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: fbwuser
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: wwwwww
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: fbwuser

User: Public

User: UpdatusUser

User: wwwwww
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302014_220905

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Jak se chova PC???

[vipernj]

Zatím dobrý,
takže Děkuji moc.

Nějaké shrnutí co s tím vlastně bylo?

[vyosek]

Bylo tam hodne reklamniho SW a pak nejaky ten trojsky konicek

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A melo by to byt vse