preventivka

[amater]

nenašlo nič takže to CleanUp neboo potrebne

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.19.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Uzivatel :: UIPSUIP-XYZZ7R5 [administrator]

19. 12. 2012 16:26:42
mbar-log-2012-12-19 (16-26-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29282
Time elapsed: 17 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[vyosek]

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
  IE - HKU\S-1-5-21-1536961144-1120513792-2470062026-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  IE - HKU\S-1-5-21-1536961144-1120513792-2470062026-1006\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provi ... 8d1391d&q={searchTerms}
  IE - HKU\S-1-5-21-1536961144-1120513792-2470062026-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_sk
  FF - prefs.js..browser.search.defaultenginename: "eSnips Search"
  FF - prefs.js..browser.search.order.1: "eSnips Search"
  FF - prefs.js..keyword.URL: "http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q="
  O13 - gopher Prefix: missing
  O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
  O33 - MountPoints2\{40ded1a0-48fe-11e0-b834-00247e7b571d}\Shell - "" = AutoRun
  O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
  [12 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
  [23 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
  [1 C:\windows\twain_32\*.tmp files -> C:\windows\twain_32\*.tmp -> ]
  [2012/12/12 16:59:00 | 000,000,830 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
  [2012/12/12 16:10:53 | 000,000,920 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2012/12/12 16:47:10 | 000,000,924 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  @Alternate Data Stream - 64 bytes -> C:\Users\Uzivatel\Desktop\Kubo 2.mp4:TOC.WMV
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[amater]

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1536961144-1120513792-2470062026-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1536961144-1120513792-2470062026-1006\Software\Microsoft\Internet Explorer\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25477387-2310-45df-933D-E9416D3D0303}\ not found.
Registry key HKEY_USERS\S-1-5-21-1536961144-1120513792-2470062026-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "eSnips Search" removed from browser.search.defaultenginename
Prefs.js: "eSnips Search" removed from browser.search.order.1
Prefs.js: "http://eis.esnips.com/page/search_provi ... 8d1391d&q=" removed from keyword.URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40ded1a0-48fe-11e0-b834-00247e7b571d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40ded1a0-48fe-11e0-b834-00247e7b571d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3255.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A41.tmp\System.Runtime.Remoting.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A41.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4579.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E34.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP85A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP862F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8A36.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8BEA.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD548.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6AF.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE4F1.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE8E7.tmp folder deleted successfully.
C:\windows\Installer\MSI1C15.tmp deleted successfully.
C:\windows\Installer\MSI1E86.tmp deleted successfully.
C:\windows\Installer\MSI2193.tmp deleted successfully.
C:\windows\Installer\MSI3675.tmp deleted successfully.
C:\windows\Installer\MSI3ED9.tmp deleted successfully.
C:\windows\Installer\MSI4565.tmp deleted successfully.
C:\windows\Installer\MSI48B0.tmp deleted successfully.
C:\windows\Installer\MSI4D05.tmp deleted successfully.
C:\windows\Installer\MSI67D2.tmp deleted successfully.
C:\windows\Installer\MSI6D73.tmp deleted successfully.
C:\windows\Installer\MSI7052.tmp deleted successfully.
C:\windows\Installer\MSI7275.tmp deleted successfully.
C:\windows\Installer\MSI74F5.tmp deleted successfully.
C:\windows\Installer\MSI920B.tmp deleted successfully.
C:\windows\Installer\MSI9CC0.tmp deleted successfully.
C:\windows\Installer\MSIA0F5.tmp deleted successfully.
C:\windows\Installer\MSIA328.tmp deleted successfully.
C:\windows\Installer\MSIA503.tmp deleted successfully.
C:\windows\Installer\MSIA54B.tmp deleted successfully.
C:\windows\Installer\MSIB61F.tmp deleted successfully.
C:\windows\Installer\MSIBE12.tmp deleted successfully.
C:\windows\Installer\MSICBA4.tmp deleted successfully.
C:\windows\Installer\MSIF2F8.tmp deleted successfully.
C:\windows\twain_32\hpqgnds2.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\Users\Uzivatel\Desktop\Kubo 2.mp4:TOC.WMV deleted successfully.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: Uzivatel
->Temp folder emptied: 2613859 bytes
->Temporary Internet Files folder emptied: 983442 bytes
->Java cache emptied: 43373 bytes
->FireFox cache emptied: 300210685 bytes
->Flash cache emptied: 1634 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 771456 bytes
RecycleBin emptied: 48573989 bytes

Total Files Cleaned = 337,00 mb


[EMPTYFLASH]

User: Default

User: Public

User: Uzivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Default

User: Public

User: Uzivatel
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202012_122248

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Fajn, jak se chova PC

[amater]

normálne ako vždy to bola predsa preventivka len nerozumiem preco sa stale zmensuje miesto na :C, musim mazat body obnovenia cookies atd, aby som mal aspon 9 GB

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel èistiè

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[amater]

no to s tou pamatou sa to dialo aj pred tym, ale niekto vravel že visty to robia
Ďakujem za venovaný čas

[vyosek]

Visty jsou opravdu hodne nepovedeny system, doporucuji prejit co nejrychleji na W7 ci W8

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat