Nesmazatelný vir, prosím o pomoc

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1887073066-264299805-923918825-1000\...\Run: [Oxmics] => regsvr32.exe
HKU\S-1-5-21-1887073066-264299805-923918825-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1887073066-264299805-923918825-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:3C9302F9
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939

S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-13 136120]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[RodenT]

Vykonáno. Tady je log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by hrabos at 2015-04-11 16:17:10 Run:1
Running from C:\Users\hrabos\Desktop
Loaded Profiles: hrabos (Available profiles: hrabos)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1887073066-264299805-923918825-1000\...\Run: [Oxmics] => regsvr32.exe
HKU\S-1-5-21-1887073066-264299805-923918825-1000\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1887073066-264299805-923918825-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:3C9302F9
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939

S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-13 136120]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1887073066-264299805-923918825-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Oxmics => value deleted successfully.
HKU\S-1-5-21-1887073066-264299805-923918825-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1887073066-264299805-923918825-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\Temp => ":3C9302F9" ADS removed successfully.
C:\ProgramData\Temp => ":A1EDB939" ADS removed successfully.
gupdate => Service deleted successfully.
SkypeUpdate => Service not found.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdatem => Service deleted successfully.
gusvc => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 383.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:20:38 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[RodenT]

Tak vše provedeno. Počítač opravdu šlape jako hodinky, když to srovnám s předchozím stavem. Moc díky! Jen teda okno v Aviře s tím prvotním souborem vyskakuje pořád (viz. příloha). Možná je to blbost, ale občas je to otravné.

[RodenT]

Ikdyž teď se dívám na čas toho vyskakovacího okna a čas ve win a časy nekorespondují. Ale času toho vyskakovacího okna jsem pouze defragmentoval, tak nevím. Ještě asi uvidím..

[RodenT]

Tady jsem dokonce našel nějaký návod, jak to odstranit, ale netuším, jestli je to bezpečné, atd...

http://www.freefixer.com/library/file/I ... ll-145262/

[Márty84]

Vypnete antivir, at nebrani programu v praci.
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
c:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

[RodenT]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hrabos
->Temp folder emptied: 51601238 bytes
->Temporary Internet Files folder emptied: 324624 bytes
->Flash cache emptied: 83 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218952 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hrabos
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
LoadLibrary failed for c:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
c:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 04122015_121633
Tady je log z Moveltu, okno v Aviře už nevyskakuje.


Files moved on Reboot...
C:\Users\hrabos\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\hrabos\AppData\Local\Temp\~DFAEFF27C9184264A1.TMP moved successfully.
C:\Users\hrabos\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\HRABOS-HP-20150412-1054.log moved successfully.
File move failed. C:\Windows\temp\ngp.log scheduled to be moved on reboot.
File C:\Windows\temp\officeclicktorun.exe_c2ruidll(20150412105402BCC).log not found!
File C:\Windows\temp\officeclicktorun.exe_streamserver(20150412105404BCC).log not found!
File move failed. C:\Windows\temp\startvrlservice_log.txt scheduled to be moved on reboot.
C:\Windows\temp\ZLT04cf5.TMP moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Márty84]

Znovu spustte OTM jako spravce a kliknete na napis CleanUp! Program po sobe uklidi.


A pokud vse pobezi jak ma, mame hotovo

[RodenT]

Super, no ještě se mi při najetí win zobrazuje nějaká chyba, viz. příloha.

[Márty84]

Spustte CCleaner, kliknete na Nástroje a na Start. Vyfotte obrazovku a obrazek sem dejte.

[RodenT]

Ok, tady je screen ze ccleaneru.

[Márty84]

Kliknete hned na ten prvni radek (ASLworks) a vpravo kliknete na zakazat. Restart pc.

Pokud se hlaska opet objevi, neodklikavejte ji, nechte ji na plose a spustte spravce uloh a podivejte se, k cemu ta hlaska patri.

[RodenT]

Tak super, chybu už to nehlásí. Vypadá to, že je to všechno. Laptop je opravdu o hodně svižnější. Díky moc!

[Márty84]

Nemate zac!

Mejte se a treba zase nekdy