Prosim o preventivku, diky :)

[puko]

jenom jeste ted nejsem v Safe Mode, doufam, ze to neva

ted je to presne 10min, co se to kouslo

[vyosek]

OTL zavrete

Provedte znovu opravu ale pouzijte tento skript

Kód: Vybrat vše

:otl
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://czisa:8080/array.dll?Get.Routing.Script
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\restrictions present
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms] https in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] http in Local intranet)
O15 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\..Trusted Domains: wistron.com ([rms-wks] https in Local intranet)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qcom - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\Shell - "" = AutoRun
O37 - HKU\S-1-5-21-2101901736-4293257412-910807609-5442\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[2 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[1 C:\windows\wlansvc\Policies\*.tmp files -> C:\windows\wlansvc\Policies\*.tmp -> ]
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]

[puko]

Pocitac se mi restartoval, pri zapnuti ale vyskocilo bezpecnostni varovani:

Open File - Security Warning
The publisher could not be verified. Are you sure you want to run this software?

Nazev programu byl: Cesta\Desktop\OTL.exe, tak jsem dal run

Plocha najizdela celkem pomalu, kdyz jsem zmacknul na windowsacke tlacitko START, tak vyskocilo i ze Windows explorer is not responding.

Ale pak to najelo a otevrel se textovy soubor s logem:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\New Windows\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wistron.com\rms\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wistron.com\rms\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wistron.com\rms-wks\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wistron.com\rms-wks\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qcom\ not found.
File Protocol\Handler\qcom - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99e00a38-c7cb-11e0-b2bd-984be1ed0f2b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2101901736-4293257412-910807609-5442_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File/Folder C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp not found.
File/Folder C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp not found.
File/Folder C:\windows\Installer\*.tmp not found.
File/Folder C:\windows\Temp\*.tmp not found.
File/Folder C:\windows\wlansvc\Policies\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 50051 bytes
->Temporary Internet Files folder emptied: 39000 bytes

User: All Users

User: c1107048
->Temp folder emptied: 50201 bytes
->Temporary Internet Files folder emptied: 38106 bytes

User: c1107048.WCZ
->Temp folder emptied: 545126 bytes
->Temporary Internet Files folder emptied: 4225075 bytes
->FireFox cache emptied: 37917285 bytes
->Flash cache emptied: 10553 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6337170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 108250 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: c1107048

User: c1107048.WCZ
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11152011_101339

Files\Folders moved on Reboot...
C:\Users\c1107048.WCZ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\c1107048.WCZ\AppData\Local\Temp\~DF19A5BFCD60B98E09.TMP not found!
C:\Users\c1107048.WCZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJFNMRQR\afr[1].htm moved successfully.
C:\Users\c1107048.WCZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VJFNMRQR\viewtopic[1].htm moved successfully.
C:\Users\c1107048.WCZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\c1107048.WCZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[vyosek]

Hlaseni bylo OK, bylo to "varovani" o spusteni OTL

Plocha najizdela pomaleji jelikoz OTL vykonaval jeste nejake funkce

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

• Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
  • Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
  • prepnete se do zalozky Nastroje
  • Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
  • Toto provedte se vsemi disky
• Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
  • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
  • Kliknete na Analyzovat
  • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
  • Postup provedte se vsemi disky
• Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
  • Vyhodou programku je, ze se neinstaluje
  • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
  • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
  • Probehne analyza disku a nasledne i defragmentace

Napiste co PC

[puko]

Pekny den preji

Udelal jsem vsechno podle Vaseho navodu. Pak byla na PC segra a rikala, ze kratce po zapnuti ji naskocila modra obrazovka, windows radeji ukoncil cinnost pocitace z bezpecnostnich duvodu, pak se obnovil a od te doby se zda byt vsechno OK.

Ja jsem si vsimnul, ze pri vypinani, jak se v sedmickach ukaze jeste ta tabulka se spustenymi programi a jestli si prejeme ukoncit, tak ta tabulka mi se mi zobrazila, ale byla prazdna, coz se mi zda trosku podezrele

Provedl jsem skenovani pocitace antivirem a naslo mi to jednu infekci v Cookies typu Spyware,Ad, umisteni hit.gemius.pl a zavaznost nizka.
Tak jsem pomoci CCleaner odinstaloval Mozilla Firefox.

Myslite, ze tam muze byt havet?

Vazim si Vasi pomoci

[vyosek]

Cookies jsou neskodne, stacilo PC vycistit CCleanerem

Tabulka pri vypinani se zobrazuje stale

[puko]

ted bezprostredne po vycisteni CCleanerem, uz se pri vypinani ani pri restartu prazdna tabulka nezobrazuje
uvidime, jak to bude vecer, kdyz budu vypinat pocitac

zatim dekuju za rady a za ochotu

[vyosek]

Ok, pripadne napiste a jeste neco zkusime