Stránka 1 z 1
Prosím o kontrolu logu
Napsal: 05 úno 2017 22:39
od Buchtanen
Problém s PC Win7.
Pomalý start, přihlásit se může je uživatel s Admin právy.
Ostatní při pokusu o přihlášení dostanou hlášku o neúspěšném spojení se Službou oznamování událostí Windows. Přihlášení selže. Pokus o winsock reset nepomohl.
Ve správci událostí jsou systémová zařízení která mají vykřičník. Hlásí kód 3, málo prostředků nebo poškozený ovladač. Paměti je dost, místa na disku také. Ovladače přeinstalovány bez úspěchu.
ADW Cleaner nic nenašel, Malwarebytes Anti Malware take ne...
Děkuji.
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 18:01
od Rudy
Zdravím!
Jak je na tom váš oper. systém s legalitou?
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 18:58
od Buchtanen
legalni...
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 19:41
od Rudy
OK. Udělejte tento sken:
Stáhněte a spusťte OTL:
http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 21:51
od Buchtanen
logy v příloze..
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 22:19
od Rudy
Spusťte znovu OTL jako správce.
Do spodniho okna vlozte nasledujici text:
:OTL
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{27e5817b-9a23-11e0-887d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27e5817b-9a23-11e0-887d-806e6f6e6963}\Shell\AutoRun\command - "" = K:\SETUP.EXE
O33 - MountPoints2\{6ff14628-9a21-11e0-914a-0002720c8c13}\Shell - "" = AutoRun
O33 - MountPoints2\{6ff14628-9a21-11e0-914a-0002720c8c13}\Shell\AutoRun\command - "" = L:\dvdcheck.exe
O33 - MountPoints2\{83113dd8-2f8e-11e1-9392-0002720c8c13}\Shell - "" = AutoRun
O33 - MountPoints2\{83113dd8-2f8e-11e1-9392-0002720c8c13}\Shell\AutoRun\command - "" = O:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\{ee5165f6-dacd-11e1-a057-0002720c8c13}\Shell - "" = AutoRun
O33 - MountPoints2\{ee5165f6-dacd-11e1-a057-0002720c8c13}\Shell\AutoRun\command - "" = O:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.
Re: Prosím o kontrolu logu
Napsal: 06 úno 2017 22:49
od Buchtanen
Hotovo...
Po přihlášení stále problém s připojením ke Službě oznamování událostí systému..
Ještě jsem zapomněl popsat jedno chování, ale to asi souvisí s čekáním na připojení k té službě..
Po natažení GUI systému před zobrazením přihlašovací obrazovky dlouho cca 1-2min je vidět pozadí logon screenu a hláška Čekejte prosím...
Teprve po té popsané době se zobrazí seznam dostupnejch účtů...
Log je zde:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e5817b-9a23-11e0-887d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27e5817b-9a23-11e0-887d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e5817b-9a23-11e0-887d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27e5817b-9a23-11e0-887d-806e6f6e6963}\ not found.
File K:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ff14628-9a21-11e0-914a-0002720c8c13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ff14628-9a21-11e0-914a-0002720c8c13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ff14628-9a21-11e0-914a-0002720c8c13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ff14628-9a21-11e0-914a-0002720c8c13}\ not found.
File L:\dvdcheck.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83113dd8-2f8e-11e1-9392-0002720c8c13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83113dd8-2f8e-11e1-9392-0002720c8c13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83113dd8-2f8e-11e1-9392-0002720c8c13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83113dd8-2f8e-11e1-9392-0002720c8c13}\ not found.
File O:\ZTE_Handset_USB_Driver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee5165f6-dacd-11e1-a057-0002720c8c13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee5165f6-dacd-11e1-a057-0002720c8c13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee5165f6-dacd-11e1-a057-0002720c8c13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee5165f6-dacd-11e1-a057-0002720c8c13}\ not found.
File O:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083 not found.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bastiena
->Temp folder emptied: 3769952985 bytes
->Temporary Internet Files folder emptied: 499373516 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 387257121 bytes
->Google Chrome cache emptied: 143987984 bytes
->Opera cache emptied: 54111662 bytes
->Flash cache emptied: 1488261 bytes
User: Buchtanen
->Temp folder emptied: 455799363 bytes
->Temporary Internet Files folder emptied: 871523 bytes
->Java cache emptied: 2221461 bytes
->FireFox cache emptied: 36040425 bytes
->Google Chrome cache emptied: 9531241 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 749 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kryštof
->Temp folder emptied: 1008730 bytes
->Temporary Internet Files folder emptied: 2771934 bytes
->FireFox cache emptied: 108625148 bytes
->Google Chrome cache emptied: 91576378 bytes
->Flash cache emptied: 2023 bytes
User: Public
User: Vanouš
->Temp folder emptied: 611374 bytes
->Temporary Internet Files folder emptied: 164460204 bytes
->FireFox cache emptied: 18258271 bytes
->Google Chrome cache emptied: 143869348 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 223840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1918312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 62020299 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5 680,00 mb
[EMPTYFLASH]
User: All Users
User: Bastiena
->Flash cache emptied: 0 bytes
User: Buchtanen
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Kryštof
->Flash cache emptied: 0 bytes
User: Public
User: Vanouš
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02062017_222749
Files\Folders moved on Reboot...
C:\Users\Buchtanen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Buchtanen\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Prosím o kontrolu logu
Napsal: 07 úno 2017 17:31
od Rudy
OK. Udělejte kompletní sken MBAM:
http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Re: Prosím o kontrolu logu
Napsal: 08 úno 2017 07:34
od Buchtanen
Tak hotovo...
Nic to nenaslo.
Re: Prosím o kontrolu logu
Napsal: 08 úno 2017 18:32
od Rudy
OK. Znamená to, že váš PC je zcela čistý. Zkuste obnovu systému k datu, kdy korektně fungoval.
Re: Prosím o kontrolu logu
Napsal: 08 úno 2017 18:35
od Buchtanen
OK.
Děkuji za pomoc...
Re: Prosím o kontrolu logu
Napsal: 08 úno 2017 18:45
od Rudy
Rádo se stalo!
