kontrola HiJackthis Vyřešeno

[sanko33]

MOhu se zeptat co se tím opraví a na co se používá nouzový režim a při čem se dá použít nouzový režim ? Díky za odpověd

[Reklama]

[jaro3]

Opraví se registry , a smažou se nákazy a zbytečnosti.
Ti nejde nouz. režim nebo co?

Zkus to ještě jednou.

[sanko33]

Vždyt jsem tam dával už ten log...dělal jsem to přes ten nouzovej režim jsem to spustil. Pak se mi restartoval Pc a měl jsem ve složce C:\_OTL\MovedFiles



All processes killed
Error: Unable to interpret <:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{61A49B2E-2EE1-406F-9881-E51CFE488E27}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a70> in the current context!
Error: Unable to interpret <20515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=b6 ... f808f2f&q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{61A49B2E-2EE1-406F-9881-E51CFE488E27}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\Se> in the current context!
Error: Unable to interpret <archScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120119120813669&tb_oid=19-01-2012&tb_mrud=19-01-2012
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0D9237F9-7FF6-41D3-8E4C-A74680003300}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=5N&apn_dtid=YYYYYYYYCZ&apn_uid=43BC7C12-04F4-4070-B40C-69A046C9ABFB&apn_sauid=8E110570-7CF6-4718-A567-585207C75F36&
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=b6 ... f808f2f&q={searchTerms}
IE > in the current context!
Error: Unable to interpret <- HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1}: "URL" = http://www.zbozi.cz/?q={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a}: "URL" = http://www.mapy.cz/?query={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{61A49B2E-2EE1-406F-9881-E51CFE488E27}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKCU\..\SearchScopes\{AEDCD4CF-B74C-4C4F-ABF3-2B8E68E9F497}: "U> in the current context!
Error: Unable to interpret <RL" = http://search.babylon.com/?q={searchTerms}&AF=100888&babsrc=SP_ss&mntrId=14b3e3270000000000004c8093213622
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKCU\..\SearchScopes\{C48355A8-996B-4914-914E-B48AC182318E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{DB14F673-327A-46EC-8E96-3B2F4BB8FB94}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.seznam.cz/?q={searchTerms}&sourceid=quicksearch_6826
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - > in the current context!
Error: Unable to interpret <HKCU\..\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d}: "URL" = http://www.firmy.cz/phr/{searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120119120813669&tb_oid=19-01-2012&tb_mrud=19-01-2012
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Web Search"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012.02.01 19:33:25 | 000> in the current context!
Error: Unable to interpret <,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
[2012.04.02 07:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\suv3h9n0.default\extensions
[2012.03.03 09:13:59 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\suv3h9n0.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.04.02 07:03:46 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\suv3h9n0.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2011.08.23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\suv3h9n0.default\searchplugins\askcom.xml
[2012.04.02 06:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.04.02 06:53:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensi> in the current context!
Error: Unable to interpret <ons\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2012.01.28 12:32:28 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2012.02.03 18:30:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res:/> in the current context!
Error: Unable to interpret </C:\Windows\system32\GPhotos.scr/200 File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012.04.14 14:55:38 | 000,631,736 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.04.14 14:55:38 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.14 14:55:38 | 000,122,100 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.04.14 14:55:38 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOW> in the current context!
Error: Unable to interpret <S\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\ProgramData\McAfee
C:\Users\Simon\AppData\Local\{DF9C8D7C-A7AB-422A-A453-5BAEB1E4EE6B}
C:\Users\Simon\AppData\Local\{2362F3F7-E455-42EE-9EF3-143B7EF95A6C}
C:\Users\Simon\AppData\Local\{80D75467-623C-445B-8CEB-A873156DFF73}
C:\Users\Simon\AppData\Local\{6710481E-2889-4A23-9830-ABC46EC4DDB1}
C:\Users\Simon\AppData\Local\{A14619DF-695D-4EC2-BC9A-F4DFBA9CE6A4}
C:\Users\Simon\AppData\Local\{55A40562-A50D-4CA1-9962-C121D35C36E8}
C:\Users\Simon\AppData\Local\{78F10A9A-4A6D-46B8-809B-3CE85CC0499D}
C:\Users\Simon\AppData\Local\{6A25CDD9-F729-4867-8666-0CA3EBCCA0C5}
C:\Users\Simon\AppData\Local\{773FC04A-ADBA-4FDA-AAF5-7E6A1DE80BAA}
C:\Users\Simon\AppData\Local\{F4A6853F-F4BC-413E-A091-892734BB2487}
C:\Users\Simon\AppData\Loca> in the current context!
Error: Unable to interpret <l\{0FF13EB9-DE73-4AA7-9F25-266463E463D9}
C:\Users\Simon\AppData\Local\{99BF6F9C-78F6-41D3-B2E3-D67BB923BA54}
C:\Users\Simon\AppData\Local\{A86D4E5D-724B-41F6-811E-E072F7C43888}
C:\Users\Simon\AppData\Local\{9351A3D6-9222-4573-829A-10613C380D89}
C:\Users\Simon\AppData\Local\{028FE97B-7425-4728-A50A-49E6F39DD3DE}
C:\Windows\SysWow64\ezsidmv.dat
C:\Users\Simon\AppData\Roaming\Babylon
C:\Users\Simon\AppData\Roaming\ESET
C:\Users\Simon\AppData\Roaming\Yandex
ipconfig /flushdns /c

:Reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot] > in the current context!

OTL by OldTimer - Version 3.2.39.2 log created on 05142012_195525

[jaro3]

To není ono , to je script co jsem Ti dával já , nic se neprovedlo....

Přečti si ještě jednou návod , jak to provést.
Script je třeba vložit do okénka úplně vlevo nahoře.