Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

POMOC so svinstvom... Win32/Adware.ErrorRepairPro

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#31 Příspěvek od Caroprd111 »

Gmer někdy trvá i 4 hodiny. :)
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#32 Příspěvek od martinerik »

A tu zevraj 5 - 10 min... :D
Vyckame konce skenu (coz trva tak kolem peti deseti minut), pote opet klikneme na tlacitko Save a vyexportujeme log cislo 2
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#33 Příspěvek od Caroprd111 »

Záleží na tom, kolik máte v PC souborů. :)
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#34 Příspěvek od martinerik »

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-19 17:44:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Hopino\LOCALS~1\Temp\uwtoipoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF7A50B30]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF7A506F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF7A50470]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF7A50C50]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF7A50990]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF45AA620]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF7A50D60]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F70360, 0x300037, 0xE8000020]
.text wanarp.sys F7A43402 2 Bytes [90, 90] {NOP ; NOP }
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB7BB2000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB7BD5050]
? C:\DOCUME~1\Hopino\LOCALS~1\Temp\mbr.sys Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[900] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3460] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisRegisterProtocol] [F765A8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisOpenAdapter] [F765ABD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisDeregisterProtocol] [F765AB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\rspndr.sys[NDIS.SYS!NdisCloseAdapter] [F765AC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0x77 0x97 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFB 0x77 0x97 0x46 ...

---- EOF - GMER 1.0.15 ----
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#35 Příspěvek od martinerik »

Ono teraz tam nemam na vasu radu daemon tools, utorrent ani spybot... Hadam to nevadi. Ja len preto, kebyze prave tam je nejake svinstvo...
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#36 Příspěvek od Caroprd111 »

Daemon Tools si můžete znovu nainstalovat. Spybot je zastaralý, proto jsem ho doporučil odinstalovat. Jak se chová PC :???:
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#37 Příspěvek od martinerik »

No dakujem pekne... Idem poskusat ci nebude sekat... a co je lepsie ako spybot ??? Inak log je v pohode ? :)
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#38 Příspěvek od Caroprd111 »

Používáte NOD32 a ten již antispyware obsahuje. Pokud byste chtěl antispyware na občasný sken, tak doporučuji Spyware Terminator. Log z MBR a Gmeru jsou čisté. Otestujte chování PP a potom se ozvěte, ještě dočistíme.
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#39 Příspěvek od martinerik »

No je rychlejsi, ale opat zamrzol... asi ho fakt treba docistit :)
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#40 Příspěvek od Caroprd111 »

Obrázek Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
autochk.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
  • Označte položku Pro všechny uživatele.
  • Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
  • Klikněte na tlačítko Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#41 Příspěvek od martinerik »

OTL logfile created on: 19.6.2010 18:18:55 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Hopino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 557,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 8,20 Gb Free Space | 27,99% Space Free | Partition Type: NTFS
Drive D: | 203,58 Gb Total Space | 13,99 Gb Free Space | 6,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARKEDITION
Current User Name: Hopino
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.19 18:14:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hopino\Desktop\OTL.exe
PRC - [2010.06.07 19:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010.04.07 21:35:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.10.07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.05.07 21:05:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009.04.27 21:41:58 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.02.24 14:00:00 | 001,641,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.05 22:09:50 | 002,573,536 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004.09.19 07:27:46 | 000,065,536 | ---- | M] () -- C:\Program Files\LClock\LClock.exe


========== Modules (SafeList) ==========

MOD - [2010.06.19 18:14:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hopino\Desktop\OTL.exe
MOD - [2009.02.24 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004.10.15 13:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.10.07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.10.07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.09.03 06:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.03.05 22:09:50 | 002,573,536 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.17 11:51:28 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.07 10:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.10.07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009.10.07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.05.07 22:05:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/13 08:00:43] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.02.24 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009.02.24 14:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2009.02.24 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2009.02.24 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007.08.28 01:29:00 | 006,811,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.05.30 14:04:00 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006.12.14 10:44:00 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.10.15 13:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004.10.15 13:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004.10.15 13:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004.10.15 13:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004.10.15 13:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.10.15 13:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/




IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.sk"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.20 10:11:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.07 21:35:10 | 000,000,000 | ---D | M]

[2009.09.27 22:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Extensions
[2010.06.18 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions
[2009.10.20 14:43:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.27 22:11:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.06.16 23:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\firefox@tvunetworks.com
[2009.10.08 18:36:15 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\searchplugins\daemon-search.xml
[2010.06.18 22:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010.03.12 20:52:08 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.12 20:52:08 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.12 20:52:08 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.03.12 20:52:08 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.12 20:52:08 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.12 20:52:08 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010.06.18 23:19:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Hopino\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hopino\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.27 14:10:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.18 23:02:43 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.06.18 23:02:43 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.27 14:09:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.06.19 18:14:09 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hopino\Desktop\OTL.exe
[2010.06.19 17:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Desktop\gmer
[2010.06.19 16:51:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hopino\Recent
[2010.06.19 16:41:13 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Hopino\Desktop\SPTDinst-v169-x86.exe
[2010.06.19 16:39:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.19 08:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010.06.19 08:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010.06.19 08:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010.06.19 08:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010.06.18 23:15:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.06.18 23:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.18 23:14:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.18 23:14:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.18 23:14:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.18 23:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.18 23:12:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.06.18 23:12:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.18 23:02:43 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2010.06.18 23:00:32 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.06.18 22:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.18 22:29:11 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.18 21:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Application Data\SUPERAntiSpyware.com
[2010.06.18 21:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.06.18 21:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.06.16 23:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Local Settings\Application Data\TVU Networks
[2010.06.16 23:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2010.06.16 23:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\LocalLow
[2010.06.16 23:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\TVUPlayer
[2010.06.16 16:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\My Documents\NFS Carbon
[2010.06.16 16:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\My Documents\New Folder
[2010.06.12 10:46:54 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010.06.11 16:03:11 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.06.11 14:45:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.10 10:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Application Data\Facebook
[2010.06.09 19:50:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010.06.09 19:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV1508700.TMP
[2010.06.09 18:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\My Documents\Battlefield 2
[2010.06.09 12:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EasyInfo
[2010.05.21 13:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.05.21 12:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Local Settings\Application Data\Temp
[2010.05.21 12:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010.05.21 12:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.05.21 12:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Local Settings\Application Data\Google
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.19 18:18:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 18:14:33 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hopino\Desktop\OTL.exe
[2010.06.19 18:07:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.06.19 18:07:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.19 18:07:22 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 18:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.19 18:07:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.19 16:51:49 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Hopino\NTUSER.DAT
[2010.06.19 16:50:35 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\mbr.exe
[2010.06.19 16:44:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hopino\defogger_reenable
[2010.06.19 16:44:27 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Defogger.exe
[2010.06.19 16:41:14 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Hopino\Desktop\SPTDinst-v169-x86.exe
[2010.06.18 23:52:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Hopino\ntuser.ini
[2010.06.18 23:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.18 23:19:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.18 23:15:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.06.18 23:02:55 | 004,303,868 | ---- | M] () -- C:\UsbFix_Upload_Me_DARKEDITION.zip
[2010.06.18 21:00:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:50:48 | 000,009,898 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\13400612.jpg
[2010.06.17 16:35:23 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.17 16:35:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.06.17 10:09:00 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Hopino\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.17 10:08:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.17 08:01:34 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\InternetTV.exe
[2010.06.16 23:11:12 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TVUPlayer.lnk
[2010.06.16 16:28:31 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Need for Speed™ Carbon.lnk
[2010.06.14 15:47:47 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play BF2 SF Online Now!.lnk
[2010.06.14 15:47:47 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2010.06.14 10:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.13 13:57:05 | 000,510,516 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\obr4500.jpg
[2010.06.13 08:39:15 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.12 20:15:49 | 000,074,026 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Richard_Sulík.jpg
[2010.06.12 20:08:46 | 000,018,887 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\csaky.jpg
[2010.06.12 19:57:50 | 000,080,674 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\661.jpg
[2010.06.12 19:53:14 | 000,016,799 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\daniel_lipsic.jpg
[2010.06.12 19:46:50 | 000,082,655 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Miky.jpg
[2010.06.12 10:51:14 | 000,479,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.12 10:51:14 | 000,426,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.12 10:51:14 | 000,065,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.10 10:42:36 | 000,176,717 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\husta foto.jpg
[2010.06.10 10:40:42 | 000,087,331 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufo9.jpg
[2010.06.10 10:40:13 | 000,069,366 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\obr1.jpg
[2010.06.10 10:39:18 | 000,050,992 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufo8.jpg
[2010.06.10 10:38:12 | 000,103,886 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufo7.jpg
[2010.06.10 10:37:36 | 000,122,600 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufo6.jpg
[2010.06.10 10:37:09 | 000,132,840 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufo5.jpg
[2010.06.10 10:36:06 | 000,107,160 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\ufonky.jpg
[2010.06.10 10:31:38 | 000,072,568 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Ufo4.jpg
[2010.06.10 10:27:45 | 000,409,963 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Ufo 3.jpg
[2010.06.10 10:25:23 | 000,260,103 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\Ufo 2.jpg
[2010.06.09 21:19:04 | 004,769,568 | -H-- | M] () -- C:\Documents and Settings\Hopino\Local Settings\Application Data\IconCache.db
[2010.06.09 19:53:44 | 000,128,026 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.09 18:35:39 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[2010.06.09 18:35:39 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010.06.08 09:20:01 | 000,403,666 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100617-120212.backup
[2010.06.03 19:53:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010.06.03 11:53:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Hopino\Desktop\SpeedFan.lnk
[2010.06.03 11:53:14 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010.05.24 14:15:14 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-092001.backup
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.19 16:48:00 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\mbr.exe
[2010.06.19 16:44:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hopino\defogger_reenable
[2010.06.19 16:44:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Defogger.exe
[2010.06.18 23:15:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.06.18 23:15:43 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010.06.18 23:14:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.18 23:14:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.18 23:14:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.18 23:14:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.18 23:14:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.18 23:02:53 | 004,303,868 | ---- | C] () -- C:\UsbFix_Upload_Me_DARKEDITION.zip
[2010.06.18 21:00:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.17 22:50:47 | 000,009,898 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\13400612.jpg
[2010.06.17 08:01:31 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\InternetTV.exe
[2010.06.16 23:11:12 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TVUPlayer.lnk
[2010.06.16 16:28:31 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Need for Speed™ Carbon.lnk
[2010.06.14 15:47:47 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play BF2 SF Online Now!.lnk
[2010.06.14 15:47:47 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2010.06.13 13:57:03 | 000,510,516 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\obr4500.jpg
[2010.06.12 20:15:49 | 000,074,026 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Richard_Sulík.jpg
[2010.06.12 20:08:46 | 000,018,887 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\csaky.jpg
[2010.06.12 19:57:50 | 000,080,674 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\661.jpg
[2010.06.12 19:53:14 | 000,016,799 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\daniel_lipsic.jpg
[2010.06.12 19:46:49 | 000,082,655 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Miky.jpg
[2010.06.10 10:42:36 | 000,176,717 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\husta foto.jpg
[2010.06.10 10:40:42 | 000,087,331 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufo9.jpg
[2010.06.10 10:40:13 | 000,069,366 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\obr1.jpg
[2010.06.10 10:39:17 | 000,050,992 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufo8.jpg
[2010.06.10 10:38:11 | 000,103,886 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufo7.jpg
[2010.06.10 10:37:35 | 000,122,600 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufo6.jpg
[2010.06.10 10:37:09 | 000,132,840 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufo5.jpg
[2010.06.10 10:36:05 | 000,107,160 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\ufonky.jpg
[2010.06.10 10:31:37 | 000,072,568 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Ufo4.jpg
[2010.06.10 10:27:45 | 000,409,963 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Ufo 3.jpg
[2010.06.10 10:25:21 | 000,260,103 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\Ufo 2.jpg
[2010.06.09 19:51:16 | 000,128,026 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.09 19:34:01 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.06.09 18:35:39 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[2010.06.09 18:35:39 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010.06.03 11:53:16 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Hopino\Desktop\SpeedFan.lnk
[2010.05.21 12:07:41 | 000,001,000 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.21 12:07:40 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.11.17 11:43:35 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.15 23:37:13 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.10.09 13:30:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.28 08:23:18 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2009.09.28 08:16:44 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.27 14:10:13 | 000,001,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.02.24 14:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2009.02.24 14:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008.10.24 15:53:28 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007.08.28 01:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.08.28 01:29:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.08.28 01:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.08.28 01:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.08.28 01:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.10.15 13:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2003.04.09 17:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009.10.08 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.09.27 16:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.11.13 08:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009.10.16 22:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Audacity
[2009.10.21 10:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\BSplayer Pro
[2009.10.08 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\DAEMON Tools Lite
[2010.06.10 10:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Facebook
[2009.10.15 22:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Leadertech
[2009.11.23 14:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\MP-Manager
[2009.12.18 20:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Opera
[2009.11.17 11:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Samsung
[2010.06.18 22:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\uTorrent
[2010.02.09 15:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Zoner
[2010.06.19 18:07:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2010.06.07 19:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com)

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009.09.28 08:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.09.30 12:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.09.30 12:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.11.13 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.10.08 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.09.27 16:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.09.28 10:24:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.10.17 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009.10.08 19:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009.09.27 22:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010.06.09 19:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009.10.03 14:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010.06.18 22:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.06.18 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009.11.13 08:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010.06.16 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009.09.27 16:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.10.08 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.13 08:58:38 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe

< %APPDATA%\*. >
[2010.02.05 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Adobe
[2009.10.01 16:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Ahead
[2009.09.30 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Apple Computer
[2009.10.16 22:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Audacity
[2009.10.21 10:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\BSplayer Pro
[2010.06.05 21:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\CameraWindowDC
[2009.10.08 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\CANON INC
[2009.11.13 09:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\CyberLink
[2009.10.08 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\DAEMON Tools Lite
[2010.06.13 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\dvdcss
[2010.06.10 10:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Facebook
[2009.09.27 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Identities
[2009.10.15 22:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Leadertech
[2009.09.27 21:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Macromedia
[2010.05.10 21:06:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Hopino\Application Data\Microsoft
[2009.09.27 22:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Mozilla
[2009.11.23 14:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\MP-Manager
[2009.10.08 19:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Nero
[2009.10.03 14:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Office Genuine Advantage
[2009.12.18 20:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Opera
[2009.11.17 11:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Samsung
[2009.10.10 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Sun
[2010.06.18 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\SUPERAntiSpyware.com
[2010.06.18 22:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\uTorrent
[2010.06.17 17:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\vlc
[2009.09.28 09:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Winamp
[2009.09.28 08:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\WinRAR
[2010.02.09 15:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\Zoner
[2010.06.16 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hopino\Application Data\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2010.06.10 10:26:01 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Hopino\Application Data\Facebook\uninstall.exe
[2009.11.23 14:41:37 | 000,037,345 | R--- | M] () -- C:\Documents and Settings\Hopino\Application Data\Microsoft\Installer\{6B627996-742C-48A1-BD58-A129F5062D07}\controlPanelIcon.exe
[2009.11.23 14:41:37 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Hopino\Application Data\Microsoft\Installer\{6B627996-742C-48A1-BD58-A129F5062D07}\SystemFolder_msiexec.exe
[2009.09.03 06:53:00 | 000,019,792 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.03 06:53:00 | 000,022,848 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe


< MD5 for: AGP440.SYS >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 12:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 12:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2009.02.24 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.13 12:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.02.24 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2009.02.24 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.02.24 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2009.02.24 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2009.02.24 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2009.02.24 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2009.02.24 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2009.02.24 14:00:00 | 001,641,472 | ---- | M] (Microsoft Corporation) MD5=B8129BACB446D8CE8B083EC0728C2132 -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.02.24 14:00:00 | 000,134,528 | ---- | M] (Microsoft Corporation) MD5=E33DE9C65B3625BDD00C1313179DA5A5 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2009.02.24 14:00:00 | 018,549,068 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.13 12:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2009.02.24 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.02.24 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2009.02.24 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.02.24 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2009.02.24 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009.02.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2009.02.24 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2009.02.24 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2009.02.24 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2009.02.24 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2009.02.24 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.02.24 14:00:00 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=367DE8E5F638C091F49273144274F629 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2009.02.24 14:00:00 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=367DE8E5F638C091F49273144274F629 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.02.24 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2009.02.24 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.02.24 14:00:00 | 000,557,056 | ---- | M] (Microsoft Corporation) MD5=C64E97CC32E4662F2972FE7E8FA9B6CE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.02.24 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2009.02.24 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.27 20:57:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.09.27 20:57:24 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.27 20:57:24 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.19 18:07:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Hopino\Desktop\secreeeet.txt:SummaryInformation
< End of report >
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#42 Příspěvek od martinerik »

OTL Extras logfile created on: 19.6.2010 18:18:55 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Hopino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 557,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 8,20 Gb Free Space | 27,99% Space Free | Partition Type: NTFS
Drive D: | 203,58 Gb Total Space | 13,99 Gb Free Space | 6,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARKEDITION
Current User Name: Hopino
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Find.Target] -- "explorer.exe" /select,"%1" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Movies\BATTLEFIELD ORIGOS\BF2.exe" = D:\Movies\BATTLEFIELD ORIGOS\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1051}" = Nero 8
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B627996-742C-48A1-BD58-A129F5062D07}" = MP Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-A91000000001}" = Adobe Reader 9.1.3 - Slovak
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EA084D6F-5911-4B4D-985B-F4B422E33671}" = ESET NOD32 Antivirus
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPLBonus" = Kels' CPL Bonus Pack!
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"ie8" = Windows Internet Explorer 8
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LClock" = LClock
"LocalCooling_is1" = LocalCooling 1.03
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedFan" = SpeedFan (remove only)
"TVUPlayer" = TVUPlayer 2.5.3.1
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archivátor
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.6.2010 4:54:57 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 11706
Description =

Error - 12.6.2010 4:54:57 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 1024
Description =

Error - 12.6.2010 4:55:32 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 11706
Description =

Error - 12.6.2010 4:55:34 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 1024
Description =

Error - 12.6.2010 4:55:44 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 11706
Description =

Error - 12.6.2010 4:55:44 | Computer Name = DARKEDITION | Source = MsiInstaller | ID = 1024
Description =

Error - 18.6.2010 16:56:34 | Computer Name = DARKEDITION | Source = Userenv | ID = 1508
Description = Systém Windows nebol schopný načítať databázu Registry. Toto je často
spôsobené nedostatkom pamäte alebo nedostatočnými oprávneniami zabezpečenia. PODROBNOSTI
- Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
pre C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error - 18.6.2010 16:56:34 | Computer Name = DARKEDITION | Source = Userenv | ID = 1500
Description = Systém Windows vás nemôže prihlásiť, pretože nemožno načítať váš profil.
Skontrolujte, či ste pripojený k sieti, alebo či vaša sieť pracuje správne. Ak
tento problém pretrváva, obráťte sa na správcu siete. PODROBNOSTI - Proces nemôže
získať prístup k súboru, pretože daný súbor práve používa iný proces.

Error - 19.6.2010 9:22:32 | Computer Name = DARKEDITION | Source = Userenv | ID = 1508
Description = Systém Windows nebol schopný načítať databázu Registry. Toto je často
spôsobené nedostatkom pamäte alebo nedostatočnými oprávneniami zabezpečenia. PODROBNOSTI
- Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
pre C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error - 19.6.2010 9:22:32 | Computer Name = DARKEDITION | Source = Userenv | ID = 1500
Description = Systém Windows vás nemôže prihlásiť, pretože nemožno načítať váš profil.
Skontrolujte, či ste pripojený k sieti, alebo či vaša sieť pracuje správne. Ak
tento problém pretrváva, obráťte sa na správcu siete. PODROBNOSTI - Proces nemôže
získať prístup k súboru, pretože daný súbor práve používa iný proces.

[ System Events ]
Error - 12.6.2010 4:55:49 | Computer Name = DARKEDITION | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office 2003 (KB982311).

Error - 18.6.2010 16:56:35 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7005
Description = Hovor LoadUserProfile zlyhal s nasledujúcou chybou: %%32

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Služba Nero BackItUp Scheduler 3 sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Služba PLFlash DeviceIoControl Service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7031
Description = Služba Eset Service sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7031
Description = Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

Error - 18.6.2010 17:01:30 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7034
Description = Služba Application Layer Gateway Service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.

Error - 19.6.2010 9:22:33 | Computer Name = DARKEDITION | Source = Service Control Manager | ID = 7005
Description = Hovor LoadUserProfile zlyhal s nasledujúcou chybou: %%32


< End of report >
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#43 Příspěvek od Caroprd111 »

Obrázek Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
[2010.05.21 12:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hopino\Local Settings\Application Data\Temp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Hopino\Desktop\secreeeet.txt:SummaryInformation

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
Klikněte na Fix, PC se restartuje, log vložte sem.
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#44 Příspěvek od martinerik »

Nevadi ze som tam zaskrtol lop check a purity check ??? Pretoze na konci to zamrzlo a musel som resetoivat pc :(
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#45 Příspěvek od Caroprd111 »

Nevadí. Podívejte se do C:\_OTL\Movedfiles, jestli se tam nenachází log.
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“