Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

POMOC so svinstvom... Win32/Adware.ErrorRepairPro

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#1 Příspěvek od martinerik »

Caf prosim pomozte mi toto svinstvo odstranit..vdaka... a ja som sa cudoval ze co mi seka pc aj mrzne furt... vdaka :worship:
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#2 Příspěvek od Caroprd111 »

Zdravím :)

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#3 Příspěvek od martinerik »

tam tu obidve pre istotu... dikyyy mooooc :worship:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Hopino at 2010-06-18 22:29:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (24%) free of 30 GB
Total RAM: 1023 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:49, on 18.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Movies\RSIT.exe
C:\Program Files\trend micro\Hopino.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7234 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2009-02-24 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2009-02-24 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2009-02-24 455168]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-28 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2009-02-24 40448]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
C:\Program Files\LocalCooling\localcooling.exe [2006-11-28 1900575]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"CCALib8"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-02-24 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\JDownloader\JDownloader.exe"="C:\Program Files\JDownloader\JDownloader.exe:*:Disabled:JDownloader"
"D:\Movies\S.T.A.L.K.E.R. - Shadow of Chernobyl nainstalovana hra\bin\XR_3DA.exe"="D:\Movies\S.T.A.L.K.E.R. - Shadow of Chernobyl nainstalovana hra\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Movies\S.T.A.L.K.E.R. - Shadow of Chernobyl nainstalovana hra\bin\dedicated\XR_3DA.exe"="D:\Movies\S.T.A.L.K.E.R. - Shadow of Chernobyl nainstalovana hra\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\Movies\StalkerChernobylNainsHra\bin\XR_3DA.exe"="D:\Movies\StalkerChernobylNainsHra\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Movies\StalkerChernobylNainsHra\bin\dedicated\XR_3DA.exe"="D:\Movies\StalkerChernobylNainsHra\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\ Movies\ Battlefield 2 NainsHra\BF2.exe"="D:\ Movies\ Battlefield 2 NainsHra\BF2.exe:*:Enabled:Battlefield 2"
"D:\Battlefield 2 priecinok\ Battlefield 2 NainsHra\BF2.exe"="D:\Battlefield 2 priecinok\ Battlefield 2 NainsHra\BF2.exe:*:Disabled:BF2"
"D:\Movies\BATTLEFIELD NAIN.HRA\bf2_w32ded.exe"="D:\Movies\BATTLEFIELD NAIN.HRA\bf2_w32ded.exe:*:Disabled:bf2_w32ded"
"D:\Movies\BATTLEFIELD NAINST\bf2_w32ded.exe"="D:\Movies\BATTLEFIELD NAINST\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"D:\Movies\BATTLEFIELD ORIGOS\BF2.exe"="D:\Movies\BATTLEFIELD ORIGOS\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{982396c9-d81e-11de-afe5-0019dbca5e30}]
shell\Auto\command - G:\launcher.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4b2b0-b428-11de-af6c-0019dbca5e30}]
shell\AutoRun\command - F:\Autorun.exe


======List of files/folders created in the last 1 months======

2010-06-18 22:29:13 ----D---- C:\Program Files\trend micro
2010-06-18 22:29:11 ----D---- C:\rsit
2010-06-18 21:01:03 ----D---- C:\Documents and Settings\Hopino\Application Data\SUPERAntiSpyware.com
2010-06-18 21:01:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-18 21:00:49 ----D---- C:\Program Files\SUPERAntiSpyware
2010-06-16 23:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2010-06-16 23:11:05 ----D---- C:\Program Files\TVUPlayer
2010-06-13 08:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-13 08:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-13 08:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-12 10:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-12 10:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-12 10:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 10:25:59 ----D---- C:\Documents and Settings\Hopino\Application Data\Facebook
2010-06-09 19:50:43 ----D---- C:\WINDOWS\nview
2010-06-09 19:50:42 ----D---- C:\WINDOWS\NV1508700.TMP
2010-06-09 12:14:49 ----D---- C:\Program Files\Common Files\EasyInfo
2010-05-27 08:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-21 12:07:37 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 1 months======

2010-06-18 22:29:15 ----D---- C:\WINDOWS\Temp
2010-06-18 22:29:13 ----RD---- C:\Program Files
2010-06-18 22:29:10 ----D---- C:\WINDOWS\Prefetch
2010-06-18 22:15:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-18 22:05:35 ----D---- C:\WINDOWS
2010-06-18 20:36:31 ----D---- C:\Program Files\SpeedFan
2010-06-18 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-18 19:06:17 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-06-17 22:31:12 ----D---- C:\Documents and Settings\Hopino\Application Data\uTorrent
2010-06-17 19:32:37 ----HD---- C:\WINDOWS\inf
2010-06-17 17:46:14 ----D---- C:\Documents and Settings\Hopino\Application Data\vlc
2010-06-17 16:35:23 ----SH---- C:\boot.ini
2010-06-17 16:35:23 ----A---- C:\WINDOWS\win.ini
2010-06-17 16:35:23 ----A---- C:\WINDOWS\system.ini
2010-06-17 16:11:47 ----D---- C:\WINDOWS\pss
2010-06-17 10:08:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-16 23:11:05 ----D---- C:\WINDOWS\system32
2010-06-16 18:37:04 ----D---- C:\Documents and Settings\Hopino\Application Data\ZoomBrowser EX
2010-06-16 16:20:44 ----D---- C:\WINDOWS\system32\DirectX
2010-06-16 16:20:43 ----RSD---- C:\WINDOWS\assembly
2010-06-15 07:13:41 ----SHD---- C:\WINDOWS\Installer
2010-06-14 15:42:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-13 16:49:01 ----D---- C:\Documents and Settings\Hopino\Application Data\dvdcss
2010-06-13 09:53:39 ----D---- C:\WINDOWS\Debug
2010-06-13 08:36:45 ----D---- C:\WINDOWS\system32\dllcache
2010-06-13 08:36:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-12 11:46:55 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-12 10:54:05 ----D---- C:\Program Files\Internet Explorer
2010-06-12 10:52:15 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-12 10:51:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-12 10:51:02 ----D---- C:\WINDOWS\WinSxS
2010-06-09 19:51:16 ----D---- C:\WINDOWS\Help
2010-06-09 19:49:57 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 19:40:57 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-06-05 21:45:09 ----D---- C:\Documents and Settings\Hopino\Application Data\CameraWindowDC
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-21 12:07:41 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2009-02-24 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-17 5632]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\Program Files\System\CPL Bonus\Vcdrom.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/13 08:00:43]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2009-02-24 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2009-02-24 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2009-02-24 55936]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-02-24 62848]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2009-02-24 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-28 6811168]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-24 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 afivqfaj;afivqfaj; C:\WINDOWS\system32\drivers\afivqfaj.sys []
S3 cpuz133;cpuz133; \??\C:\DOCUME~1\Hopino\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-02-24 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-02-24 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-28 155716]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-21 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2009-02-24 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-24 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-02-24 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#4 Příspěvek od martinerik »

INAK FURT MI TO NACHADZA NEJAKE SVINSTVO - SuperAntiSpyware

info.txt logfile of random's system information tool 1.06 2010-06-18 22:29:52

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
ESET NOD32 Antivirus-->MsiExec.exe /I{EA084D6F-5911-4B4D-985B-F4B422E33671}
Google Earth Plug-in-->MsiExec.exe /X{961034C0-58DF-11DF-97FD-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP OrderReminder-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kels' CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
LaserJet 1018-->C:\Program Files\Zenographics\{F8609B2A-3A5C-4FB5-9381-0A5C50B0434B}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LClock-->C:\Program Files\LClock\Uninstall.exe
LocalCooling 1.03-->"C:\Program Files\LocalCooling\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP Manager-->MsiExec.exe /X{6B627996-742C-48A1-BD58-A129F5062D07}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed™ Carbon-->D:\Movies\NFS CARBON\EAUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 8-->MsiExec.exe /X{1CA7ACD6-B21B-4240-AA05-4FC55F6E1051}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Opera 10.10-->MsiExec.exe /X{FB8148DD-C575-4B0A-9F6C-0CFC46937930}
Quake 4(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1e -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x001b -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x001b -removeonly
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\SASUNINST.EXE" /NOUI
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TVUPlayer 2.5.3.1-->C:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0
FW: Sygate Personal Firewall

======System event log======

Computer Name: DARKEDITION
Event Code: 7035
Message: Službe SSDP Discovery Service bolo úspešne odoslané riadenie Spustené.

Record Number: 16587
Source Name: Service Control Manager
Time Written: 20100529121043.000000+120
Event Type: informácie
User: NT AUTHORITY\SYSTEM

Computer Name: DARKEDITION
Event Code: 7035
Message: Službe Background Intelligent Transfer Service bolo úspešne odoslané riadenie Spustené.

Record Number: 16586
Source Name: Service Control Manager
Time Written: 20100529121043.000000+120
Event Type: informácie
User: NT AUTHORITY\SYSTEM

Computer Name: DARKEDITION
Event Code: 7035
Message: Službe Fast User Switching Compatibility bolo úspešne odoslané riadenie Spustené.

Record Number: 16585
Source Name: Service Control Manager
Time Written: 20100529121043.000000+120
Event Type: informácie
User: NT AUTHORITY\SYSTEM

Computer Name: DARKEDITION
Event Code: 7036
Message: Služba Terminal Services vstúpila do stavu Spustené.

Record Number: 16584
Source Name: Service Control Manager
Time Written: 20100529121043.000000+120
Event Type: informácie
User:

Computer Name: DARKEDITION
Event Code: 7036
Message: Služba Network Location Awareness (NLA) vstúpila do stavu Spustené.

Record Number: 16583
Source Name: Service Control Manager
Time Written: 20100529121043.000000+120
Event Type: informácie
User:

=====Application event log=====

Computer Name: DARKEDITION
Event Code: 105
Message: The service was started.

Record Number: 1999
Source Name: PLFlash DeviceIoControl Service
Time Written: 20100211181923.000000+060
Event Type: informácie
User:

Computer Name: DARKEDITION
Event Code: 0
Message:
Record Number: 1998
Source Name: Nero BackItUp Scheduler 3
Time Written: 20100211181923.000000+060
Event Type: informácie
User:

Computer Name: DARKEDITION
Event Code: 1800
Message: Služba Centrum zabezpečenia systému Windows sa spustila.

Record Number: 1997
Source Name: SecurityCenter
Time Written: 20100210183455.000000+060
Event Type: informácie
User:

Computer Name: DARKEDITION
Event Code: 105
Message: The service was started.

Record Number: 1996
Source Name: PLFlash DeviceIoControl Service
Time Written: 20100210183455.000000+060
Event Type: informácie
User:

Computer Name: DARKEDITION
Event Code: 0
Message:
Record Number: 1995
Source Name: Nero BackItUp Scheduler 3
Time Written: 20100210183455.000000+060
Event Type: informácie
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#5 Příspěvek od Caroprd111 »

Obrázek Doporučuji odinstalovat Spybot - Search & Destroy.


Obrázek Doporučuji odinstalovat µTorrent

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Obrázek Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
  • Spusťte, poté klikněte na Deletion.
  • Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Obrázek Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
  • Vložte do PC všechny flash disky, které používáte.
  • Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
  • Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna :!:
  • Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
  • Během skenování může být počítač restartován.
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#6 Příspěvek od martinerik »

Log z UsbFix

############################## | UsbFix 7.011 | [Deletion]

User: Hopino (Administrator) # DARKEDITION [ ]
Updated 17/06/2010 by El Desaparecido / C_XX
Started at 23:01:27 | 18/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
CPU 2: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: ESET NOD32 Antivirus 3.0 3.0 [Enabled | Updated]
Firewall: Sygate Personal Firewall 4.6 [Enabled]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 29 Gb (7 Mb free - 23%) [] # NTFS
D:\ -> Fixed drive # 204 Gb (14 Mb free - 7%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Files # Infected Folders |

Deleted ! C:\Program Files\System
Deleted ! C:\DOCUME~1\Hopino\LOCALS~1\Temp\AutoRun.exe
Not deleted ! F:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-1606980848-261903793-1417001333-1003
Deleted ! D:\Recycler\S-1-5-21-1606980848-261903793-1417001333-1003
Not deleted ! F:\msvcr71.dll

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{982396c9-d81e-11de-afe5-0019dbca5e30}

################## | Listing |

[27/09/2009 - 14:10:06 | A | 0] C:\AUTOEXEC.BAT
[17/06/2010 - 16:35:23 | SH | 211] C:\boot.ini
[27/09/2009 - 14:10:06 | A | 0] C:\CONFIG.SYS
[10/05/2010 - 21:07:20 | D ] C:\ConvertTemp
[17/11/2009 - 12:16:34 | D ] C:\Documents and Settings
[13/02/2010 - 00:01:51 | A | 182] C:\drwtsn32.log
[27/09/2009 - 14:10:06 | RASH | 0] C:\IO.SYS
[27/09/2009 - 14:10:06 | RASH | 0] C:\MSDOS.SYS
[24/02/2009 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[24/02/2009 - 14:00:00 | RASH | 250048] C:\ntldr
[18/06/2010 - 22:56:10 | ASH | 1610612736] C:\pagefile.sys
[18/06/2010 - 23:02:38 | RD ] C:\Program Files
[18/06/2010 - 23:02:38 | SHD ] C:\RECYCLER
[18/06/2010 - 22:29:52 | D ] C:\rsit
[27/09/2009 - 14:12:12 | SHD ] C:\System Volume Information
[18/06/2010 - 23:02:38 | D ] C:\UsbFix
[18/06/2010 - 23:02:39 | A | 1198] C:\UsbFix.txt
[18/06/2010 - 22:05:35 | D ] C:\WINDOWS
[09/10/2009 - 07:23:17 | D ] D:\ede2bc5937d7df8ad553b186581d
[17/10/2009 - 21:31:57 | D ] D:\GTA
[18/06/2010 - 23:00:08 | D ] D:\Movies
[24/11/2009 - 16:25:21 | D ] D:\pro street
[18/06/2010 - 23:02:38 | SHD ] D:\RECYCLER
[27/09/2009 - 15:50:30 | SHD ] D:\System Volume Information
[17/10/2006 - 08:03:24 | R | 1091256] F:\00000000.256
[17/10/2006 - 08:03:25 | R | 20482048] F:\00000001.TMP
[17/10/2006 - 08:03:25 | R | 317440] F:\00000002.TMP
[17/10/2006 - 07:46:43 | R | 2147479377] F:\0compressed.zip
[17/10/2006 - 07:53:36 | R | 1996624123] F:\1compressed.zip
[01/11/2006 - 06:11:51 | RD ] F:\AutoRun
[17/10/2006 - 07:20:09 | R | 569344] F:\AutoRun.exe
[13/10/2006 - 10:01:46 | R | 528384] F:\AutoRunGUI.dll
[03/11/2006 - 11:39:37 | RD ] F:\Crack and Instructions
[01/11/2006 - 06:11:58 | RD ] F:\DirectX
[17/10/2006 - 08:03:23 | R | 46592] F:\DrvMgt.dll
[13/10/2006 - 10:01:46 | R | 720896] F:\EAInstall.dll
[23/09/2006 - 08:09:51 | R | 2238] F:\NFS_icon.ico
[17/10/2006 - 08:03:23 | R | 163644] F:\SECDRV.SYS
[01/11/2006 - 06:11:58 | RD ] F:\Support
[17/10/2006 - 07:53:44 | R | 152] F:\autorun.inf
[17/10/2006 - 07:53:48 | R | 254] F:\common_filelist.txt
[23/09/2006 - 08:09:50 | R | 258] F:\dat.bin
[17/10/2006 - 07:20:09 | R | 253952] F:\eauninstall.exe
[23/09/2006 - 08:09:51 | R | 499712] F:\msvcp71.dll
[23/09/2006 - 08:09:51 | R | 348160] F:\msvcr71.dll
[11/10/2006 - 07:48:10 | R | 53248] F:\nfs_inst.exe
[11/10/2006 - 07:48:10 | R | 45056] F:\nfs_uninst.exe
[17/10/2006 - 07:09:29 | R | 8950979] F:\nfsc.exe
[23/09/2006 - 08:09:51 | R | 1462] F:\server.cfg
[23/09/2006 - 08:09:51 | R | 380928] F:\server.dll
[23/09/2006 - 08:09:51 | R | 22016] F:\setup.exe

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_DARKEDITION.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#7 Příspěvek od Caroprd111 »

OK, ještě log z Combofixu.
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#8 Příspěvek od martinerik »

ComboFix 10-06-17.03 - Hopino 18.06.2010 23:16:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.657 [GMT 2:00]
Running from: d:\movies\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 21:02 . 2010-06-18 21:02 4303868 ----a-w- C:\UsbFix_Upload_Me_DARKEDITION.zip
2010-06-18 21:00 . 2010-06-18 21:02 -------- d-----w- C:\UsbFix
2010-06-18 20:29 . 2010-06-18 20:29 -------- d-----w- c:\program files\trend micro
2010-06-18 20:29 . 2010-06-18 20:29 -------- d-----w- C:\rsit
2010-06-18 19:52 . 2010-06-18 19:52 503808 ----a-w- c:\documents and settings\Hopino\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-318cfc7d-n\msvcp71.dll
2010-06-18 19:52 . 2010-06-18 19:52 499712 ----a-w- c:\documents and settings\Hopino\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-318cfc7d-n\jmc.dll
2010-06-18 19:52 . 2010-06-18 19:52 348160 ----a-w- c:\documents and settings\Hopino\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-318cfc7d-n\msvcr71.dll
2010-06-18 19:02 . 2010-06-18 19:02 63488 ----a-w- c:\documents and settings\Hopino\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-18 19:01 . 2010-06-18 19:01 52224 ----a-w- c:\documents and settings\Hopino\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-18 19:01 . 2010-06-18 19:01 117760 ----a-w- c:\documents and settings\Hopino\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-18 19:01 . 2010-06-18 19:01 -------- d-----w- c:\documents and settings\Hopino\Application Data\SUPERAntiSpyware.com
2010-06-18 19:01 . 2010-06-18 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-18 19:00 . 2010-06-18 19:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-16 21:11 . 2010-06-16 21:11 -------- d-----w- c:\documents and settings\Hopino\Local Settings\Application Data\TVU Networks
2010-06-16 21:11 . 2010-06-16 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-06-16 21:11 . 2010-06-16 21:11 -------- d-----w- c:\documents and settings\Hopino\LocalLow
2010-06-16 21:11 . 2010-06-16 21:11 -------- d-----w- c:\program files\TVUPlayer
2010-06-12 08:46 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-11 14:03 . 2010-04-20 05:30 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-06-11 12:45 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 08:26 . 2010-06-10 08:26 50354 ----a-w- c:\documents and settings\Hopino\Application Data\Facebook\uninstall.exe
2010-06-10 08:25 . 2010-06-10 08:26 -------- d-----w- c:\documents and settings\Hopino\Application Data\Facebook
2010-06-09 17:50 . 2010-06-09 17:50 -------- d-----w- c:\windows\nview
2010-06-09 17:50 . 2010-06-09 17:53 -------- d-----w- c:\windows\NV1508700.TMP
2010-06-09 10:14 . 2010-06-09 10:14 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-05-21 11:25 . 2010-05-21 11:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-21 10:07 . 2010-06-15 05:12 -------- d-----w- c:\documents and settings\Hopino\Local Settings\Application Data\Temp
2010-05-21 10:07 . 2010-05-21 10:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-21 10:07 . 2010-05-31 10:12 -------- d-----w- c:\documents and settings\Hopino\Local Settings\Application Data\Google
2010-05-21 10:07 . 2010-05-21 10:08 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 21:13 . 2009-09-28 06:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-18 20:59 . 2009-09-28 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-18 20:58 . 2009-10-01 16:28 -------- d-----w- c:\documents and settings\Hopino\Application Data\uTorrent
2010-06-18 18:36 . 2010-03-11 08:39 -------- d-----w- c:\program files\SpeedFan
2010-06-17 15:46 . 2009-09-28 07:21 -------- d-----w- c:\documents and settings\Hopino\Application Data\vlc
2010-06-16 16:37 . 2009-10-08 18:34 -------- d-----w- c:\documents and settings\Hopino\Application Data\ZoomBrowser EX
2010-06-14 13:42 . 2009-09-27 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 14:49 . 2009-10-01 19:58 -------- d-----w- c:\documents and settings\Hopino\Application Data\dvdcss
2010-06-09 17:40 . 2009-10-16 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-05 19:45 . 2009-10-08 18:21 -------- d-----w- c:\documents and settings\Hopino\Application Data\CameraWindowDC
2010-05-17 11:29 . 2009-09-27 12:05 -------- d-----w- c:\program files\Unlocker
2010-05-13 10:35 . 2009-09-27 13:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-06 10:41 . 2009-02-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 10:04 . 2009-02-24 12:00 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- c:\documents and settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-04-20 05:30 . 2009-02-24 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-03 22:55 . 2009-10-16 15:27 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-02 14:54 . 2009-10-16 15:25 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
.

------- Sigcheck -------

[-] 2009-02-24 . C64E97CC32E4662F2972FE7E8FA9B6CE . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-02-24 . 616456475A04FF53735495F10142CC45 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-02-24 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-02-24 . B8129BACB446D8CE8B083EC0728C2132 . 1641472 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-02-24 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2009-02-24 . 56F4867BAE6FD78E5365A3A7AFA59C82 . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2009-02-24 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-02-24 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-02-24 455168]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-03-05 2573536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8466432]
"nwiz"="nwiz.exe" [2007-08-27 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-24 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
2006-11-28 10:51 1900575 ----a-w- c:\program files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 06:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-01-30 16:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-01 17:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"CCALib8"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Movies\\BATTLEFIELD ORIGOS\\BF2.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24.10.2008 15:53 35168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/13 08:00];c:\program files\CyberLink\PowerDVD9\000.fcl [7.5.2009 22:05 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.10.2009 18:32 721904]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\program files\System\CPL Bonus\Vcdrom.sys --> c:\program files\System\CPL Bonus\Vcdrom.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.5.2010 12:07 136176]
S3 cpuz133;cpuz133;\??\c:\docume~1\Hopino\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys --> c:\docume~1\Hopino\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 10:07]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 10:07]

2010-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: c:\documents and settings\Hopino\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Hopino\Application Data\Mozilla\Firefox\Profiles\ok4v45od.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\TVUPlayer\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-261903793-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\SETUPAPI.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\setupapi.dll
.
Completion time: 2010-06-18 23:21:29
ComboFix-quarantined-files.txt 2010-06-18 21:21

Pre-Run: 6 986 276 864 bytes free
Post-Run: 8 794 972 160 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 76B5C7DAF15597E922E644BF53AC6391
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#9 Příspěvek od martinerik »

Po dokonceni comboFixu som si naspat zapol antivir aj firewall...
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#10 Příspěvek od Caroprd111 »

Obrázek Následující soubor/y otestujte na http://www.virustotal.com/cs/
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\termsrv.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#11 Příspěvek od martinerik »

No ono mi ten odkaz nejde spustit...
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#12 Příspěvek od Caroprd111 »

Zkuste http://virusscan.jotti.org/cs
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#13 Příspěvek od martinerik »

tuto musim dat prehladavat, lebo to tam nejde skopirovat...oki ???
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#14 Příspěvek od Caroprd111 »

OK :)
Obrázek
Nahoru
martinerik
5. stupeň - BAN
Příspěvky: 211
Registrován: 18 čer 2010 21:17
Bydliště: Banská Bystrica

Re: POMOC so svinstvom... Win32/Adware.ErrorRepairPro

#15 Příspěvek od martinerik »

Zatial naslo v explorer.exe Trojan.Win32.Agent
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“