Chyba v C/Windows/system32 Vyřešeno

[jaro3]

Tak snad čisto , až na toto: Error Fix --to sis nainstaloval sám?

Něco jsem k tomu našel:
http://www.xp-vista.com/remove/errorfix

Měl bys smazat:
Manual Error Fix Removal Instructions:

Stop Error Fix Processes:
(Learn how to do this)
ErrorFix.exe

Find and Delete Error Fix Files:
(Learn how to do this)
%UserProfile%\Application Data\ErrorFix\Logs\2009-06-23 09-38-070.log
C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix Help.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix\ErrorFix.lnk
%ProgramFiles%\Downloaded Installers\{83A867EF-8D2E-4CAF-A1DD-B3996724CF78}\setup.msi
%ProgramFiles%\ErrorFix\definitions.db
%ProgramFiles%\ErrorFix\ErrorFix.exe
%ProgramFiles%\ErrorFix\ErrorFix.url
%ProgramFiles%\ErrorFix\privacy.db
%Windir%\Installer\37e167c.msi
%Windir%\Installer\{83A867EF-8D2E-4CAF-A1DD-B3996724CF78}\Icon.exe
%Windir%\Tasks\ErrorFix Scan.job

Remove Error Fix Registry Values:
(Learn how to do this)
%UserProfile%\Application Data\Error Fix
HKEY_CURRENT_USER\Software\Error Fix

Ty složky bys měl smazat.
Dej ještě nový log z HJT.

[Reklama]

[davidhighend]

Mohl bys mi prosim jeste poradit, ktere polozky mam dat jako End Process v tom Task manager

[davidhighend]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:08, on 28/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6810018259
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6810088384
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdeskt ... reQual.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11518 bytes

[davidhighend]

posilam vysledek z VirusTotal

Soubor hijackthis.log přijatý 2009.07.28 21:36:51 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 50 a 71 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.07.28 -
AhnLab-V3 5.0.0.2 2009.07.28 -
AntiVir 7.9.0.234 2009.07.28 -
Antiy-AVL 2.0.3.7 2009.07.28 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.28 -
AVG 8.5.0.387 2009.07.28 -
BitDefender 7.2 2009.07.28 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.28 -
Comodo 1797 2009.07.28 -
DrWeb 5.0.0.12182 2009.07.28 -
eSafe 7.0.17.0 2009.07.28 -
eTrust-Vet 31.6.6643 2009.07.28 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.28 -
Fortinet 3.120.0.0 2009.07.28 -
GData 19 2009.07.28 -
Ikarus T3.1.1.64.0 2009.07.28 -
Jiangmin 11.0.800 2009.07.28 -
K7AntiVirus 7.10.804 2009.07.28 -
Kaspersky 7.0.0.125 2009.07.28 -
McAfee 5691 2009.07.28 -
McAfee+Artemis 5691 2009.07.28 -
McAfee-GW-Edition 6.8.5 2009.07.28 -
Microsoft 1.4903 2009.07.28 -
NOD32 4286 2009.07.28 -
Norman 6.01.09 2009.07.28 -
nProtect 2009.1.8.0 2009.07.28 -
Panda 10.0.0.14 2009.07.28 -
PCTools 4.4.2.0 2009.07.28 -
Prevx 3.0 2009.07.28 -
Rising 21.40.14.00 2009.07.28 -
Sophos 4.44.0 2009.07.28 -
Sunbelt 3.2.1858.2 2009.07.28 -
Symantec 1.4.4.12 2009.07.28 -
TheHacker 6.3.4.3.376 2009.07.28 -
TrendMicro 8.950.0.1094 2009.07.28 -
VBA32 3.12.10.9 2009.07.28 -
ViRobot 2009.7.28.1857 2009.07.28 -
VirusBuster 4.6.5.0 2009.07.28 -
Rozšiřující informace
File size: 11520 bytes
MD5...: 6eaf2b47b73841a90264e319229e5aa8
SHA1..: 49a3ec80b0a28e2dc7e945ae448cca182c20bb14
SHA256: 7609d96f11863fa1993cf6999171ba84cbc0bade2bc0fb3e6d33cd335a33a7fa
ssdeep: 192:S02y4i1PbP/zD5RYMPa+PisuBSJOeTdDFeglmsCV06nbtCzpF:52e1PbXPas
CBSJygtw06nbtCzpF

PEiD..: -
TrID..: File type identification
HijackThis logfile (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

[jaro3]

Mohl bys mi prosim jeste poradit, ktere polozky mam dat jako End Process v tom Task manager

Klikni pravým na dolní lištu ( na prázdné místo na liště) a vyber správce úloh.
V okně na záložce procesy vyhledej soubor, klikni na něj levým a pak klikni na ukončit proces. Dávej pozor , abys správně kliknul na správný soubor!

Poslal jsi na VirusTotal soubor hijackthis.log , ten jsem přeci nechtěl.
Chtěl jsem poslat tento:
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
Zkus to znovu.


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome
R3 - URLSearchHook: (no name) - - (no file)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdeskt ... reQual.cab


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž a zapni si AVG.

[davidhighend]

V HJT jsem fixnul uvedene polozky a procistil obema cleanery presne podle navodu, ktery jsi mi poslal. Jen nerozumim jestli mam udelat to co jsi mi jeste napsal "Poslal jsi na VirusTotal soubor hijackthis.log , ten jsem přeci nechtěl.
Chtěl jsem poslat tento:
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
Zkus to znovu." Jestli ano, tak jak?
A v Task Manager nevim kterou polozku mam ukoncit. Je jich tam nekolik, ale kterou zakliknout v "processes".
Jeste jednou mockrat dekuji za trpelivost se mnou.

[jaro3]

Toto otestuj na Virustotal
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
Vlož sem pak odkazy výsledků.


Ve správci úloh (task manager) na záložce procesy se pokus v seznamu najít: ErrorFix.exe
Pokud tam je , tak na něj levým klikni a pak klikni na ukončit proces (kill process).
Pak smaž složky a soubory:
Application Data\ErrorFix
C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorFix
%ProgramFiles%\Downloaded Installers\{83A867EF-8D2E-4CAF-A1DD-B3996724CF78}\setup.msi
%ProgramFiles%\ErrorFix
%Windir%\Installer\37e167c.msi
%Windir%\Installer\{83A867EF-8D2E-4CAF-A1DD-B3996724CF78}\Icon.exe
%Windir%\Tasks\ErrorFix Scan.job
Nemusíš najít vše, něco tam bude chybět.

[davidhighend]

Soubor 0CCDC039E82C920D24970AEC259DA300D24D018A.exe přijatý 2009.06.11 12:30:15 (UTC)
Současný stav: Dokončeno

Výsledek: 1/40 (2.50%)
Formátované Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.11 -
AhnLab-V3 5.0.0.2 2009.06.11 -
AntiVir 7.9.0.183 2009.06.10 -
Antiy-AVL 2.0.3.1 2009.06.11 -
Authentium 5.1.2.4 2009.06.10 -
Avast 4.8.1335.0 2009.06.10 -
AVG 8.5.0.339 2009.06.10 -
BitDefender 7.2 2009.06.11 -
CAT-QuickHeal 10.00 2009.06.11 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.06.10 -
Comodo 1303 2009.06.11 -
DrWeb 5.0.0.12182 2009.06.11 -
eSafe 7.0.17.0 2009.06.10 -
eTrust-Vet 31.6.6552 2009.06.11 -
F-Prot 4.4.4.56 2009.06.10 -
F-Secure 8.0.14470.0 2009.06.11 -
Fortinet 3.117.0.0 2009.06.11 -
GData 19 2009.06.11 -
Ikarus T3.1.1.59.0 2009.06.11 -
K7AntiVirus 7.10.760 2009.06.10 -
Kaspersky 7.0.0.125 2009.06.11 -
McAfee 5642 2009.06.10 -
McAfee+Artemis 5642 2009.06.10 -
McAfee-GW-Edition 6.7.6 2009.06.11 -
Microsoft 1.4701 2009.06.11 -
NOD32 4146 2009.06.11 -
Norman 2009.06.10 -
nProtect 2009.1.8.0 2009.06.11 -
Panda 10.0.0.14 2009.06.10 -
PCTools 4.4.2.0 2009.06.11 -
Prevx 3.0 2009.06.11 -
Rising 21.33.30.00 2009.06.11 -
Sophos 4.42.0 2009.06.11 -
Sunbelt 3.2.1858.2 2009.06.11 -
Symantec 1.4.4.12 2009.06.11 -
TheHacker 6.3.4.3.343 2009.06.10 -
TrendMicro 8.950.0.1092 2009.06.11 -
VBA32 3.12.10.7 2009.06.11 -
ViRobot 2009.6.10.1779 2009.06.10 -
VirusBuster 4.6.5.0 2009.06.10 -
Rozšiřující informace
File size: 664808 bytes
MD5 : a7125b9d1b1ffbf0fb55fe86ba758e00
SHA1 : b4f9339f8a1640b4fc3335886168441d27ab6641
SHA256: 27c5a84993190bbce319febf79aa44bbe08206f04bab0a9b302a38a570d969dd
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x52000
timedatestamp.....: 0x4A2EA1D2 (Tue Jun 9 19:54:26 2009)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5087C 0x51000 7.93 115f1837d0df4122d0a59e04154fc653
.tsotext 0x52000 0x2C39 0x3000 6.04 ad0a778d6bd7352e59813991b446802c
.rdata 0x55000 0x1EC0A 0x1F000 7.03 5548b75a136b95b1de761b4b520468ec
.data 0x74000 0x4F24 0x2000 7.03 2e316c16bd2b3c309f747ef309dc22ce
.pgsig 0x79000 0x8 0x1000 0.02 8a852a396826e42ef9f9486900ec2cdf
.tsodata 0x7A000 0x2286A 0x23000 0.02 bf7715a1f9d83bcf071960da5bdf7d86
.tsocons 0x9D000 0x5040 0x6000 5.63 d37c47bdd665c9ef579edf5094107884
.rsrc 0xA3000 0x184 0x1000 3.40 bc7c3df34b282b3317c205a222641682

( 19 imports )

> advapi32.dll: CryptEncrypt, GetTokenInformation, CloseServiceHandle, OpenServiceW, OpenSCManagerW, SetNamedSecurityInfoW, SetEntriesInAclW, GetEffectiveRightsFromAclW, GetNamedSecurityInfoW, FreeSid, EqualSid, AllocateAndInitializeSid, CryptDestroyKey, CryptExportKey, CryptImportKey, CryptReleaseContext, CryptGenKey, CryptAcquireContextW, RegCloseKey, RegOpenKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, RegQueryInfoKeyW, StartServiceA, OpenServiceA, CreateServiceA, OpenSCManagerA, ConvertStringSidToSidW, CreateProcessAsUserA, SetTokenInformation, GetLengthSid, DuplicateTokenEx, OpenProcessToken, SetServiceStatus, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerExW, RegSetValueExW, DeleteService
> iphlpapi.dll: GetAdaptersInfo
> js32.dll: JS_NewStringCopyN, JS_IsExceptionPending, JS_ReportPendingException, JS_GetContextPrivate, JS_PropertyStub, JS_EnumerateStub, JS_ConvertStub, JS_FinalizeStub, JS_ConvertArguments, JS_LeaveLocalRootScope, JS_EnterLocalRootScope, JS_GetStringLength, JS_GetImplementationVersion, JS_Init, JS_NewArrayObject, JS_GetStringBytes, JS_ValueToString, JS_CallFunctionValue, JS_GetProperty, JS_SetGCParameter, JS_IsArrayObject, JS_GetArrayLength, JS_ResolveStub, JS_GetElement, JS_ShutDown, JS_Finish, JS_DestroyContext, JS_GC, JS_RemoveRoot, JS_GetGlobalObject, JS_CompileScriptForPrincipals, JS_DestroyScript, JS_ExecuteScript, JS_MaybeGC, JS_GetFunctionName, JS_ValueToFunction, JS_DefineFunction, JS_SetGCCallback, JS_SetDebugErrorHook, JS_SetErrorReporter, JS_SetContextPrivate, JS_DefineFunctions, JS_SetProperty, JS_InitStandardClasses, JS_AddRoot, JS_NewObject, JS_SetVersion, JS_SetOptions, JS_GetOptions, JS_NewContext
> kernel32.dll: OpenProcess, InterlockedIncrement, InterlockedDecrement, GetModuleFileNameA, Sleep, DeleteCriticalSection, InitializeCriticalSection, WaitForSingleObject, GetProcessTimes, GetTickCount, GetModuleHandleW, GetCurrentThreadId, InterlockedCompareExchange, SetUnhandledExceptionFilter, SetEvent, CreateEventW, CreateThread, ResetEvent, QueryPerformanceCounter, GetCurrentProcess, GetProcAddress, GetModuleHandleA, QueryPerformanceFrequency, SetLastError, GetFileAttributesW, InterlockedExchange, GetLocalTime, OutputDebugStringA, GetCurrentProcessId, LoadLibraryA, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetLastError, Module32FirstW, FreeLibrary, DeleteFileA, CreateFileA, GetModuleFileNameW, VirtualQuery, RtlCaptureContext, GetCurrentThread, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, DeleteFileW, MoveFileW, CopyFileW, CreateDirectoryW, GetVersionExW, FindClose, RemoveDirectoryW, FindNextFileW, FindFirstFileW, FindNextFileA, FindFirstFileA, FlushInstructionCache, VirtualProtect, InterlockedExchangeAdd, DeviceIoControl, CreateFileW, ReadFile, GetSystemDirectoryA, GetShortPathNameW, QueryDosDeviceA, CreateProcessW, GetSystemTimeAsFileTime, GetWindowsDirectoryA, lstrlenA, MoveFileA, GlobalFree, LoadLibraryExA, GlobalAlloc, lstrlenW, TerminateProcess, FindCloseChangeNotification, FindNextChangeNotification, GetSystemTime, GetFullPathNameW, lstrcpyW, lstrcatW, FileTimeToSystemTime, FileTimeToLocalFileTime, OpenEventA, ProcessIdToSessionId, CloseHandle, SleepEx, GetExitCodeProcess, GetProcessHeap, HeapFree, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, IsDebuggerPresent, UnhandledExceptionFilter, GetStartupInfoA, LeaveCriticalSection, EnterCriticalSection, Module32NextW, FindFirstChangeNotificationW
> msvcp80.dll: _clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, _ends@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ID@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@PB_W@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, _read@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADH@Z, _write@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z, __$_8DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Ios_base_dtor@ios_base@std@@CAXPAV12@@Z, _freeze@strstreambuf@std@@QAEX_N@Z, ___7ios_base@std@@6B@, ___7_$basic_ios@DU_$char_traits@D@std@@@std@@6B@, __0_$basic_iostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@@Z, __0strstreambuf@std@@QAE@H@Z, __1ios_base@std@@UAE@XZ, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, __1_$basic_iostream@DU_$char_traits@D@std@@@std@@UAE@XZ, __1strstreambuf@std@@UAE@XZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@I@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _str@_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _clear@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __$_MDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, _end@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$_String_const_iterator@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __Lock@_Mutex@std@@QAEXXZ, __Unlock@_Mutex@std@@QAEXXZ, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _sputn@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHPBDH@Z, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, ___D_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@H@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_W@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@PB_W@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@ABV01@@Z, __$_6DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ
> msvcr80.dll: _cexit, _exit, _XcptFilter, _ismbblead, _acmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _vsnprintf, _except_handler4_common, _terminate@@YAXXZ, _fileno, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, _invoke_watson, _controlfp_s, feof, strrchr, __CxxFrameHandler3, __1exception@std@@UAE@XZ, __0exception@std@@QAE@ABQBD@Z, _what@exception@std@@UBEPBDXZ, __3@YAXPAX@Z, __0exception@std@@QAE@XZ, atol, _wcsicmp, memset, atoi, _invalid_parameter_noinfo, __2@YAPAXI@Z, _CxxThrowException, __0exception@std@@QAE@ABV01@@Z, _snprintf_s, strcpy_s, _itoa_s, _atoi64, memmove_s, __RTDynamicCast, free, _strdup, _time64, malloc, calloc, memcpy, _filelength, fwrite, toupper, strncpy_s, tolower, strncpy, strstr, _get_errno, strchr, _vsnprintf_s, fread, __getmainargs, fclose, memcpy_s, _tzset, printf, __iob_func, strncat_s, swprintf_s, wcsrchr, _stricmp, _snwprintf_s, _waccess, wcsstr, _wfullpath, _wfopen, _wfopen_s, _set_errno, _wchmod, wcsncat_s, wcsncpy_s, wcscpy_s, exit, fprintf, fflush, sprintf_s, ldiv, ___V@YAXPAX@Z, wcscat_s, strcat_s, wcsspn, strftime, _gmtime64_s, ftell, fseek, ferror, wcschr, _wmakepath_s, _wsplitpath_s, _wcsnicmp, rand, srand, _unlock, __dllonexit, _encode_pointer, _lock, _onexit, _decode_pointer, _amsg_exit
> ole32.dll: CoUninitialize, OleRun, CoCreateInstance, CoSetProxyBlanket, CoInitializeEx
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> psapi.dll: GetModuleInformation, GetModuleFileNameExA, EnumProcesses
> rapportutil.dll: 00f1, 0109, 014a, 0167, 010c, 0008, 007a, 0052, 00fe, 0127, 001c, 005c, 0119, 001e, 00e6, 005d, 019f, 0138, 013e, 02b4, 0033, 0068, 015e, 0196, 00f8, 00e2, 0035, 01a5, 0100, 006a, 01d3, 01a0, 0137, 0279, 00e4, 0182, 00f3, 00f7, 0170, 0150, 0053, 01d8, 027e, 029a, 029c, 029b, 0110, 0149, 01c0, 010a, 0193, 01da, 0280, 0186, 0277, 00f9, 014b, 0175, 006b, 0112, 0142, 0146, 0145, 0038, 0271, 0272, 01cf, 019d, 012d, 027b, 0281
> shell32.dll: SHGetFolderPathW, ShellExecuteExA
> shlwapi.dll: SHDeleteKeyW, PathAppendA
> user32.dll: wsprintfW, MessageBoxA, PostThreadMessageW, KillTimer, GetMessageW, SetTimer
> userenv.dll: DestroyEnvironmentBlock, CreateEnvironmentBlock
> version.dll: VerQueryValueA, GetFileVersionInfoA, VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeA, GetFileVersionInfoSizeW
> wininet.dll: HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetCrackUrlA, InternetOpenA, InternetGetConnectedState, InternetSetStatusCallbackA, HttpQueryInfoA, InternetReadFileExA, InternetCloseHandle, HttpQueryInfoW, InternetSetOptionA, InternetSetOptionW
> wintrust.dll: WinVerifyTrust, CryptCATAdminReleaseContext, CryptCATAdminReleaseCatalogContext, CryptCATCatalogInfoFromContext, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminCalcHashFromFileHandle
> wsock32.dll: -, -, -, -, -, -, -
> wtsapi32.dll: WTSQueryUserToken, WTSQuerySessionInformationW, WTSFreeMemory, WTSEnumerateSessionsW

( 0 exports )

TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 12288:QUbKd+QpCQNC6bK4C3/FvXPl19na204Fqe4CV07L6HSDqn6s:QC7QqFd3ta2H8eb0P6HSD+6s
PEiD : -
RDS : NSRL Reference Data Set

[jaro3]

Ten soubor je v pořádku.

Nainstaluj javu:
Java SE Runtime Environment 6u14
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u14-windows-i586-p.exe

Pokud si odinstaloval Combofix , je to vše a můžeš dát vyřešeno , fajfku.

[davidhighend]

Jeste jednou mockrat dekuji. Moc jsi mi pomohl a jsem opravdu velice prijemne prekvapen nad Vasi ochotou resit problemy s PC. Mam opravdu velky prostor ke zlepseni v teto oblasti. I takova vec jako vlozeni zatrzitka, ktrere nevim jak vlozit. Diky moc...