Prosím o kontrolu logu

[AbraXas1988]

Logfile of HijackThis v1.99.1
Scan saved at 21:40:47, on 18.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\alerter.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin & eJay\Plocha\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.russiangril.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sys32] C:\WINDOWS\System32\alerter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8411167973
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6B120F-19B7-47F6-BE00-2DAD7F852799}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - AppInit_DLLs: confcon.dll constat.dll
O20 - Winlogon Notify: conmgr - C:\WINDOWS\SYSTEM32\conmgr32.dll
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\exkrrei.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Mám takový problém.Asi co hodinku mi nazkočí chybová hláška services.exe a pak mi začnwe minutový odpočet. Čas vyprší a restartne se mi PC. Druhý problém je,když restartuju PC a pak to najede do přihlašovací nabítky ( Výběr uživatelů) potvrdím to a zkočí mi hláška viz screen

Kód: Vybrat vše

http://img230.imageshack.us/my.php?image=hlkawindt3.jpg

A pak mi normálně nazkočí ikony na ploše Předem díky za odpověď !

[Reklama]

[fredik]

Postupuj podle tohoto návodu pak vlož nový log z HJT.

[AbraXas1988]

Tak udělal jsem to a výsledek je tenhle Nový log

Logfile of HijackThis v1.99.1
Scan saved at 21:08:08, on 19.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\Rar$EX00.863\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sys32] C:\WINDOWS\System32\alerter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8411167973
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6B120F-19B7-47F6-BE00-2DAD7F852799}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - AppInit_DLLs: confcon.dll constat.dll
O20 - Winlogon Notify: conmgr - conmgr32.dll (file missing)
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\exkrrei.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[fredik]

Furt to tam je, použíj znova ten Avenger podle návodu.

Po té proveď odstranění Wareout podle návodu.

Pak udělej nový log z HJT a dej ho sem.

[mijaja]

2Fredik > Avenger je podle iwigirl vhodné použít dvakrát i třikrát po sobě. tak to lidem zrovna doporučuj.

2AbraXas1988 > Kde máš SP2?

[AbraXas1988]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xvnbusyt

*******************

Script file located at: ccnemjho

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!
//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xvnbusyt

*******************

Script file located at: ccnemjho

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

TO JE Z AVANGERU


Logfile of HijackThis v1.99.1
Scan saved at 19:11:32, on 22.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Martin & eJay\Plocha\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8411167973
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6B120F-19B7-47F6-BE00-2DAD7F852799}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - AppInit_DLLs: confcon.dll constat.dll
O20 - Winlogon Notify: conmgr - conmgr32.dll (file missing)
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\rbprec.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Vše je podle návodu

[fredik]

Zatim spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\rbprec.dll

červeně označený soubor najdi na disku a smaž, možná si budeš muset zapnout zobrazení skrytých souborů.

Ten Avenger ti vůbec neproběhl. Vypnul si před jeho použitím rezidentní štít SpywareTerminatora nebo radši ukonči celý Spyware Terminatora?
Vlož do scriptu Avengera jak bylo psáno v návodu celý text označený modře a spusť ho.
Files to delete:
%windir%\cc2.exe
%windir%\cc3.exe
%windir%\cct2.exe
%windir%\hv4e05.dll
%windir%\chater.exe
%Windir%\msout.exe
%windir%\serrv.c
%windir%\serrv.exe
%windir%\serrv.wax
%windir%\serv.exe
%windir%\serv.wax
%windir%\sserrvv.exe
%windir%\t2serv.dll
%windir%\t2serv.s
%windir%\t2serv.wax
%windir%\system32\actidmoc.exe
%windir%\system32\alerter.exe
%windir%\system32\atrconf.exe
%windir%\system32\attmgr32.dll
%windir%\system32\attstat.dll
%windir%\system32\audconf.exe
%windir%\system32\audmgr32.dll
%windir%\system32\audstat.dll
%windir%\system32\brwconf.exe
%windir%\system32\brwmgr32.dll
%windir%\system32\brwstat.dll
%windir%\system32\cfgd3d.dll
%windir%\system32\cfgmmprm.dll
%windir%\system32\confatt.dll
%windir%\system32\confaud.dll
%windir%\system32\confbrw.dll
%windir%\system32\confcon.dll
%windir%\system32\confega.dll
%windir%\system32\conmgr32.dll
%windir%\system32\conperf.exe
%windir%\system32\conprf32.dll
%windir%\system32\constat.dll
%windir%\system32\cp8xpqj.dll
%windir%\system32\cssewmpd.exe
%windir%\system32\decconf.exe
%windir%\system32\dfssrasc.dll
%windir%\system32\dfssrasc.exe
%windir%\system32\diagd3d.dll
%windir%\system32\dmimmdt2.exe
%windir%\system32\dpugmswe.dll
%windir%\system32\dssconf.exe
%windir%\system32\dxtmsft3.dll
%windir%\system32\e1.dll
%windir%\system32\egaavi.exe
%windir%\system32\egamgr32.dll
%windir%\system32\egastat.dll
%windir%\system32\egperf32.dll
%windir%\system32\evenncob.dll
%windir%\system32\fsxsh4.dll
%windir%\system32\gtmqf608r7.dll
%windir%\system32\hypewmv9.exe
%windir%\system32\ipsecmon.exe
%windir%\system32\ipsmwebh.exe
%windir%\system32\ipxpextm.exe
%windir%\system32\ipxwshel.exe
%windir%\system32\iuennwcf.dll
%windir%\system32\ixsswmas.exe
%windir%\system32\j2t3crh.dll
%windir%\system32\jgdwadsn.dll
%windir%\system32\jgdwadsn.exe
%windir%\system32\kbdfwshe.exe
%windir%\system32\lprmneth.dll
%windir%\system32\lprmneth.exe
%windir%\system32\ml7swr.exe
%windir%\system32\mp4sglmf.dll
%windir%\system32\mqadscp3.exe
%windir%\system32\msihftpw.dll
%windir%\system32\msisnwcf.dll
%windir%\system32\msrdtscf.exe
%windir%\system32\mstsodbc.exe
%windir%\system32\narrwshr.dll
%windir%\system32\netfrtm.dll
%windir%\system32\offfmsre.dll
%windir%\system32\psapdani.dll
%windir%\system32\psbaavic.dll
%windir%\system32\psbamtxe.dll
%windir%\system32\samsusrr.dll
%windir%\system32\samsusrr.exe
%windir%\system32\scsm.exe
%windir%\system32\shsvmdim.dll
%windir%\system32\snmpmmcn.dl
%windir%\system32\statd3d.dll
%windir%\system32\sysshtic.dll
%windir%\system32\sysshtic.exe
%windir%\system32\trkwpipa.exe
%windir%\system32\tscfvjoy.dll
%windir%\system32\ujn6oqt.dll
%windir%\system32\ulibofff.exe
%windir%\system32\uregdeve.dll
%windir%\system32\uregdeve.exe
%windir%\system32\vbscqdv.exe
%windir%\system32\vdshlicw.exe
%windir%\system32\vmhevnet.dll
%windir%\system32\vmhevnet.exe
%windir%\system32\w3sskbda.dll
%windir%\system32\winbpowr.exe
%windir%\system32\wmnecomc.dll
%windir%\system32\wmpcskdl.dll
%windir%\system32\wshtlprh.dll
%windir%\system32\wupstlnt.dll
%windir%\system32\xactcomr.exe
%windir%\system32\yapconf.exe

Registry values to replace with dummy:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | audiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | brwdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ciodiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | davctool
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | egdiag
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ipxwshel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mqadscp3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serrv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | sserrvv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | t2serv
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | ulibofff

Jestli si použil ten Fixwareout na odstranění Wareout jestli jo tak sem vlož jeho log měl by se nacházet na C:\fixwareout\report.txt .

Pak sem vlož nový log z HJT.

[AbraXas1988]

dll odstraněny v nouzovým režimu :)

[AbraXas1988]

Tak tu je Avanger v celku ! :) Ještě to projedu tím fixwareout Tam se mi žádný soubor neuložil .

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nfutnoyc

*******************

Script file located at: \??\C:\WINDOWS\qypmedpv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\cc2.exe not found!
Deletion of file C:\WINDOWS\cc2.exe failed!

Could not process line:
C:\WINDOWS\cc2.exe
Status: 0xc0000034



File C:\WINDOWS\cc3.exe not found!
Deletion of file C:\WINDOWS\cc3.exe failed!

Could not process line:
C:\WINDOWS\cc3.exe
Status: 0xc0000034



File C:\WINDOWS\cct2.exe not found!
Deletion of file C:\WINDOWS\cct2.exe failed!

Could not process line:
C:\WINDOWS\cct2.exe
Status: 0xc0000034



File C:\WINDOWS\hv4e05.dll not found!
Deletion of file C:\WINDOWS\hv4e05.dll failed!

Could not process line:
C:\WINDOWS\hv4e05.dll
Status: 0xc0000034



File C:\WINDOWS\chater.exe not found!
Deletion of file C:\WINDOWS\chater.exe failed!

Could not process line:
C:\WINDOWS\chater.exe
Status: 0xc0000034



File C:\WINDOWS\msout.exe not found!
Deletion of file C:\WINDOWS\msout.exe failed!

Could not process line:
C:\WINDOWS\msout.exe
Status: 0xc0000034



File C:\WINDOWS\serrv.c not found!
Deletion of file C:\WINDOWS\serrv.c failed!

Could not process line:
C:\WINDOWS\serrv.c
Status: 0xc0000034



File C:\WINDOWS\serrv.exe not found!
Deletion of file C:\WINDOWS\serrv.exe failed!

Could not process line:
C:\WINDOWS\serrv.exe
Status: 0xc0000034



File C:\WINDOWS\serrv.wax not found!
Deletion of file C:\WINDOWS\serrv.wax failed!

Could not process line:
C:\WINDOWS\serrv.wax
Status: 0xc0000034



File C:\WINDOWS\serv.exe not found!
Deletion of file C:\WINDOWS\serv.exe failed!

Could not process line:
C:\WINDOWS\serv.exe
Status: 0xc0000034



File C:\WINDOWS\serv.wax not found!
Deletion of file C:\WINDOWS\serv.wax failed!

Could not process line:
C:\WINDOWS\serv.wax
Status: 0xc0000034



File C:\WINDOWS\sserrvv.exe not found!
Deletion of file C:\WINDOWS\sserrvv.exe failed!

Could not process line:
C:\WINDOWS\sserrvv.exe
Status: 0xc0000034



File C:\WINDOWS\t2serv.dll not found!
Deletion of file C:\WINDOWS\t2serv.dll failed!

Could not process line:
C:\WINDOWS\t2serv.dll
Status: 0xc0000034



File C:\WINDOWS\t2serv.s not found!
Deletion of file C:\WINDOWS\t2serv.s failed!

Could not process line:
C:\WINDOWS\t2serv.s
Status: 0xc0000034



File C:\WINDOWS\t2serv.wax not found!
Deletion of file C:\WINDOWS\t2serv.wax failed!

Could not process line:
C:\WINDOWS\t2serv.wax
Status: 0xc0000034



File C:\WINDOWS\system32\actidmoc.exe not found!
Deletion of file C:\WINDOWS\system32\actidmoc.exe failed!

Could not process line:
C:\WINDOWS\system32\actidmoc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\alerter.exe not found!
Deletion of file C:\WINDOWS\system32\alerter.exe failed!

Could not process line:
C:\WINDOWS\system32\alerter.exe
Status: 0xc0000034



File C:\WINDOWS\system32\atrconf.exe not found!
Deletion of file C:\WINDOWS\system32\atrconf.exe failed!

Could not process line:
C:\WINDOWS\system32\atrconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\attmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\attmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\attmgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\attstat.dll not found!
Deletion of file C:\WINDOWS\system32\attstat.dll failed!

Could not process line:
C:\WINDOWS\system32\attstat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\audconf.exe not found!
Deletion of file C:\WINDOWS\system32\audconf.exe failed!

Could not process line:
C:\WINDOWS\system32\audconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\audmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\audmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\audmgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\audstat.dll not found!
Deletion of file C:\WINDOWS\system32\audstat.dll failed!

Could not process line:
C:\WINDOWS\system32\audstat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\brwconf.exe not found!
Deletion of file C:\WINDOWS\system32\brwconf.exe failed!

Could not process line:
C:\WINDOWS\system32\brwconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\brwmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\brwmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\brwmgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\brwstat.dll not found!
Deletion of file C:\WINDOWS\system32\brwstat.dll failed!

Could not process line:
C:\WINDOWS\system32\brwstat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cfgd3d.dll not found!
Deletion of file C:\WINDOWS\system32\cfgd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgd3d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cfgmmprm.dll not found!
Deletion of file C:\WINDOWS\system32\cfgmmprm.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgmmprm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confatt.dll not found!
Deletion of file C:\WINDOWS\system32\confatt.dll failed!

Could not process line:
C:\WINDOWS\system32\confatt.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confaud.dll not found!
Deletion of file C:\WINDOWS\system32\confaud.dll failed!

Could not process line:
C:\WINDOWS\system32\confaud.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confbrw.dll not found!
Deletion of file C:\WINDOWS\system32\confbrw.dll failed!

Could not process line:
C:\WINDOWS\system32\confbrw.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confcon.dll not found!
Deletion of file C:\WINDOWS\system32\confcon.dll failed!

Could not process line:
C:\WINDOWS\system32\confcon.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confega.dll not found!
Deletion of file C:\WINDOWS\system32\confega.dll failed!

Could not process line:
C:\WINDOWS\system32\confega.dll
Status: 0xc0000034



File C:\WINDOWS\system32\conmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\conmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\conmgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\conperf.exe not found!
Deletion of file C:\WINDOWS\system32\conperf.exe failed!

Could not process line:
C:\WINDOWS\system32\conperf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\conprf32.dll not found!
Deletion of file C:\WINDOWS\system32\conprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\conprf32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\constat.dll not found!
Deletion of file C:\WINDOWS\system32\constat.dll failed!

Could not process line:
C:\WINDOWS\system32\constat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cp8xpqj.dll not found!
Deletion of file C:\WINDOWS\system32\cp8xpqj.dll failed!

Could not process line:
C:\WINDOWS\system32\cp8xpqj.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cssewmpd.exe not found!
Deletion of file C:\WINDOWS\system32\cssewmpd.exe failed!

Could not process line:
C:\WINDOWS\system32\cssewmpd.exe
Status: 0xc0000034



File C:\WINDOWS\system32\decconf.exe not found!
Deletion of file C:\WINDOWS\system32\decconf.exe failed!

Could not process line:
C:\WINDOWS\system32\decconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dfssrasc.dll not found!
Deletion of file C:\WINDOWS\system32\dfssrasc.dll failed!

Could not process line:
C:\WINDOWS\system32\dfssrasc.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dfssrasc.exe not found!
Deletion of file C:\WINDOWS\system32\dfssrasc.exe failed!

Could not process line:
C:\WINDOWS\system32\dfssrasc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\diagd3d.dll not found!
Deletion of file C:\WINDOWS\system32\diagd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\diagd3d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dmimmdt2.exe not found!
Deletion of file C:\WINDOWS\system32\dmimmdt2.exe failed!

Could not process line:
C:\WINDOWS\system32\dmimmdt2.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dpugmswe.dll not found!
Deletion of file C:\WINDOWS\system32\dpugmswe.dll failed!

Could not process line:
C:\WINDOWS\system32\dpugmswe.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dssconf.exe not found!
Deletion of file C:\WINDOWS\system32\dssconf.exe failed!

Could not process line:
C:\WINDOWS\system32\dssconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dxtmsft3.dll not found!
Deletion of file C:\WINDOWS\system32\dxtmsft3.dll failed!

Could not process line:
C:\WINDOWS\system32\dxtmsft3.dll
Status: 0xc0000034



File C:\WINDOWS\system32\e1.dll not found!
Deletion of file C:\WINDOWS\system32\e1.dll failed!

Could not process line:
C:\WINDOWS\system32\e1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egaavi.exe not found!
Deletion of file C:\WINDOWS\system32\egaavi.exe failed!

Could not process line:
C:\WINDOWS\system32\egaavi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\egamgr32.dll not found!
Deletion of file C:\WINDOWS\system32\egamgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\egamgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egastat.dll not found!
Deletion of file C:\WINDOWS\system32\egastat.dll failed!

Could not process line:
C:\WINDOWS\system32\egastat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egperf32.dll not found!
Deletion of file C:\WINDOWS\system32\egperf32.dll failed!

Could not process line:
C:\WINDOWS\system32\egperf32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\evenncob.dll not found!
Deletion of file C:\WINDOWS\system32\evenncob.dll failed!

Could not process line:
C:\WINDOWS\system32\evenncob.dll
Status: 0xc0000034



File C:\WINDOWS\system32\fsxsh4.dll not found!
Deletion of file C:\WINDOWS\system32\fsxsh4.dll failed!

Could not process line:
C:\WINDOWS\system32\fsxsh4.dll
Status: 0xc0000034



File C:\WINDOWS\system32\gtmqf608r7.dll not found!
Deletion of file C:\WINDOWS\system32\gtmqf608r7.dll failed!

Could not process line:
C:\WINDOWS\system32\gtmqf608r7.dll
Status: 0xc0000034



File C:\WINDOWS\system32\hypewmv9.exe not found!
Deletion of file C:\WINDOWS\system32\hypewmv9.exe failed!

Could not process line:
C:\WINDOWS\system32\hypewmv9.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ipsecmon.exe not found!
Deletion of file C:\WINDOWS\system32\ipsecmon.exe failed!

Could not process line:
C:\WINDOWS\system32\ipsecmon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ipsmwebh.exe not found!
Deletion of file C:\WINDOWS\system32\ipsmwebh.exe failed!

Could not process line:
C:\WINDOWS\system32\ipsmwebh.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ipxpextm.exe not found!
Deletion of file C:\WINDOWS\system32\ipxpextm.exe failed!

Could not process line:
C:\WINDOWS\system32\ipxpextm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ipxwshel.exe not found!
Deletion of file C:\WINDOWS\system32\ipxwshel.exe failed!

Could not process line:
C:\WINDOWS\system32\ipxwshel.exe
Status: 0xc0000034



File C:\WINDOWS\system32\iuennwcf.dll not found!
Deletion of file C:\WINDOWS\system32\iuennwcf.dll failed!

Could not process line:
C:\WINDOWS\system32\iuennwcf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ixsswmas.exe not found!
Deletion of file C:\WINDOWS\system32\ixsswmas.exe failed!

Could not process line:
C:\WINDOWS\system32\ixsswmas.exe
Status: 0xc0000034



File C:\WINDOWS\system32\j2t3crh.dll not found!
Deletion of file C:\WINDOWS\system32\j2t3crh.dll failed!

Could not process line:
C:\WINDOWS\system32\j2t3crh.dll
Status: 0xc0000034



File C:\WINDOWS\system32\jgdwadsn.dll not found!
Deletion of file C:\WINDOWS\system32\jgdwadsn.dll failed!

Could not process line:
C:\WINDOWS\system32\jgdwadsn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\jgdwadsn.exe not found!
Deletion of file C:\WINDOWS\system32\jgdwadsn.exe failed!

Could not process line:
C:\WINDOWS\system32\jgdwadsn.exe
Status: 0xc0000034



File C:\WINDOWS\system32\kbdfwshe.exe not found!
Deletion of file C:\WINDOWS\system32\kbdfwshe.exe failed!

Could not process line:
C:\WINDOWS\system32\kbdfwshe.exe
Status: 0xc0000034



File C:\WINDOWS\system32\lprmneth.dll not found!
Deletion of file C:\WINDOWS\system32\lprmneth.dll failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.dll
Status: 0xc0000034



File C:\WINDOWS\system32\lprmneth.exe not found!
Deletion of file C:\WINDOWS\system32\lprmneth.exe failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ml7swr.exe not found!
Deletion of file C:\WINDOWS\system32\ml7swr.exe failed!

Could not process line:
C:\WINDOWS\system32\ml7swr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mp4sglmf.dll not found!
Deletion of file C:\WINDOWS\system32\mp4sglmf.dll failed!

Could not process line:
C:\WINDOWS\system32\mp4sglmf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mqadscp3.exe not found!
Deletion of file C:\WINDOWS\system32\mqadscp3.exe failed!

Could not process line:
C:\WINDOWS\system32\mqadscp3.exe
Status: 0xc0000034



File C:\WINDOWS\system32\msihftpw.dll not found!
Deletion of file C:\WINDOWS\system32\msihftpw.dll failed!

Could not process line:
C:\WINDOWS\system32\msihftpw.dll
Status: 0xc0000034



File C:\WINDOWS\system32\msisnwcf.dll not found!
Deletion of file C:\WINDOWS\system32\msisnwcf.dll failed!

Could not process line:
C:\WINDOWS\system32\msisnwcf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\msrdtscf.exe not found!
Deletion of file C:\WINDOWS\system32\msrdtscf.exe failed!

Could not process line:
C:\WINDOWS\system32\msrdtscf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mstsodbc.exe not found!
Deletion of file C:\WINDOWS\system32\mstsodbc.exe failed!

Could not process line:
C:\WINDOWS\system32\mstsodbc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\narrwshr.dll not found!
Deletion of file C:\WINDOWS\system32\narrwshr.dll failed!

Could not process line:
C:\WINDOWS\system32\narrwshr.dll
Status: 0xc0000034



File C:\WINDOWS\system32\netfrtm.dll not found!
Deletion of file C:\WINDOWS\system32\netfrtm.dll failed!

Could not process line:
C:\WINDOWS\system32\netfrtm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\offfmsre.dll not found!
Deletion of file C:\WINDOWS\system32\offfmsre.dll failed!

Could not process line:
C:\WINDOWS\system32\offfmsre.dll
Status: 0xc0000034



File C:\WINDOWS\system32\psapdani.dll not found!
Deletion of file C:\WINDOWS\system32\psapdani.dll failed!

Could not process line:
C:\WINDOWS\system32\psapdani.dll
Status: 0xc0000034



File C:\WINDOWS\system32\psbaavic.dll not found!
Deletion of file C:\WINDOWS\system32\psbaavic.dll failed!

Could not process line:
C:\WINDOWS\system32\psbaavic.dll
Status: 0xc0000034



File C:\WINDOWS\system32\psbamtxe.dll not found!
Deletion of file C:\WINDOWS\system32\psbamtxe.dll failed!

Could not process line:
C:\WINDOWS\system32\psbamtxe.dll
Status: 0xc0000034



File C:\WINDOWS\system32\samsusrr.dll not found!
Deletion of file C:\WINDOWS\system32\samsusrr.dll failed!

Could not process line:
C:\WINDOWS\system32\samsusrr.dll
Status: 0xc0000034



File C:\WINDOWS\system32\samsusrr.exe not found!
Deletion of file C:\WINDOWS\system32\samsusrr.exe failed!

Could not process line:
C:\WINDOWS\system32\samsusrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\scsm.exe not found!
Deletion of file C:\WINDOWS\system32\scsm.exe failed!

Could not process line:
C:\WINDOWS\system32\scsm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\shsvmdim.dll not found!
Deletion of file C:\WINDOWS\system32\shsvmdim.dll failed!

Could not process line:
C:\WINDOWS\system32\shsvmdim.dll
Status: 0xc0000034



File C:\WINDOWS\system32\snmpmmcn.dl not found!
Deletion of file C:\WINDOWS\system32\snmpmmcn.dl failed!

Could not process line:
C:\WINDOWS\system32\snmpmmcn.dl
Status: 0xc0000034



File C:\WINDOWS\system32\statd3d.dll not found!
Deletion of file C:\WINDOWS\system32\statd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\statd3d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\sysshtic.dll not found!
Deletion of file C:\WINDOWS\system32\sysshtic.dll failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.dll
Status: 0xc0000034



File C:\WINDOWS\system32\sysshtic.exe not found!
Deletion of file C:\WINDOWS\system32\sysshtic.exe failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trkwpipa.exe not found!
Deletion of file C:\WINDOWS\system32\trkwpipa.exe failed!

Could not process line:
C:\WINDOWS\system32\trkwpipa.exe
Status: 0xc0000034



File C:\WINDOWS\system32\tscfvjoy.dll not found!
Deletion of file C:\WINDOWS\system32\tscfvjoy.dll failed!

Could not process line:
C:\WINDOWS\system32\tscfvjoy.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ujn6oqt.dll not found!
Deletion of file C:\WINDOWS\system32\ujn6oqt.dll failed!

Could not process line:
C:\WINDOWS\system32\ujn6oqt.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ulibofff.exe not found!
Deletion of file C:\WINDOWS\system32\ulibofff.exe failed!

Could not process line:
C:\WINDOWS\system32\ulibofff.exe
Status: 0xc0000034



File C:\WINDOWS\system32\uregdeve.dll not found!
Deletion of file C:\WINDOWS\system32\uregdeve.dll failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.dll
Status: 0xc0000034



File C:\WINDOWS\system32\uregdeve.exe not found!
Deletion of file C:\WINDOWS\system32\uregdeve.exe failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vbscqdv.exe not found!
Deletion of file C:\WINDOWS\system32\vbscqdv.exe failed!

Could not process line:
C:\WINDOWS\system32\vbscqdv.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vdshlicw.exe not found!
Deletion of file C:\WINDOWS\system32\vdshlicw.exe failed!

Could not process line:
C:\WINDOWS\system32\vdshlicw.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vmhevnet.dll not found!
Deletion of file C:\WINDOWS\system32\vmhevnet.dll failed!

Could not process line:
C:\WINDOWS\system32\vmhevnet.dll
Status: 0xc0000034



File C:\WINDOWS\system32\vmhevnet.exe not found!
Deletion of file C:\WINDOWS\system32\vmhevnet.exe failed!

Could not process line:
C:\WINDOWS\system32\vmhevnet.exe
Status: 0xc0000034



File C:\WINDOWS\system32\w3sskbda.dll not found!
Deletion of file C:\WINDOWS\system32\w3sskbda.dll failed!

Could not process line:
C:\WINDOWS\system32\w3sskbda.dll
Status: 0xc0000034



File C:\WINDOWS\system32\winbpowr.exe not found!
Deletion of file C:\WINDOWS\system32\winbpowr.exe failed!

Could not process line:
C:\WINDOWS\system32\winbpowr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\wmnecomc.dll not found!
Deletion of file C:\WINDOWS\system32\wmnecomc.dll failed!

Could not process line:
C:\WINDOWS\system32\wmnecomc.dll
Status: 0xc0000034



File C:\WINDOWS\system32\wmpcskdl.dll not found!
Deletion of file C:\WINDOWS\system32\wmpcskdl.dll failed!

Could not process line:
C:\WINDOWS\system32\wmpcskdl.dll
Status: 0xc0000034



File C:\WINDOWS\system32\wshtlprh.dll not found!
Deletion of file C:\WINDOWS\system32\wshtlprh.dll failed!

Could not process line:
C:\WINDOWS\system32\wshtlprh.dll
Status: 0xc0000034



File C:\WINDOWS\system32\wupstlnt.dll not found!
Deletion of file C:\WINDOWS\system32\wupstlnt.dll failed!

Could not process line:
C:\WINDOWS\system32\wupstlnt.dll
Status: 0xc0000034



File C:\WINDOWS\system32\xactcomr.exe not found!
Deletion of file C:\WINDOWS\system32\xactcomr.exe failed!

Could not process line:
C:\WINDOWS\system32\xactcomr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\yapconf.exe not found!
Deletion of file C:\WINDOWS\system32\yapconf.exe failed!

Could not process line:
C:\WINDOWS\system32\yapconf.exe
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr deleted successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic deleted successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|audiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|audiag failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|brwdiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|brwdiag failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ciodiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ciodiag failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|davctool
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|davctool failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ipxwshel
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ipxwshel failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mqadscp3
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mqadscp3 failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|serrv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|serrv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|serv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|serv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sserrvv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sserrvv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|t2serv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|t2serv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ulibofff
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ulibofff failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nfutnoyc

*******************

Script file located at: \??\C:\WINDOWS\qypmedpv.txt

Script file not found! Error

Could not open script file! Status: 0xc0000034 Abort!

[fredik]

Zatim spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O21 - SSODL: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - C:\WINDOWS\System32\3339_32.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\rbprec.dll
po zaškrtnutí klikni na FixChecked

červeně označený soubor najdi na disku a smaž, možná si budeš muset zapnout zobrazení skrytých souborů.

mi tam vypadlo po zaškrtnutí klikni na FixChecked

Pak ještě sem dej ten nový log z HJT.

[AbraXas1988]

Jojo to mě napadlo že to mám fixnout udělal jsem to :) tak tay to je :)

Logfile of HijackThis v1.99.1
Scan saved at 6:47:25, on 23.10.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Martin & eJay\Plocha\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8411167973
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6B120F-19B7-47F6-BE00-2DAD7F852799}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F489D3B-F5F6-4B31-82BC-893BD00D9CC5}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - AppInit_DLLs: confcon.dll constat.dll
O20 - Winlogon Notify: conmgr - conmgr32.dll (file missing)
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[mijaja]

Špatné.. On tam pořád je! Udělej toho Avengera ještě. Třeba i třikrát po sobě. On vždycky něco odstraní a mám dojem, že jak se ten script zvětšuje, tak má větší a větší potíže všechny ty soubory najít a zlikvidovat.