restart systemu!!

[Pavlus]

Aktualizoval jsem ten direct, ale jeste jsem to nezkousel. Nabehla mi pri startu hlaska, ze mam neoriginalni Windows (coz neni pravda) a ted mi to prudi na liste vedle casu! To jsou ty blby aktualizace, dobry akorat na to, aby me oznacili za pirata!

[Reklama]

[Pavlus]

Ta hra se seka porad. Zkousel jsem vypinat ruzny procesy, ale nic! asi to opravdu bude tou hrou! Ale toto se mi ted konecne zobrazilo, mozna to neco objasni?!

[Pavlus]

Něco jsem nasel!!

[mikel]

1. Toho šmejda smaž podle cesty, kterou našel NOD. Pro lepší orientaci je to:
C:\WINDOWS\system32\conprf32.dll

2. Hoď sem log z Hijacku

3. Nelíbí se mi hláška "Chyby při testování MBR sektoru 2. fyzického disku. Chyba při čtení sektoru." Co je to za disk? Co na něm máš?

[Pavlus]

- Smazal jsem ho (conprf32.dll) killboxem (radsi delete on reboot)

- Prohledal jsem PC taky SmitfraudFix

- A nakonec jeste MWAV - ten mi nasel jinou soucast toho email-worma! Radsi posilamai tento log:

Sun Oct 15 10:34:29 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Sun Oct 15 10:34:57 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:34:58 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\pesttrap !!!
Sun Oct 15 10:34:58 2006 => Object "pest trap Generic Malware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:34:58 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\spyquake2.com !!!
Sun Oct 15 10:34:58 2006 => Object "spywarequake Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:34:58 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\pesttrap !!!
Sun Oct 15 10:34:58 2006 => Object "pest trap Generic Malware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:34:58 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\spyquake2.com !!!
Sun Oct 15 10:34:58 2006 => Object "spywarequake Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:35:15 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\pavel\balíčky\pesttrap
Sun Oct 15 10:35:15 2006 => Object "pest trap Generic Malware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:35:38 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\pavel\balíčky\pesttrap
Sun Oct 15 10:35:38 2006 => Object "pest trap Generic Malware" found in File System! Action Taken: No Action Taken.

Sun Oct 15 10:35:40 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Sun Oct 15 10:35:41 2006 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.

Sun Oct 15 10:35:40 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Sun Oct 15 10:35:41 2006 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.

Sun Oct 15 10:35:41 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Sun Oct 15 10:35:41 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.

Sun Oct 15 10:35:43 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:44 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\Announcements\". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\temp\". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acc". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmk". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".oct". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ram". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".smil". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".THM". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMedia Codec". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 5". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Kaspersky Anti-Virus Personal". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.7)". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.6)". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EF954227-F8D6-4BF9-91A8-AEE4AD4D840A}_is1". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}". Action Taken: No Action Taken.

Sun Oct 15 10:35:45 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}". Action Taken: No Action Taken.

Sun Oct 15 10:35:58 2006 => File C:\WINDOWS\system32\conperf.exe infected by "Email-Worm.Win32.Warezov.bg" Virus! Action Taken: No Action Taken.

Sun Oct 15 10:34:23 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys in SYSTEM\CurrentControlSet\Services\ids00026...

Sun Oct 15 10:34:23 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys in SYSTEM\CurrentControlSet\Services\ids00118...

/log upraven
/mikel

- Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 10:55:18, on 15.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\admin\LOCALS~1\Temp\kavss.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
c:\Documents and Settings\admin\Dokumenty\Pavel\Balíčky\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.karneval.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4572599812
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

[mijaja]

Udělej znovu ten proces s Avengerem a i 2x po sobě. Ještě něco - vypni si i Obnovu systému, pokud jsi to už neudělal. Ten šmejd se musí odněkud obnovovat. Co jsi dával do kompu nového?

[Pavlus]

Po prvnim spusteni Avangeru mi zahlasil toto (ale az po vypnuti vsech rezidentních ochran - v Taskmanageru):



Možná je to kravina, ale radsi jsem to zminil!

Ohledne tech instalaci si nic nevybavuju. Preinstaloval jsem NOD, odinstaloval kasperaka...jinak nevim.
A jeste log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ltfnbyej

*******************

Script file located at: \??\C:\WINDOWS\system32\ylrwwnjy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\chater.exe not found!
Deletion of file C:\WINDOWS\chater.exe failed!

Could not process line:
C:\WINDOWS\chater.exe
Status: 0xc0000034



File C:\WINDOWS\system32\alerter.exe not found!
Deletion of file C:\WINDOWS\system32\alerter.exe failed!

Could not process line:
C:\WINDOWS\system32\alerter.exe
Status: 0xc0000034



File C:\WINDOWS\system32\confcon.dll not found!
Deletion of file C:\WINDOWS\system32\confcon.dll failed!

Could not process line:
C:\WINDOWS\system32\confcon.dll
Status: 0xc0000034



File C:\WINDOWS\system32\confega.dll not found!
Deletion of file C:\WINDOWS\system32\confega.dll failed!

Could not process line:
C:\WINDOWS\system32\confega.dll
Status: 0xc0000034



File C:\WINDOWS\system32\conmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\conmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\conmgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\conperf.exe not found!
Deletion of file C:\WINDOWS\system32\conperf.exe failed!

Could not process line:
C:\WINDOWS\system32\conperf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\conprf32.dll not found!
Deletion of file C:\WINDOWS\system32\conprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\conprf32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\constat.dll not found!
Deletion of file C:\WINDOWS\system32\constat.dll failed!

Could not process line:
C:\WINDOWS\system32\constat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\cfgmmprm.dll not found!
Deletion of file C:\WINDOWS\system32\cfgmmprm.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgmmprm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dmimmdt2.exe not found!
Deletion of file C:\WINDOWS\system32\dmimmdt2.exe failed!

Could not process line:
C:\WINDOWS\system32\dmimmdt2.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dssconf.exe not found!
Deletion of file C:\WINDOWS\system32\dssconf.exe failed!

Could not process line:
C:\WINDOWS\system32\dssconf.exe
Status: 0xc0000034



File C:\WINDOWS\system32\e1.dll not found!
Deletion of file C:\WINDOWS\system32\e1.dll failed!

Could not process line:
C:\WINDOWS\system32\e1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egaavi.exe not found!
Deletion of file C:\WINDOWS\system32\egaavi.exe failed!

Could not process line:
C:\WINDOWS\system32\egaavi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\egamgr32.dll not found!
Deletion of file C:\WINDOWS\system32\egamgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\egamgr32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egastat.dll not found!
Deletion of file C:\WINDOWS\system32\egastat.dll failed!

Could not process line:
C:\WINDOWS\system32\egastat.dll
Status: 0xc0000034



File C:\WINDOWS\system32\egperf32.dll not found!
Deletion of file C:\WINDOWS\system32\egperf32.dll failed!

Could not process line:
C:\WINDOWS\system32\egperf32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\evenncob.dll not found!
Deletion of file C:\WINDOWS\system32\evenncob.dll failed!

Could not process line:
C:\WINDOWS\system32\evenncob.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ixsswmas.exe not found!
Deletion of file C:\WINDOWS\system32\ixsswmas.exe failed!

Could not process line:
C:\WINDOWS\system32\ixsswmas.exe
Status: 0xc0000034



File C:\WINDOWS\system32\j2t3crh.dll not found!
Deletion of file C:\WINDOWS\system32\j2t3crh.dll failed!

Could not process line:
C:\WINDOWS\system32\j2t3crh.dll
Status: 0xc0000034



File C:\WINDOWS\system32\lprmneth.dll not found!
Deletion of file C:\WINDOWS\system32\lprmneth.dll failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.dll
Status: 0xc0000034



File C:\WINDOWS\system32\lprmneth.exe not found!
Deletion of file C:\WINDOWS\system32\lprmneth.exe failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.exe
Status: 0xc0000034



File C:\WINDOWS\system32\msisnwcf.dll not found!
Deletion of file C:\WINDOWS\system32\msisnwcf.dll failed!

Could not process line:
C:\WINDOWS\system32\msisnwcf.dll
Status: 0xc0000034



File C:\WINDOWS\system32\samsusrr.dll not found!
Deletion of file C:\WINDOWS\system32\samsusrr.dll failed!

Could not process line:
C:\WINDOWS\system32\samsusrr.dll
Status: 0xc0000034



File C:\WINDOWS\system32\scsm.exe not found!
Deletion of file C:\WINDOWS\system32\scsm.exe failed!

Could not process line:
C:\WINDOWS\system32\scsm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\shsvmdim.dll not found!
Deletion of file C:\WINDOWS\system32\shsvmdim.dll failed!

Could not process line:
C:\WINDOWS\system32\shsvmdim.dll
Status: 0xc0000034



File C:\WINDOWS\system32\snmpmmcn.dll not found!
Deletion of file C:\WINDOWS\system32\snmpmmcn.dll failed!

Could not process line:
C:\WINDOWS\system32\snmpmmcn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\sysshtic.dll not found!
Deletion of file C:\WINDOWS\system32\sysshtic.dll failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.dll
Status: 0xc0000034



File C:\WINDOWS\system32\sysshtic.exe not found!
Deletion of file C:\WINDOWS\system32\sysshtic.exe failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.exe
Status: 0xc0000034



File C:\WINDOWS\system32\tscfvjoy.dll not found!
Deletion of file C:\WINDOWS\system32\tscfvjoy.dll failed!

Could not process line:
C:\WINDOWS\system32\tscfvjoy.dll
Status: 0xc0000034



File C:\WINDOWS\system32\trkwpipa.exe not found!
Deletion of file C:\WINDOWS\system32\trkwpipa.exe failed!

Could not process line:
C:\WINDOWS\system32\trkwpipa.exe
Status: 0xc0000034



File C:\WINDOWS\system32\uregdeve.dll not found!
Deletion of file C:\WINDOWS\system32\uregdeve.dll failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.dll
Status: 0xc0000034



File C:\WINDOWS\system32\uregdeve.exe not found!
Deletion of file C:\WINDOWS\system32\uregdeve.exe failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vbscqdv.exe not found!
Deletion of file C:\WINDOWS\system32\vbscqdv.exe failed!

Could not process line:
C:\WINDOWS\system32\vbscqdv.exe
Status: 0xc0000034



File C:\WINDOWS\system32\vdshlicw.exe not found!
Deletion of file C:\WINDOWS\system32\vdshlicw.exe failed!

Could not process line:
C:\WINDOWS\system32\vdshlicw.exe
Status: 0xc0000034



File C:\WINDOWS\system32\winbpowr.exe not found!
Deletion of file C:\WINDOWS\system32\winbpowr.exe failed!

Could not process line:
C:\WINDOWS\system32\winbpowr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\yapconf.exe not found!
Deletion of file C:\WINDOWS\system32\yapconf.exe failed!

Could not process line:
C:\WINDOWS\system32\yapconf.exe
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Pavlus]

3. Nelíbí se mi hláška "Chyby při testování MBR sektoru 2. fyzického disku. Chyba při čtení sektoru."

O tom disku vubec nevim! Podle me ani neexistuje nebo ho povazuju za neco jieho...

[mijaja]

A teď ještě NOD něco hlásí?

[Pavlus]