win32/nuwar worm . soboru adirka.dll

Tor · Příspěvekod **Tor** » 13 bře 2007 00:20

ta ceste platí C:\windows\system32\adirka.dll opravdu to je .. on .. ja se jen prepsal..

Nod32 mě na to proste upozornil .. ale nedovolil mi odstranit nebo lečit.. proste nic jen upozorneni
a ten soubor adirka.dll na tom umístění a je nekde zahrabenej ale vůbec se mi nezobrazuje :cry:

Reklama

Damned · Příspěvekod **Damned** » 13 bře 2007 04:53

Spusť ten MWAV tlačítkem Scan&Clean, co najde,sám odstraní. Pokud z MWAVu vyjedeš tlačítkama OK a Exit nabídne ti Restart (reboot), odklikni ano. Po restartu udělá ještě jednou MWAV Scan&Clean. Pak udělej znovu log z HJT a dej ho sem

Tor · Příspěvekod **Tor** » 13 bře 2007 08:34

Tak to pomohlo jen častečně ten virus se furt rozšiřoval až mi napadl systemový soubory a to hodně rychle .. pri čištění mi naběhla modrá smrt ... (chyby operační paměti skrze windows) po restartu mi to nabihalo furt do kola ... nic jinýho mi nezbývalo než Reistalace win... je to fakt zakeřnej virus :cry:

už ho vyckrat nechci

tonccek · Příspěvekod **tonccek** » 21 bře 2007 23:35

Přítelkyně má stejný problém s tímto souborem adirka.dll, adirka.exe...

Přikládám výpis z HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:30:07, on 21.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\lnwin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\adirka.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\QIP\qip.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Standa\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.9:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Příspěvekod **fredik** » 21 bře 2007 23:45

Příště si založ vlastní téma a nedávej to do cizího.

Tady máš postup jak na to, dodrž přesné pořadí kroků.

sakiri píše:1. krok
Stáhni si LSPFix a spusť ho.
V okně zatrhni čtvereček u volby I know what i'm doing a zaktivují se ti šipečky mezi okny.A potom v levém okně označ rsvp32_2.dll šipkama >> jej přesuň do pravého okna.Poté klikni na tlačítko Finish.
Ale nepřesunuj nic jiného jinak by jsi si mohl znefukčnit internet a kdyby v tom pravém bude ještě něco jiného než rsvp32_2.dll tak ho tak to přesuň šipkami << zpět do levého okna.

2.krok
Teprve poté co aplikuješ LSPFix tak postpuj takto.

Stáhni si SDFix a spusť ho ,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.

tonccek · Příspěvekod **tonccek** » 22 bře 2007 18:39

postupoval jsem podle návodu, tady jsou nové výpisy:

SDFix:

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...

ADS Check:

Final Check:

Remaining Services:
------------------

Rootkit huy32 maybe active, Use a Rootkit scanner!
Rootkit PE386 maybe active, Use a Rootkit scanner!
Rootkit lzx32 maybe active, Use a Rootkit scanner!
Rootkit msguard maybe active, Use a Rootkit scanner!

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC Special Edition\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\WINDOWS\\system32\\dd.exe"="C:\\WINDOWS\\system32\\dd.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sm.exe"="C:\\WINDOWS\\system32\\sm.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------
C:\WINDOWS\system32\rsvp32_2.dll Found - LSP!

Checking For Files with Hidden Attributes :

Finished

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:39:09, on 22.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
D:\Denisa\Programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.9:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{36FF19A8-3054-4114-9A5D-F35C0DE2B427}: NameServer = 192.168.1.5,212.47.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

sakiri · Příspěvekod **sakiri** » 22 bře 2007 19:21

Máš tam rootkita tak postupuj podle tohoto návodu.

fredik píše:Stáhni si tento program:
http://www.uploads.ejvindh.net/rustbfix.exe

Spusť ho, pokud program virus najde, odstraní jej a následně vytvoří soubor C:\rustbfis\pelog.txt a ještě by tam měl být C:\avenger.txt tak sem vlož jejich obsah.

Bude chtít pravděpodobně restart, ten může chvíli trvat a možná bude potřeba restartovat ještě jednou ale to by se mělo stát automaticky.

Jinak mě zajímá ten log z SDFixu protože napsal že nebyly nalazeny žádné infikované soubory.
A v novém přesto nejsou ty soubory.

Takže bych tě prosil o log z Combofixu.
Ten log ale udělej poté co co aplikuješ ten rustbfix.exe.
Poté aplikaci si stáhni Combofix a spusť ho.
postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

pak sem nezapomeň zkopírovat ty logy.

+ si tam nainstaluj firewall.

tonccek · Příspěvekod **tonccek** » 22 bře 2007 19:40

Takže ten Rustbfix asi nic nenašel tady je výpis:

************************* Rustock.b-fix -- By ejvindh *************************
źt 22.03.2007 19:32:06,12

No Rustock.b-rootkits found

******************************* End of Logfile ********************************

A výpis z toho ComboFixu:

"Standa" - 07-03-22 19:36:52 Service Pack 2
ComboFix 07-03-22.2 - Running from: "D:\Denisa\Programy"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\rsvp32_2.dll
C:\WINDOWS\pp.exe

((((((((((((((((((((((((((((((( Files Created from 2007-02-22 to 2007-03-22 ))))))))))))))))))))))))))))))))))

2007-03-21 16:48 55 --a------ C:\WINDOWS\system32\uiqzmticq.dll
2007-03-21 12:48 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-16 12:13 <DIR> d-------- C:\Program Files\DVD Shrink

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-22 00:51 -------- d-------- C:\Program Files\icqlite
2007-03-22 00:51 -------- d-------- C:\Program Files\icqlite
2007-03-21 21:12 -------- d-------- C:\Program Files\trackmania nations eswc special edition
2007-03-21 21:12 -------- d-------- C:\Program Files\trackmania nations eswc special edition
2007-02-21 14:33 70106 --a------ C:\WINDOWS\system32\perfc005.dat
2007-02-21 14:33 393192 --a------ C:\WINDOWS\system32\perfh005.dat
2007-02-05 21:02 -------- d-------- C:\Program Files\bsplayer pro
2007-02-05 21:02 -------- d-------- C:\Program Files\bsplayer pro
2007-02-03 14:21 -------- d-------- C:\Program Files\opera
2007-02-03 14:21 -------- d-------- C:\Program Files\opera
2007-02-02 22:28 -------- d-------- C:\Program Files\yahoo!
2007-02-02 22:28 -------- d-------- C:\Program Files\yahoo!
2007-02-02 21:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-02 21:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-02 21:31 -------- d-------- C:\Program Files\qip
2007-02-02 21:31 -------- d-------- C:\Program Files\qip
2007-02-02 20:57 -------- d-------- C:\Program Files\google
2007-02-02 20:57 -------- d-------- C:\Program Files\google
2007-02-02 19:45 0 --a------ C:\WINDOWS\sjoblist.dat
2007-02-02 19:45 0 --a------ C:\WINDOWS\joblist.dat
2007-02-02 19:37 -------- d-------- C:\Program Files\pinnacle
2007-02-02 19:37 -------- d-------- C:\Program Files\pinnacle
2007-02-02 19:15 -------- d-------- C:\Program Files\samsung
2007-02-02 19:15 -------- d-------- C:\Program Files\samsung
2007-02-02 18:40 -------- d-------- C:\Program Files\skype
2007-02-02 18:40 -------- d-------- C:\Program Files\skype
2007-02-02 18:40 -------- d-------- C:\Program Files\Common Files\skype
2007-02-02 15:32 -------- d-------- C:\Program Files\icqtoolbar
2007-02-02 15:32 -------- d-------- C:\Program Files\icqtoolbar
2007-02-01 19:08 -------- d-------- C:\Program Files\zoner
2007-02-01 19:08 -------- d-------- C:\Program Files\zoner
2007-01-31 19:24 -------- d-------- C:\Program Files\Common Files\speechengines
2007-01-31 19:24 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-31 19:23 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-01-31 19:23 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-31 19:20 -------- d-------- C:\Program Files\futuremark
2007-01-31 19:20 -------- d-------- C:\Program Files\futuremark
2007-01-31 19:08 -------- d-------- C:\Program Files\microsoft works
2007-01-31 19:08 -------- d-------- C:\Program Files\microsoft works
2007-01-31 19:07 -------- d-------- C:\Program Files\microsoft.net
2007-01-31 19:07 -------- d-------- C:\Program Files\microsoft.net
2007-01-31 19:00 -------- d-------- C:\Program Files\winamp
2007-01-31 19:00 -------- d-------- C:\Program Files\winamp
2007-01-31 18:58 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-01-31 18:58 274432 --a------ C:\WINDOWS\system32\imon.dll
2007-01-31 18:58 -------- d-------- C:\Program Files\quicktime
2007-01-31 18:58 -------- d-------- C:\Program Files\quicktime
2007-01-31 18:57 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-31 18:57 -------- d-------- C:\Program Files\ahead
2007-01-31 18:57 -------- d-------- C:\Program Files\ahead
2007-01-31 18:55 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-01-31 18:55 -------- d-------- C:\Program Files\cyberlink
2007-01-31 18:55 -------- d-------- C:\Program Files\cyberlink
2007-01-31 18:55 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-31 18:50 737280 --a------ C:\WINDOWS\iun6002.exe
2007-01-31 18:50 -------- d-------- C:\Program Files\codec pack - all in 1
2007-01-31 18:50 -------- d-------- C:\Program Files\codec pack - all in 1
2007-01-31 18:38 -------- d-------- C:\Program Files\realtek
2007-01-31 18:38 -------- d-------- C:\Program Files\realtek
2007-01-31 18:37 -------- d-------- C:\Program Files\intel
2007-01-31 18:37 -------- d-------- C:\Program Files\intel
2007-01-31 18:32 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-31 18:32 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-31 18:31 0 -rahs---- C:\MSDOS.SYS
2007-01-31 18:31 0 -rahs---- C:\IO.SYS
2007-01-31 18:31 0 --a------ C:\CONFIG.SYS
2007-01-31 18:31 0 --a------ C:\AUTOEXEC.BAT
2007-01-31 18:30 -------- d--h----- C:\Program Files\windowsupdate
2007-01-31 18:30 -------- d--h----- C:\Program Files\windowsupdate
2007-01-31 18:30 -------- d-------- C:\Program Files\online services
2007-01-31 18:30 -------- d-------- C:\Program Files\online services
2007-01-31 18:29 21812 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-31 18:29 -------- d-------- C:\Program Files\movie maker
2007-01-31 18:29 -------- d-------- C:\Program Files\movie maker
2007-01-31 18:29 -------- d-------- C:\Program Files\Common Files\mssoap
2007-01-31 18:28 -------- d-------- C:\Program Files\windows nt
2007-01-31 18:28 -------- d-------- C:\Program Files\windows nt
2007-01-31 18:28 -------- d-------- C:\Program Files\msn gaming zone
2007-01-31 18:28 -------- d-------- C:\Program Files\msn gaming zone
2007-01-01 06:56 545 --a------ C:\WINDOWS\uc.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\rar.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\pkzip.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\pkunzip.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\noclose.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\lha.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\arj.pif

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-22 19:37:36

sakiri · Příspěvekod **sakiri** » 22 bře 2007 20:50

Stáhni si avenger a spusť ho pod účtem administrátora.

Zaškrtni volbu - Input script manually vyskočí prázdné okno kam zkopíruj ten text v tom bílém rámečku.
script najdeš zde

Poté co ten celý script zkopíruješ klikni na Done.
Pak klikni na ikonku semafory vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.
Po restartu by ti měl vyběhnout log z avengeru a zkopíruj sem ho.(vím že ten script je dlouhý ale přesto by to bylo vhod to sem zkopírovat.)

Doufám že to chápeš kdy jsi něčemu nerozuměl tak se ptej.

Nech tyto soubory zkontrolovat na Virustotalu:
C:\WINDOWS\iun6002.exe (to by měl být šmejd tak chci mít jistotu)

A zkopíruj sem výsledky.
Zapni si zobrazovat skryté a systémové soubory pro lepší nalezení.

Poté až to provedeš tak sem dej nový log z combofixu.

O techto souborech sem skoro nic nenašel tak počkám na vyjádření ostatních (zatím s něma nic nedělej).:
C:\WINDOWS\uc.pif
C:\WINDOWS\rar.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\noclose.pif
C:\WINDOWS\lha.pif
C:\WINDOWS\arj.pif
C:\WINDOWS\sjoblist.dat
C:\WINDOWS\joblist.dat

Příspěvekod **fredik** » 22 bře 2007 21:13

Jen taková menší vsuvka:
Ten Rustbfix nebude potřeba asi používat, protože jak píše SDFix tak je možná zmíněný Rootkit aktivní.
Stačí rovnou použít Combofix pro další detekci, protože kdyby tam zmíněný Rootkit byl tak ho Combofix detekuje a pak už se dá rovnou použít ten již zmíněný Rustbfix, co by ho odstranil.

tonccek · Příspěvekod **tonccek** » 23 bře 2007 19:30

Myslím, že sem vše pochopil a provedl správně, takže přilkládám jednotlivé výpisy:

VirusTotal:

AhnLab-V3 2007.3.24.0 03.23.2007 no virus found
AntiVir 7.3.1.44 03.23.2007 no virus found
Authentium 4.93.8 03.23.2007 no virus found
Avast 4.7.936.0 03.23.2007 no virus found
AVG 7.5.0.447 03.23.2007 no virus found
BitDefender 7.2 03.23.2007 no virus found
CAT-QuickHeal 9.00 03.23.2007 no virus found
ClamAV devel-20070312 03.23.2007 no virus found
DrWeb 4.33 03.23.2007 no virus found
eSafe 7.0.14.0 03.22.2007 no virus found
eTrust-Vet 30.6.3504 03.23.2007 no virus found
Ewido 4.0 03.23.2007 no virus found
FileAdvisor 1 03.23.2007 No threat detected
Fortinet 2.85.0.0 03.23.2007 no virus found
F-Prot 4.3.1.45 03.23.2007 no virus found
F-Secure 6.70.13030.0 03.23.2007 no virus found
Ikarus T3.1.1.3 03.23.2007 no virus found
Kaspersky 4.0.2.24 03.23.2007 no virus found
McAfee 4990 03.22.2007 no virus found
Microsoft 1.2306 03.23.2007 no virus found
NOD32v2 2140 03.23.2007 no virus found
Norman 5.80.02 03.23.2007 no virus found
Panda 9.0.0.4 03.22.2007 no virus found
Prevx1 V2 03.23.2007 no virus found
Sophos 4.15.0 03.23.2007 no virus found
Sunbelt 2.2.907.0 03.22.2007 no virus found
Symantec 10 03.23.2007 no virus found
TheHacker 6.1.6.080 03.23.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.22.2007 no virus found
VirusBuster 4.3.7:9 03.23.2007 no virus found
Webwasher-Gateway 6.0.1 03.23.2007 no virus found

ComboFix:

"Standa" - 07-03-23 19:26:22 Service Pack 2
ComboFix 07-03-22.2 - Running from: "D:\Denisa\Programy"

((((((((((((((((((((((((((((((( Files Created from 2007-02-23 to 2007-03-23 ))))))))))))))))))))))))))))))))))

2007-03-23 19:11 <DIR> d-------- C:\avenger
2007-03-21 12:48 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-16 12:13 <DIR> d-------- C:\Program Files\DVD Shrink

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-22 20:26 -------- d-------- C:\Program Files\icqtoolbar
2007-03-22 20:26 -------- d-------- C:\Program Files\icqtoolbar
2007-03-22 00:51 -------- d-------- C:\Program Files\icqlite
2007-03-22 00:51 -------- d-------- C:\Program Files\icqlite
2007-03-21 21:12 -------- d-------- C:\Program Files\trackmania nations eswc special edition
2007-03-21 21:12 -------- d-------- C:\Program Files\trackmania nations eswc special edition
2007-02-21 14:33 70106 --a------ C:\WINDOWS\system32\perfc005.dat
2007-02-21 14:33 393192 --a------ C:\WINDOWS\system32\perfh005.dat
2007-02-05 21:02 -------- d-------- C:\Program Files\bsplayer pro
2007-02-05 21:02 -------- d-------- C:\Program Files\bsplayer pro
2007-02-03 14:21 -------- d-------- C:\Program Files\opera
2007-02-03 14:21 -------- d-------- C:\Program Files\opera
2007-02-02 22:28 -------- d-------- C:\Program Files\yahoo!
2007-02-02 22:28 -------- d-------- C:\Program Files\yahoo!
2007-02-02 21:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-02 21:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-02 21:31 -------- d-------- C:\Program Files\qip
2007-02-02 21:31 -------- d-------- C:\Program Files\qip
2007-02-02 20:57 -------- d-------- C:\Program Files\google
2007-02-02 20:57 -------- d-------- C:\Program Files\google
2007-02-02 19:45 0 --a------ C:\WINDOWS\sjoblist.dat
2007-02-02 19:45 0 --a------ C:\WINDOWS\joblist.dat
2007-02-02 19:37 -------- d-------- C:\Program Files\pinnacle
2007-02-02 19:37 -------- d-------- C:\Program Files\pinnacle
2007-02-02 19:15 -------- d-------- C:\Program Files\samsung
2007-02-02 19:15 -------- d-------- C:\Program Files\samsung
2007-02-02 18:40 -------- d-------- C:\Program Files\skype
2007-02-02 18:40 -------- d-------- C:\Program Files\skype
2007-02-02 18:40 -------- d-------- C:\Program Files\Common Files\skype
2007-02-01 19:08 -------- d-------- C:\Program Files\zoner
2007-02-01 19:08 -------- d-------- C:\Program Files\zoner
2007-01-31 19:24 -------- d-------- C:\Program Files\Common Files\speechengines
2007-01-31 19:24 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-31 19:23 86016 --a------ C:\WINDOWS\system32\openal32.dll
2007-01-31 19:23 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-01-31 19:20 -------- d-------- C:\Program Files\futuremark
2007-01-31 19:20 -------- d-------- C:\Program Files\futuremark
2007-01-31 19:08 -------- d-------- C:\Program Files\microsoft works
2007-01-31 19:08 -------- d-------- C:\Program Files\microsoft works
2007-01-31 19:07 -------- d-------- C:\Program Files\microsoft.net
2007-01-31 19:07 -------- d-------- C:\Program Files\microsoft.net
2007-01-31 19:00 -------- d-------- C:\Program Files\winamp
2007-01-31 19:00 -------- d-------- C:\Program Files\winamp
2007-01-31 18:58 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-01-31 18:58 274432 --a------ C:\WINDOWS\system32\imon.dll
2007-01-31 18:58 -------- d-------- C:\Program Files\quicktime
2007-01-31 18:58 -------- d-------- C:\Program Files\quicktime
2007-01-31 18:57 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-31 18:57 -------- d-------- C:\Program Files\ahead
2007-01-31 18:57 -------- d-------- C:\Program Files\ahead
2007-01-31 18:55 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-01-31 18:55 -------- d-------- C:\Program Files\cyberlink
2007-01-31 18:55 -------- d-------- C:\Program Files\cyberlink
2007-01-31 18:55 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-31 18:50 737280 --a------ C:\WINDOWS\iun6002.exe
2007-01-31 18:50 -------- d-------- C:\Program Files\codec pack - all in 1
2007-01-31 18:50 -------- d-------- C:\Program Files\codec pack - all in 1
2007-01-31 18:38 -------- d-------- C:\Program Files\realtek
2007-01-31 18:38 -------- d-------- C:\Program Files\realtek
2007-01-31 18:37 -------- d-------- C:\Program Files\intel
2007-01-31 18:37 -------- d-------- C:\Program Files\intel
2007-01-31 18:32 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-31 18:32 -------- d-------- C:\Program Files\microsoft frontpage
2007-01-31 18:31 0 -rahs---- C:\MSDOS.SYS
2007-01-31 18:31 0 -rahs---- C:\IO.SYS
2007-01-31 18:31 0 --a------ C:\CONFIG.SYS
2007-01-31 18:31 0 --a------ C:\AUTOEXEC.BAT
2007-01-31 18:30 -------- d--h----- C:\Program Files\windowsupdate
2007-01-31 18:30 -------- d--h----- C:\Program Files\windowsupdate
2007-01-31 18:30 -------- d-------- C:\Program Files\online services
2007-01-31 18:30 -------- d-------- C:\Program Files\online services
2007-01-31 18:29 21812 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-31 18:29 -------- d-------- C:\Program Files\movie maker
2007-01-31 18:29 -------- d-------- C:\Program Files\movie maker
2007-01-31 18:29 -------- d-------- C:\Program Files\Common Files\mssoap
2007-01-31 18:28 -------- d-------- C:\Program Files\windows nt
2007-01-31 18:28 -------- d-------- C:\Program Files\windows nt
2007-01-31 18:28 -------- d-------- C:\Program Files\msn gaming zone
2007-01-31 18:28 -------- d-------- C:\Program Files\msn gaming zone
2007-01-01 06:56 545 --a------ C:\WINDOWS\uc.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\rar.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\pkzip.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\pkunzip.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\noclose.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\lha.pif
2007-01-01 06:56 545 --a------ C:\WINDOWS\arj.pif

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"nlhr"=hex(2):52,75,6e,44,6c,6c,33,32,2e,65,78,65,20,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,41,64,76,50,61,63,6b,2e,44,6c,6c,\
2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,65,2e,69,6e,66,2c,43,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-23 19:27:17
C:\ComboFix2.txt ... 07-03-22 19:37

tonccek · Příspěvekod **tonccek** » 23 bře 2007 19:37

Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\exaqcoio

*******************

Script file located at: \??\C:\WINDOWS\xpwjtudk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Temp\tmpf5 not found!
Deletion of file C:\WINDOWS\Temp\tmpf5 failed!

Could not process line:
C:\WINDOWS\Temp\tmpf5
Status: 0xc0000034

File C:\WINDOWS\atmcfg.tmp not found!
Deletion of file C:\WINDOWS\atmcfg.tmp failed!

Could not process line:
C:\WINDOWS\atmcfg.tmp
Status: 0xc0000034

File C:\WINDOWS\attcfg.tmp not found!
Deletion of file C:\WINDOWS\attcfg.tmp failed!

Could not process line:
C:\WINDOWS\attcfg.tmp
Status: 0xc0000034

File C:\WINDOWS\avistat.tmp not found!
Deletion of file C:\WINDOWS\avistat.tmp failed!

Could not process line:
C:\WINDOWS\avistat.tmp
Status: 0xc0000034

File C:\WINDOWS\brwcfg.tmp not found!
Deletion of file C:\WINDOWS\brwcfg.tmp failed!

Could not process line:
C:\WINDOWS\brwcfg.tmp
Status: 0xc0000034

File C:\WINDOWS\concfg.tmp not found!
Deletion of file C:\WINDOWS\concfg.tmp failed!

Could not process line:
C:\WINDOWS\concfg.tmp
Status: 0xc0000034

File C:\WINDOWS\egadata.tmp not found!
Deletion of file C:\WINDOWS\egadata.tmp failed!

Could not process line:
C:\WINDOWS\egadata.tmp
Status: 0xc0000034

File C:\WINDOWS\dbmdata.tmp not found!
Deletion of file C:\WINDOWS\dbmdata.tmp failed!

Could not process line:
C:\WINDOWS\dbmdata.tmp
Status: 0xc0000034

File C:\WINDOWS\sc.tmp not found!
Deletion of file C:\WINDOWS\sc.tmp failed!

Could not process line:
C:\WINDOWS\sc.tmp
Status: 0xc0000034

File C:\WINDOWS\sc.xml1 not found!
Deletion of file C:\WINDOWS\sc.xml1 failed!

Could not process line:
C:\WINDOWS\sc.xml1
Status: 0xc0000034

File C:\WINDOWS\tj7jec.tmp not found!
Deletion of file C:\WINDOWS\tj7jec.tmp failed!

Could not process line:
C:\WINDOWS\tj7jec.tmp
Status: 0xc0000034

File C:\WINDOWS\d5txeh9i.bmp not found!
Deletion of file C:\WINDOWS\d5txeh9i.bmp failed!

Could not process line:
C:\WINDOWS\d5txeh9i.bmp
Status: 0xc0000034

File C:\WINDOWS\b6iqdkku.scf not found!
Deletion of file C:\WINDOWS\b6iqdkku.scf failed!

Could not process line:
C:\WINDOWS\b6iqdkku.scf
Status: 0xc0000034

File C:\WINDOWS\jw9ucgel.scf not found!
Deletion of file C:\WINDOWS\jw9ucgel.scf failed!

Could not process line:
C:\WINDOWS\jw9ucgel.scf
Status: 0xc0000034

File C:\WINDOWS\k6jb7v.scf not found!
Deletion of file C:\WINDOWS\k6jb7v.scf failed!

Could not process line:
C:\WINDOWS\k6jb7v.scf
Status: 0xc0000034

File C:\WINDOWS\c6wsq6.reg not found!
Deletion of file C:\WINDOWS\c6wsq6.reg failed!

Could not process line:
C:\WINDOWS\c6wsq6.reg
Status: 0xc0000034

File C:\WINDOWS\cesm9q.reg not found!
Deletion of file C:\WINDOWS\cesm9q.reg failed!

Could not process line:
C:\WINDOWS\cesm9q.reg
Status: 0xc0000034

File C:\WINDOWS\eevmwk.reg not found!
Deletion of file C:\WINDOWS\eevmwk.reg failed!

Could not process line:
C:\WINDOWS\eevmwk.reg
Status: 0xc0000034

File C:\WINDOWS\f3da8e.reg not found!
Deletion of file C:\WINDOWS\f3da8e.reg failed!

Could not process line:
C:\WINDOWS\f3da8e.reg
Status: 0xc0000034

File C:\WINDOWS\hnwjp41c.reg not found!
Deletion of file C:\WINDOWS\hnwjp41c.reg failed!

Could not process line:
C:\WINDOWS\hnwjp41c.reg
Status: 0xc0000034

File C:\WINDOWS\in0r6hai.reg not found!
Deletion of file C:\WINDOWS\in0r6hai.reg failed!

Could not process line:
C:\WINDOWS\in0r6hai.reg
Status: 0xc0000034

File C:\WINDOWS\brwmark.ini not found!
Deletion of file C:\WINDOWS\brwmark.ini failed!

Could not process line:
C:\WINDOWS\brwmark.ini
Status: 0xc0000034

File C:\WINDOWS\dqpdroc.ini not found!
Deletion of file C:\WINDOWS\dqpdroc.ini failed!

Could not process line:
C:\WINDOWS\dqpdroc.ini
Status: 0xc0000034

File C:\WINDOWS\gjo2qi.ini not found!
Deletion of file C:\WINDOWS\gjo2qi.ini failed!

Could not process line:
C:\WINDOWS\gjo2qi.ini
Status: 0xc0000034

File C:\WINDOWS\xt2in5uk.ini not found!
Deletion of file C:\WINDOWS\xt2in5uk.ini failed!

Could not process line:
C:\WINDOWS\xt2in5uk.ini
Status: 0xc0000034

File C:\WINDOWS\9ergx.dat not found!
Deletion of file C:\WINDOWS\9ergx.dat failed!

Could not process line:
C:\WINDOWS\9ergx.dat
Status: 0xc0000034

File C:\WINDOWS\accm.exe not found!
Deletion of file C:\WINDOWS\accm.exe failed!

Could not process line:
C:\WINDOWS\accm.exe
Status: 0xc0000034

File C:\WINDOWS\ais32.exe not found!
Deletion of file C:\WINDOWS\ais32.exe failed!

Could not process line:
C:\WINDOWS\ais32.exe
Status: 0xc0000034

File C:\WINDOWS\alerter.exe not found!
Deletion of file C:\WINDOWS\alerter.exe failed!

Could not process line:
C:\WINDOWS\alerter.exe
Status: 0xc0000034

File C:\WINDOWS\aorvno91m.txt not found!
Deletion of file C:\WINDOWS\aorvno91m.txt failed!

Could not process line:
C:\WINDOWS\aorvno91m.txt
Status: 0xc0000034

File C:\WINDOWS\bin32.exe not found!
Deletion of file C:\WINDOWS\bin32.exe failed!

Could not process line:
C:\WINDOWS\bin32.exe
Status: 0xc0000034

File C:\WINDOWS\cc1.exe not found!
Deletion of file C:\WINDOWS\cc1.exe failed!

Could not process line:
C:\WINDOWS\cc1.exe
Status: 0xc0000034

File C:\WINDOWS\cc2.exe not found!
Deletion of file C:\WINDOWS\cc2.exe failed!

Could not process line:
C:\WINDOWS\cc2.exe
Status: 0xc0000034

File C:\WINDOWS\cc3.exe not found!
Deletion of file C:\WINDOWS\cc3.exe failed!

Could not process line:
C:\WINDOWS\cc3.exe
Status: 0xc0000034

File C:\WINDOWS\cc4.exe not found!
Deletion of file C:\WINDOWS\cc4.exe failed!

Could not process line:
C:\WINDOWS\cc4.exe
Status: 0xc0000034

File C:\WINDOWS\cc5.exe not found!
Deletion of file C:\WINDOWS\cc5.exe failed!

Could not process line:
C:\WINDOWS\cc5.exe
Status: 0xc0000034

File C:\WINDOWS\chater.exe not found!
Deletion of file C:\WINDOWS\chater.exe failed!

Could not process line:
C:\WINDOWS\chater.exe
Status: 0xc0000034

File C:\WINDOWS\cknxj2wno.log not found!
Deletion of file C:\WINDOWS\cknxj2wno.log failed!

Could not process line:
C:\WINDOWS\cknxj2wno.log
Status: 0xc0000034

File C:\WINDOWS\csrsd.exe not found!
Deletion of file C:\WINDOWS\csrsd.exe failed!

Could not process line:
C:\WINDOWS\csrsd.exe
Status: 0xc0000034

File C:\WINDOWS\ccsserv.exe not found!
Deletion of file C:\WINDOWS\ccsserv.exe failed!

Could not process line:
C:\WINDOWS\ccsserv.exe
Status: 0xc0000034

File C:\WINDOWS\ccsserv.dat not found!
Deletion of file C:\WINDOWS\ccsserv.dat failed!

Could not process line:
C:\WINDOWS\ccsserv.dat
Status: 0xc0000034

File C:\WINDOWS\eba2h6cc.dat not found!
Deletion of file C:\WINDOWS\eba2h6cc.dat failed!

Could not process line:
C:\WINDOWS\eba2h6cc.dat
Status: 0xc0000034

File C:\WINDOWS\f8or9s.exe not found!
Deletion of file C:\WINDOWS\f8or9s.exe failed!

Could not process line:
C:\WINDOWS\f8or9s.exe
Status: 0xc0000034

File C:\WINDOWS\ftg71cj1qx.dat not found!
Deletion of file C:\WINDOWS\ftg71cj1qx.dat failed!

Could not process line:
C:\WINDOWS\ftg71cj1qx.dat
Status: 0xc0000034

File C:\WINDOWS\fwall32.dat not found!
Deletion of file C:\WINDOWS\fwall32.dat failed!

Could not process line:
C:\WINDOWS\fwall32.dat
Status: 0xc0000034

File C:\WINDOWS\gbrw8nl7.log not found!
Deletion of file C:\WINDOWS\gbrw8nl7.log failed!

Could not process line:
C:\WINDOWS\gbrw8nl7.log
Status: 0xc0000034

File C:\WINDOWS\gdi32.exe not found!
Deletion of file C:\WINDOWS\gdi32.exe failed!

Could not process line:
C:\WINDOWS\gdi32.exe
Status: 0xc0000034

File C:\WINDOWS\gn3kud5.log not found!
Deletion of file C:\WINDOWS\gn3kud5.log failed!

Could not process line:
C:\WINDOWS\gn3kud5.log
Status: 0xc0000034

File C:\WINDOWS\hv4e05.dll not found!
Deletion of file C:\WINDOWS\hv4e05.dll failed!

Could not process line:
C:\WINDOWS\hv4e05.dll
Status: 0xc0000034

File C:\WINDOWS\kheu93.dll not found!
Deletion of file C:\WINDOWS\kheu93.dll failed!

Could not process line:
C:\WINDOWS\kheu93.dll
Status: 0xc0000034

File C:\WINDOWS\jestertb.dll not found!
Deletion of file C:\WINDOWS\jestertb.dll failed!

Could not process line:
C:\WINDOWS\jestertb.dll
Status: 0xc0000034

File C:\WINDOWS\md2icut9a2.dll not found!
Deletion of file C:\WINDOWS\md2icut9a2.dll failed!

Could not process line:
C:\WINDOWS\md2icut9a2.dll
Status: 0xc0000034

File C:\WINDOWS\msout.exe not found!
Deletion of file C:\WINDOWS\msout.exe failed!

Could not process line:
C:\WINDOWS\msout.exe
Status: 0xc0000034

File C:\WINDOWS\msupdtwiz.exe not found!
Deletion of file C:\WINDOWS\msupdtwiz.exe failed!

Could not process line:
C:\WINDOWS\msupdtwiz.exe
Status: 0xc0000034

File C:\WINDOWS\msupdtwiz.c not found!
Deletion of file C:\WINDOWS\msupdtwiz.c failed!

Could not process line:
C:\WINDOWS\msupdtwiz.c
Status: 0xc0000034

File C:\WINDOWS\msupdtwiz.s not found!
Deletion of file C:\WINDOWS\msupdtwiz.s failed!

Could not process line:
C:\WINDOWS\msupdtwiz.s
Status: 0xc0000034

File C:\WINDOWS\msupdtwiz.z not found!
Deletion of file C:\WINDOWS\msupdtwiz.z failed!

Could not process line:
C:\WINDOWS\msupdtwiz.z
Status: 0xc0000034

File C:\WINDOWS\msupdtwiz.dat not found!
Deletion of file C:\WINDOWS\msupdtwiz.dat failed!

Could not process line:
C:\WINDOWS\msupdtwiz.dat
Status: 0xc0000034

File C:\WINDOWS\nmac32.exe not found!
Deletion of file C:\WINDOWS\nmac32.exe failed!

Could not process line:
C:\WINDOWS\nmac32.exe
Status: 0xc0000034

File C:\WINDOWS\np8dbq.exe not found!
Deletion of file C:\WINDOWS\np8dbq.exe failed!

Could not process line:
C:\WINDOWS\np8dbq.exe
Status: 0xc0000034

File C:\WINDOWS\npad32.dat not found!
Deletion of file C:\WINDOWS\npad32.dat failed!

Could not process line:
C:\WINDOWS\npad32.dat
Status: 0xc0000034

File C:\WINDOWS\odfvf.dat not found!
Deletion of file C:\WINDOWS\odfvf.dat failed!

Could not process line:
C:\WINDOWS\odfvf.dat
Status: 0xc0000034

File C:\WINDOWS\r81j7l4g.pif not found!
Deletion of file C:\WINDOWS\r81j7l4g.pif failed!

Could not process line:
C:\WINDOWS\r81j7l4g.pif
Status: 0xc0000034

File C:\WINDOWS\reggserv.dat not found!
Deletion of file C:\WINDOWS\reggserv.dat failed!

Could not process line:
C:\WINDOWS\reggserv.dat
Status: 0xc0000034

File C:\WINDOWS\rmtemp~.exe not found!
Deletion of file C:\WINDOWS\rmtemp~.exe failed!

Could not process line:
C:\WINDOWS\rmtemp~.exe
Status: 0xc0000034

File C:\WINDOWS\semr8u8j8n.dll not found!
Deletion of file C:\WINDOWS\semr8u8j8n.dll failed!

Could not process line:
C:\WINDOWS\semr8u8j8n.dll
Status: 0xc0000034

File C:\WINDOWS\serrv.c not found!
Deletion of file C:\WINDOWS\serrv.c failed!

Could not process line:
C:\WINDOWS\serrv.c
Status: 0xc0000034

File C:\WINDOWS\serrv.exe not found!
Deletion of file C:\WINDOWS\serrv.exe failed!

Could not process line:
C:\WINDOWS\serrv.exe
Status: 0xc0000034

File C:\WINDOWS\serrv.wax not found!
Deletion of file C:\WINDOWS\serrv.wax failed!

Could not process line:
C:\WINDOWS\serrv.wax
Status: 0xc0000034

File C:\WINDOWS\serrv.dat not found!
Deletion of file C:\WINDOWS\serrv.dat failed!

Could not process line:
C:\WINDOWS\serrv.dat
Status: 0xc0000034

File C:\WINDOWS\serv.exe not found!
Deletion of file C:\WINDOWS\serv.exe failed!

Could not process line:
C:\WINDOWS\serv.exe
Status: 0xc0000034

File C:\WINDOWS\serv.wax not found!
Deletion of file C:\WINDOWS\serv.wax failed!

Could not process line:
C:\WINDOWS\serv.wax
Status: 0xc0000034

File C:\WINDOWS\sg6fk0l5ci.dll not found!
Deletion of file C:\WINDOWS\sg6fk0l5ci.dll failed!

Could not process line:
C:\WINDOWS\sg6fk0l5ci.dll
Status: 0xc0000034

File C:\WINDOWS\smm126.exe not found!
Deletion of file C:\WINDOWS\smm126.exe failed!

Could not process line:
C:\WINDOWS\smm126.exe
Status: 0xc0000034

File C:\WINDOWS\spoolsrv.exe not found!
Deletion of file C:\WINDOWS\spoolsrv.exe failed!

Could not process line:
C:\WINDOWS\spoolsrv.exe
Status: 0xc0000034

File C:\WINDOWS\spow32.exe not found!
Deletion of file C:\WINDOWS\spow32.exe failed!

Could not process line:
C:\WINDOWS\spow32.exe
Status: 0xc0000034

File C:\WINDOWS\sqhost.exe not found!
Deletion of file C:\WINDOWS\sqhost.exe failed!

Could not process line:
C:\WINDOWS\sqhost.exe
Status: 0xc0000034

File C:\WINDOWS\sqhost.wax not found!
Deletion of file C:\WINDOWS\sqhost.wax failed!

Could not process line:
C:\WINDOWS\sqhost.wax
Status: 0xc0000034

File C:\WINDOWS\sqhost.c not found!
Deletion of file C:\WINDOWS\sqhost.c failed!

Could not process line:
C:\WINDOWS\sqhost.c
Status: 0xc0000034

File C:\WINDOWS\sqhost.s not found!
Deletion of file C:\WINDOWS\sqhost.s failed!

Could not process line:
C:\WINDOWS\sqhost.s
Status: 0xc0000034

File C:\WINDOWS\sqhost.z not found!
Deletion of file C:\WINDOWS\sqhost.z failed!

Could not process line:
C:\WINDOWS\sqhost.z
Status: 0xc0000034

File C:\WINDOWS\sqhost.dat not found!
Deletion of file C:\WINDOWS\sqhost.dat failed!

Could not process line:
C:\WINDOWS\sqhost.dat
Status: 0xc0000034

File C:\WINDOWS\sqhos32.dat not found!
Deletion of file C:\WINDOWS\sqhos32.dat failed!

Could not process line:
C:\WINDOWS\sqhos32.dat
Status: 0xc0000034

File C:\WINDOWS\sserrvv.exe not found!
Deletion of file C:\WINDOWS\sserrvv.exe failed!

Could not process line:
C:\WINDOWS\sserrvv.exe
Status: 0xc0000034

File C:\WINDOWS\sserrvv.wax not found!
Deletion of file C:\WINDOWS\sserrvv.wax failed!

Could not process line:
C:\WINDOWS\sserrvv.wax
Status: 0xc0000034

File C:\WINDOWS\sserrvv.c not found!
Deletion of file C:\WINDOWS\sserrvv.c failed!

Could not process line:
C:\WINDOWS\sserrvv.c
Status: 0xc0000034

File C:\WINDOWS\sserrvv.s not found!
Deletion of file C:\WINDOWS\sserrvv.s failed!

Could not process line:
C:\WINDOWS\sserrvv.s
Status: 0xc0000034

File C:\WINDOWS\sserrvv.z not found!
Deletion of file C:\WINDOWS\sserrvv.z failed!

Could not process line:
C:\WINDOWS\sserrvv.z
Status: 0xc0000034

File C:\WINDOWS\t2serv.dll not found!
Deletion of file C:\WINDOWS\t2serv.dll failed!

Could not process line:
C:\WINDOWS\t2serv.dll
Status: 0xc0000034

File C:\WINDOWS\t2serv.s not found!
Deletion of file C:\WINDOWS\t2serv.s failed!

Could not process line:
C:\WINDOWS\t2serv.s
Status: 0xc0000034

File C:\WINDOWS\t2serv.wax not found!
Deletion of file C:\WINDOWS\t2serv.wax failed!

Could not process line:
C:\WINDOWS\t2serv.wax
Status: 0xc0000034

File C:\WINDOWS\tpup.wax not found!
Deletion of file C:\WINDOWS\tpup.wax failed!

Could not process line:
C:\WINDOWS\tpup.wax
Status: 0xc0000034

File C:\WINDOWS\tpup.exe not found!
Deletion of file C:\WINDOWS\tpup.exe failed!

Could not process line:
C:\WINDOWS\tpup.exe
Status: 0xc0000034

File C:\WINDOWS\tpup.z not found!
Deletion of file C:\WINDOWS\tpup.z failed!

Could not process line:
C:\WINDOWS\tpup.z
Status: 0xc0000034

File C:\WINDOWS\tpup.dat not found!
Deletion of file C:\WINDOWS\tpup.dat failed!

Could not process line:
C:\WINDOWS\tpup.dat
Status: 0xc0000034

File C:\WINDOWS\twain22.exe not found!
Deletion of file C:\WINDOWS\twain22.exe failed!

Could not process line:
C:\WINDOWS\twain22.exe
Status: 0xc0000034

File C:\WINDOWS\u713ifw.txt not found!
Deletion of file C:\WINDOWS\u713ifw.txt failed!

Could not process line:
C:\WINDOWS\u713ifw.txt
Status: 0xc0000034

File C:\WINDOWS\update86.exe not found!
Deletion of file C:\WINDOWS\update86.exe failed!

Could not process line:
C:\WINDOWS\update86.exe
Status: 0xc0000034

File C:\WINDOWS\wqpd32.dat not found!
Deletion of file C:\WINDOWS\wqpd32.dat failed!

Could not process line:
C:\WINDOWS\wqpd32.dat
Status: 0xc0000034

File C:\WINDOWS\system32\2f2Ro5hpj2.dll not found!
Deletion of file C:\WINDOWS\system32\2f2Ro5hpj2.dll failed!

Could not process line:
C:\WINDOWS\system32\2f2Ro5hpj2.dll
Status: 0xc0000034

File C:\WINDOWS\system32\40.tmp not found!
Deletion of file C:\WINDOWS\system32\40.tmp failed!

Could not process line:
C:\WINDOWS\system32\40.tmp
Status: 0xc0000034

File C:\WINDOWS\system32\40.tmp.exe not found!
Deletion of file C:\WINDOWS\system32\40.tmp.exe failed!

Could not process line:
C:\WINDOWS\system32\40.tmp.exe
Status: 0xc0000034

File C:\WINDOWS\system32\actidmoc.exe not found!
Deletion of file C:\WINDOWS\system32\actidmoc.exe failed!

Could not process line:
C:\WINDOWS\system32\actidmoc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\advacfgb.dll not found!
Deletion of file C:\WINDOWS\system32\advacfgb.dll failed!

Could not process line:
C:\WINDOWS\system32\advacfgb.dll
Status: 0xc0000034

File C:\WINDOWS\system32\advacfgb.dat not found!
Deletion of file C:\WINDOWS\system32\advacfgb.dat failed!

Could not process line:
C:\WINDOWS\system32\advacfgb.dat
Status: 0xc0000034

File C:\WINDOWS\system32\advacfgb.exe not found!
Deletion of file C:\WINDOWS\system32\advacfgb.exe failed!

Could not process line:
C:\WINDOWS\system32\advacfgb.exe
Status: 0xc0000034

File C:\WINDOWS\system32\alerter.exe not found!
Deletion of file C:\WINDOWS\system32\alerter.exe failed!

Could not process line:
C:\WINDOWS\system32\alerter.exe
Status: 0xc0000034

File C:\WINDOWS\system32\alrsbatt.dll not found!
Deletion of file C:\WINDOWS\system32\alrsbatt.dll failed!

Could not process line:
C:\WINDOWS\system32\alrsbatt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\atrconf.exe not found!
Deletion of file C:\WINDOWS\system32\atrconf.exe failed!

Could not process line:
C:\WINDOWS\system32\atrconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\attmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\attmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\attmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\atmperf.exe not found!
Deletion of file C:\WINDOWS\system32\atmperf.exe failed!

Could not process line:
C:\WINDOWS\system32\atmperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\attprf32.dll not found!
Deletion of file C:\WINDOWS\system32\attprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\attprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\attstat.dll not found!
Deletion of file C:\WINDOWS\system32\attstat.dll failed!

Could not process line:
C:\WINDOWS\system32\attstat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\audconf.exe not found!
Deletion of file C:\WINDOWS\system32\audconf.exe failed!

Could not process line:
C:\WINDOWS\system32\audconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\audmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\audmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\audmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\audstat.dll not found!
Deletion of file C:\WINDOWS\system32\audstat.dll failed!

Could not process line:
C:\WINDOWS\system32\audstat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\audprf32.dll not found!
Deletion of file C:\WINDOWS\system32\audprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\audprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\audperf.exe not found!
Deletion of file C:\WINDOWS\system32\audperf.exe failed!

Could not process line:
C:\WINDOWS\system32\audperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\avifwmer.dll not found!
Deletion of file C:\WINDOWS\system32\avifwmer.dll failed!

Could not process line:
C:\WINDOWS\system32\avifwmer.dll
Status: 0xc0000034

File C:\WINDOWS\system32\brwconf.exe not found!
Deletion of file C:\WINDOWS\system32\brwconf.exe failed!

Could not process line:
C:\WINDOWS\system32\brwconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\brwmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\brwmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\brwmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\brwperf.exe not found!
Deletion of file C:\WINDOWS\system32\brwperf.exe failed!

Could not process line:
C:\WINDOWS\system32\brwperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\brwprf32.dll not found!
Deletion of file C:\WINDOWS\system32\brwprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\brwprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\brwstat.dll not found!
Deletion of file C:\WINDOWS\system32\brwstat.dll failed!

Could not process line:
C:\WINDOWS\system32\brwstat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ccfgcscd.exe not found!
Deletion of file C:\WINDOWS\system32\ccfgcscd.exe failed!

Could not process line:
C:\WINDOWS\system32\ccfgcscd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ccfgcscd.dat not found!
Deletion of file C:\WINDOWS\system32\ccfgcscd.dat failed!

Could not process line:
C:\WINDOWS\system32\ccfgcscd.dat
Status: 0xc0000034

File C:\WINDOWS\system32\ccfgcscd.dll not found!
Deletion of file C:\WINDOWS\system32\ccfgcscd.dll failed!

Could not process line:
C:\WINDOWS\system32\ccfgcscd.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cfgd3d.dll not found!
Deletion of file C:\WINDOWS\system32\cfgd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgd3d.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cfgisr.dll not found!
Deletion of file C:\WINDOWS\system32\cfgisr.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgisr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cfgmmprm.dll not found!
Deletion of file C:\WINDOWS\system32\cfgmmprm.dll failed!

Could not process line:
C:\WINDOWS\system32\cfgmmprm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confatm.dll not found!
Deletion of file C:\WINDOWS\system32\confatm.dll failed!

Could not process line:
C:\WINDOWS\system32\confatm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confatt.dll not found!
Deletion of file C:\WINDOWS\system32\confatt.dll failed!

Could not process line:
C:\WINDOWS\system32\confatt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confaud.dll not found!
Deletion of file C:\WINDOWS\system32\confaud.dll failed!

Could not process line:
C:\WINDOWS\system32\confaud.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confbrw.dll not found!
Deletion of file C:\WINDOWS\system32\confbrw.dll failed!

Could not process line:
C:\WINDOWS\system32\confbrw.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confcon.dll not found!
Deletion of file C:\WINDOWS\system32\confcon.dll failed!

Could not process line:
C:\WINDOWS\system32\confcon.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confega.dll not found!
Deletion of file C:\WINDOWS\system32\confega.dll failed!

Could not process line:
C:\WINDOWS\system32\confega.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confifc.dll not found!
Deletion of file C:\WINDOWS\system32\confifc.dll failed!

Could not process line:
C:\WINDOWS\system32\confifc.dll
Status: 0xc0000034

File C:\WINDOWS\system32\confwmv.dll not found!
Deletion of file C:\WINDOWS\system32\confwmv.dll failed!

Could not process line:
C:\WINDOWS\system32\confwmv.dll
Status: 0xc0000034

File C:\WINDOWS\system32\conmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\conmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\conmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\conperf.exe not found!
Deletion of file C:\WINDOWS\system32\conperf.exe failed!

Could not process line:
C:\WINDOWS\system32\conperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\conprf32.dll not found!
Deletion of file C:\WINDOWS\system32\conprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\conprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\constat.dll not found!
Deletion of file C:\WINDOWS\system32\constat.dll failed!

Could not process line:
C:\WINDOWS\system32\constat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cp8xpqj.dll not found!
Deletion of file C:\WINDOWS\system32\cp8xpqj.dll failed!

Could not process line:
C:\WINDOWS\system32\cp8xpqj.dll
Status: 0xc0000034

File C:\WINDOWS\system32\crypds16.dll not found!
Deletion of file C:\WINDOWS\system32\crypds16.dll failed!

Could not process line:
C:\WINDOWS\system32\crypds16.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cssewmpd.exe not found!
Deletion of file C:\WINDOWS\system32\cssewmpd.exe failed!

Could not process line:
C:\WINDOWS\system32\cssewmpd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dbgperf.exe not found!
Deletion of file C:\WINDOWS\system32\dbgperf.exe failed!

Could not process line:
C:\WINDOWS\system32\dbgperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\decconf.exe not found!
Deletion of file C:\WINDOWS\system32\decconf.exe failed!

Could not process line:
C:\WINDOWS\system32\decconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dfssrasc.dll not found!
Deletion of file C:\WINDOWS\system32\dfssrasc.dll failed!

Could not process line:
C:\WINDOWS\system32\dfssrasc.dll
Status: 0xc0000034

File C:\WINDOWS\system32\dfssrasc.exe not found!
Deletion of file C:\WINDOWS\system32\dfssrasc.exe failed!

Could not process line:
C:\WINDOWS\system32\dfssrasc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\diagisr.dll not found!
Deletion of file C:\WINDOWS\system32\diagisr.dll failed!

Could not process line:
C:\WINDOWS\system32\diagisr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\diagd3d.dll not found!
Deletion of file C:\WINDOWS\system32\diagd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\diagd3d.dll
Status: 0xc0000034

File C:\WINDOWS\system32\d1agrpd.exe not found!
Deletion of file C:\WINDOWS\system32\d1agrpd.exe failed!

Could not process line:
C:\WINDOWS\system32\d1agrpd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dmimmdt2.exe not found!
Deletion of file C:\WINDOWS\system32\dmimmdt2.exe failed!

Could not process line:
C:\WINDOWS\system32\dmimmdt2.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dpugmswe.dll not found!
Deletion of file C:\WINDOWS\system32\dpugmswe.dll failed!

Could not process line:
C:\WINDOWS\system32\dpugmswe.dll
Status: 0xc0000034

File C:\WINDOWS\system32\dpvacdfv.dll not found!
Deletion of file C:\WINDOWS\system32\dpvacdfv.dll failed!

Could not process line:
C:\WINDOWS\system32\dpvacdfv.dll
Status: 0xc0000034

File C:\WINDOWS\system32\dssconf.exe not found!
Deletion of file C:\WINDOWS\system32\dssconf.exe failed!

Could not process line:
C:\WINDOWS\system32\dssconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dxtmsft3.dll not found!
Deletion of file C:\WINDOWS\system32\dxtmsft3.dll failed!

Could not process line:
C:\WINDOWS\system32\dxtmsft3.dll
Status: 0xc0000034

File C:\WINDOWS\system32\dxtmmnmd.dat not found!
Deletion of file C:\WINDOWS\system32\dxtmmnmd.dat failed!

Could not process line:
C:\WINDOWS\system32\dxtmmnmd.dat
Status: 0xc0000034

File C:\WINDOWS\system32\dxtmmnmd.exe not found!
Deletion of file C:\WINDOWS\system32\dxtmmnmd.exe failed!

Could not process line:
C:\WINDOWS\system32\dxtmmnmd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dxtmmnmd.dll not found!
Deletion of file C:\WINDOWS\system32\dxtmmnmd.dll failed!

Could not process line:
C:\WINDOWS\system32\dxtmmnmd.dll
Status: 0xc0000034

File C:\WINDOWS\system32\e1.dll not found!
Deletion of file C:\WINDOWS\system32\e1.dll failed!

Could not process line:
C:\WINDOWS\system32\e1.dll
Status: 0xc0000034

File C:\WINDOWS\system32\egaavi.exe not found!
Deletion of file C:\WINDOWS\system32\egaavi.exe failed!

Could not process line:
C:\WINDOWS\system32\egaavi.exe
Status: 0xc0000034

File C:\WINDOWS\system32\egamgr32.dll not found!
Deletion of file C:\WINDOWS\system32\egamgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\egamgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\egastat.dll not found!
Deletion of file C:\WINDOWS\system32\egastat.dll failed!

Could not process line:
C:\WINDOWS\system32\egastat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\egperf32.dll not found!
Deletion of file C:\WINDOWS\system32\egperf32.dll failed!

Could not process line:
C:\WINDOWS\system32\egperf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\evenncob.dll not found!
Deletion of file C:\WINDOWS\system32\evenncob.dll failed!

Could not process line:
C:\WINDOWS\system32\evenncob.dll
Status: 0xc0000034

File C:\WINDOWS\system32\fpwppgpm.exe not found!
Deletion of file C:\WINDOWS\system32\fpwppgpm.exe failed!

Could not process line:
C:\WINDOWS\system32\fpwppgpm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\fsxsh4.dll not found!
Deletion of file C:\WINDOWS\system32\fsxsh4.dll failed!

Could not process line:
C:\WINDOWS\system32\fsxsh4.dll
Status: 0xc0000034

File C:\WINDOWS\system32\gg32pbms.dll not found!
Deletion of file C:\WINDOWS\system32\gg32pbms.dll failed!

Could not process line:
C:\WINDOWS\system32\gg32pbms.dll
Status: 0xc0000034

File C:\WINDOWS\system32\gtmqf608r7.dll not found!
Deletion of file C:\WINDOWS\system32\gtmqf608r7.dll failed!

Could not process line:
C:\WINDOWS\system32\gtmqf608r7.dll
Status: 0xc0000034

File C:\WINDOWS\system32\hypewmv9.exe not found!
Deletion of file C:\WINDOWS\system32\hypewmv9.exe failed!

Could not process line:
C:\WINDOWS\system32\hypewmv9.exe
Status: 0xc0000034

File C:\WINDOWS\system32\i5u476j8n7.dll not found!
Deletion of file C:\WINDOWS\system32\i5u476j8n7.dll failed!

Could not process line:
C:\WINDOWS\system32\i5u476j8n7.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ifcprf32.dll not found!
Deletion of file C:\WINDOWS\system32\ifcprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\ifcprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ifcstat.dll not found!
Deletion of file C:\WINDOWS\system32\ifcstat.dll failed!

Could not process line:
C:\WINDOWS\system32\ifcstat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ifcmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\ifcmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\ifcmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ifcperf.exe not found!
Deletion of file C:\WINDOWS\system32\ifcperf.exe failed!

Could not process line:
C:\WINDOWS\system32\ifcperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\imagalrs.exe not found!
Deletion of file C:\WINDOWS\system32\imagalrs.exe failed!

Could not process line:
C:\WINDOWS\system32\imagalrs.exe
Status: 0xc0000034

File C:\WINDOWS\system32\inetzlco.exe not found!
Deletion of file C:\WINDOWS\system32\inetzlco.exe failed!

Could not process line:
C:\WINDOWS\system32\inetzlco.exe
Status: 0xc0000034

File C:\WINDOWS\system32\inetzlco.dll not found!
Deletion of file C:\WINDOWS\system32\inetzlco.dll failed!

Could not process line:
C:\WINDOWS\system32\inetzlco.dll
Status: 0xc0000034

File C:\WINDOWS\system32\iproplus.dll not found!
Deletion of file C:\WINDOWS\system32\iproplus.dll failed!

Could not process line:
C:\WINDOWS\system32\iproplus.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ipsecmon.exe not found!
Deletion of file C:\WINDOWS\system32\ipsecmon.exe failed!

Could not process line:
C:\WINDOWS\system32\ipsecmon.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ipsmwebh.exe not found!
Deletion of file C:\WINDOWS\system32\ipsmwebh.exe failed!

Could not process line:
C:\WINDOWS\system32\ipsmwebh.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ipxpextm.exe not found!
Deletion of file C:\WINDOWS\system32\ipxpextm.exe failed!

Could not process line:
C:\WINDOWS\system32\ipxpextm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ipxwersv.dll not found!
Deletion of file C:\WINDOWS\system32\ipxwersv.dll failed!

Could not process line:
C:\WINDOWS\system32\ipxwersv.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ipxwshel.exe not found!
Deletion of file C:\WINDOWS\system32\ipxwshel.exe failed!

Could not process line:
C:\WINDOWS\system32\ipxwshel.exe
Status: 0xc0000034

File C:\WINDOWS\system32\isrconf.exe not found!
Deletion of file C:\WINDOWS\system32\isrconf.exe failed!

Could not process line:
C:\WINDOWS\system32\isrconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\isrprov.exe not found!
Deletion of file C:\WINDOWS\system32\isrprov.exe failed!

Could not process line:
C:\WINDOWS\system32\isrprov.exe
Status: 0xc0000034

File C:\WINDOWS\system32\isrprf32.dll not found!
Deletion of file C:\WINDOWS\system32\isrprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\isrprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\iuennwcf.dll not found!
Deletion of file C:\WINDOWS\system32\iuennwcf.dll failed!

Could not process line:
C:\WINDOWS\system32\iuennwcf.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ixsswmas.exe not found!
Deletion of file C:\WINDOWS\system32\ixsswmas.exe failed!

Could not process line:
C:\WINDOWS\system32\ixsswmas.exe
Status: 0xc0000034

File C:\WINDOWS\system32\j2t3crh.dll not found!
Deletion of file C:\WINDOWS\system32\j2t3crh.dll failed!

Could not process line:
C:\WINDOWS\system32\j2t3crh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\jfg3awxsgg.pif not found!
Deletion of file C:\WINDOWS\system32\jfg3awxsgg.pif failed!

Could not process line:
C:\WINDOWS\system32\jfg3awxsgg.pif
Status: 0xc0000034

File C:\WINDOWS\system32\jgawmsne.dll not found!
Deletion of file C:\WINDOWS\system32\jgawmsne.dll failed!

Could not process line:
C:\WINDOWS\system32\jgawmsne.dll
Status: 0xc0000034

File C:\WINDOWS\system32\jgdwadsn.dll not found!
Deletion of file C:\WINDOWS\system32\jgdwadsn.dll failed!

Could not process line:
C:\WINDOWS\system32\jgdwadsn.dll
Status: 0xc0000034

File C:\WINDOWS\system32\jgdwadsn.exe not found!
Deletion of file C:\WINDOWS\system32\jgdwadsn.exe failed!

Could not process line:
C:\WINDOWS\system32\jgdwadsn.exe
Status: 0xc0000034

File C:\WINDOWS\system32\kbdfwshe.exe not found!
Deletion of file C:\WINDOWS\system32\kbdfwshe.exe failed!

Could not process line:
C:\WINDOWS\system32\kbdfwshe.exe
Status: 0xc0000034

File C:\WINDOWS\system32\kbdcrtut.dll not found!
Deletion of file C:\WINDOWS\system32\kbdcrtut.dll failed!

Could not process line:
C:\WINDOWS\system32\kbdcrtut.dll
Status: 0xc0000034

File C:\WINDOWS\system32\lprmneth.dll not found!
Deletion of file C:\WINDOWS\system32\lprmneth.dll failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.dll
Status: 0xc0000034

File C:\WINDOWS\system32\lprmneth.exe not found!
Deletion of file C:\WINDOWS\system32\lprmneth.exe failed!

Could not process line:
C:\WINDOWS\system32\lprmneth.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mcd3mscm.dll not found!
Deletion of file C:\WINDOWS\system32\mcd3mscm.dll failed!

Could not process line:
C:\WINDOWS\system32\mcd3mscm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\mididpnh.dll not found!
Deletion of file C:\WINDOWS\system32\mididpnh.dll failed!

Could not process line:
C:\WINDOWS\system32\mididpnh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ml7swr.exe not found!
Deletion of file C:\WINDOWS\system32\ml7swr.exe failed!

Could not process line:
C:\WINDOWS\system32\ml7swr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mp4sglmf.dll not found!
Deletion of file C:\WINDOWS\system32\mp4sglmf.dll failed!

Could not process line:
C:\WINDOWS\system32\mp4sglmf.dll
Status: 0xc0000034

File C:\WINDOWS\system32\mprmsfma.dll not found!
Deletion of file C:\WINDOWS\system32\mprmsfma.dll failed!

Could not process line:
C:\WINDOWS\system32\mprmsfma.dll
Status: 0xc0000034

File C:\WINDOWS\system32\mqadscp3.exe not found!
Deletion of file C:\WINDOWS\system32\mqadscp3.exe failed!

Could not process line:
C:\WINDOWS\system32\mqadscp3.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msihftpw.dll not found!
Deletion of file C:\WINDOWS\system32\msihftpw.dll failed!

Could not process line:
C:\WINDOWS\system32\msihftpw.dll
Status: 0xc0000034

File C:\WINDOWS\system32\msisnwcf.dll not found!
Deletion of file C:\WINDOWS\system32\msisnwcf.dll failed!

Could not process line:
C:\WINDOWS\system32\msisnwcf.dll
Status: 0xc0000034

File C:\WINDOWS\system32\mspradme.exe not found!
Deletion of file C:\WINDOWS\system32\mspradme.exe failed!

Could not process line:
C:\WINDOWS\system32\mspradme.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msrdtscf.exe not found!
Deletion of file C:\WINDOWS\system32\msrdtscf.exe failed!

Could not process line:
C:\WINDOWS\system32\msrdtscf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msrdwint.dll not found!
Deletion of file C:\WINDOWS\system32\msrdwint.dll failed!

Could not process line:
C:\WINDOWS\system32\msrdwint.dll
Status: 0xc0000034

File C:\WINDOWS\system32\msrdwint.dat not found!
Deletion of file C:\WINDOWS\system32\msrdwint.dat failed!

Could not process line:
C:\WINDOWS\system32\msrdwint.dat
Status: 0xc0000034

File C:\WINDOWS\system32\msrdwint.exe not found!
Deletion of file C:\WINDOWS\system32\msrdwint.exe failed!

Could not process line:
C:\WINDOWS\system32\msrdwint.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mstsodbc.exe not found!
Deletion of file C:\WINDOWS\system32\mstsodbc.exe failed!

Could not process line:
C:\WINDOWS\system32\mstsodbc.exe
Status: 0xc0000034

File C:\WINDOWS\system32\narrwshr.dll not found!
Deletion of file C:\WINDOWS\system32\narrwshr.dll failed!

Could not process line:
C:\WINDOWS\system32\narrwshr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\netfrtm.dll not found!
Deletion of file C:\WINDOWS\system32\netfrtm.dll failed!

Could not process line:
C:\WINDOWS\system32\netfrtm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\nmp.log not found!
Deletion of file C:\WINDOWS\system32\nmp.log failed!

Could not process line:
C:\WINDOWS\system32\nmp.log
Status: 0xc0000034

File C:\WINDOWS\system32\offfmsre.dll not found!
Deletion of file C:\WINDOWS\system32\offfmsre.dll failed!

Could not process line:
C:\WINDOWS\system32\offfmsre.dll
Status: 0xc0000034

File C:\WINDOWS\system32\packwlda.exe not found!
Deletion of file C:\WINDOWS\system32\packwlda.exe failed!

Could not process line:
C:\WINDOWS\system32\packwlda.exe
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtforum.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtforum.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtforum.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtwbmail.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtwbmail.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtwbmail.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtsmt.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtsmt.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtsmt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtsmtspm.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtsmtspm.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtsmtspm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtymsg.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtymsg.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtymsg.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtgtal.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtgtal.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtgtal.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtaim.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmtaim.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmtaim.dll
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmticq.dll not found!
Deletion of file C:\WINDOWS\system32\pfxzmticq.dll failed!

Could not process line:
C:\WINDOWS\system32\pfxzmticq.dll
Status: 0xc0000034

File C:\WINDOWS\system32\psapdani.dll not found!
Deletion of file C:\WINDOWS\system32\psapdani.dll failed!

Could not process line:
C:\WINDOWS\system32\psapdani.dll
Status: 0xc0000034

File C:\WINDOWS\system32\psbaavic.dll not found!
Deletion of file C:\WINDOWS\system32\psbaavic.dll failed!

Could not process line:
C:\WINDOWS\system32\psbaavic.dll
Status: 0xc0000034

File C:\WINDOWS\system32\psbamtxe.dll not found!
Deletion of file C:\WINDOWS\system32\psbamtxe.dll failed!

Could not process line:
C:\WINDOWS\system32\psbamtxe.dll
Status: 0xc0000034

File C:\WINDOWS\system32\q6O823n88.dll not found!
Deletion of file C:\WINDOWS\system32\q6O823n88.dll failed!

Could not process line:
C:\WINDOWS\system32\q6O823n88.dll
Status: 0xc0000034

File C:\WINDOWS\system32\qdvddgrp.exe not found!
Deletion of file C:\WINDOWS\system32\qdvddgrp.exe failed!

Could not process line:
C:\WINDOWS\system32\qdvddgrp.exe
Status: 0xc0000034

File C:\WINDOWS\system32\regaufat.dll not found!
Deletion of file C:\WINDOWS\system32\regaufat.dll failed!

Could not process line:
C:\WINDOWS\system32\regaufat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\rdpwmsjt.exe not found!
Deletion of file C:\WINDOWS\system32\rdpwmsjt.exe failed!

Could not process line:
C:\WINDOWS\system32\rdpwmsjt.exe
Status: 0xc0000034

File C:\WINDOWS\system32\rtutdmin.dll not found!
Deletion of file C:\WINDOWS\system32\rtutdmin.dll failed!

Could not process line:
C:\WINDOWS\system32\rtutdmin.dll
Status: 0xc0000034

File C:\WINDOWS\system32\samsusrr.dll not found!
Deletion of file C:\WINDOWS\system32\samsusrr.dll failed!

Could not process line:
C:\WINDOWS\system32\samsusrr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\samsusrr.exe not found!
Deletion of file C:\WINDOWS\system32\samsusrr.exe failed!

Could not process line:
C:\WINDOWS\system32\samsusrr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sbeddem.dll not found!
Deletion of file C:\WINDOWS\system32\sbeddem.dll failed!

Could not process line:
C:\WINDOWS\system32\sbeddem.dll
Status: 0xc0000034

File C:\WINDOWS\system32\sbeddem.exe not found!
Deletion of file C:\WINDOWS\system32\sbeddem.exe failed!

Could not process line:
C:\WINDOWS\system32\sbeddem.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sccsumdm.dll not found!
Deletion of file C:\WINDOWS\system32\sccsumdm.dll failed!

Could not process line:
C:\WINDOWS\system32\sccsumdm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\sccsumdm.dat not found!
Deletion of file C:\WINDOWS\system32\sccsumdm.dat failed!

Could not process line:
C:\WINDOWS\system32\sccsumdm.dat
Status: 0xc0000034

File C:\WINDOWS\system32\sccsumdm.exe not found!
Deletion of file C:\WINDOWS\system32\sccsumdm.exe failed!

Could not process line:
C:\WINDOWS\system32\sccsumdm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\scp3sdhc.dll not found!
Deletion of file C:\WINDOWS\system32\scp3sdhc.dll failed!

Could not process line:
C:\WINDOWS\system32\scp3sdhc.dll
Status: 0xc0000034

File C:\WINDOWS\system32\scsm.exe not found!
Deletion of file C:\WINDOWS\system32\scsm.exe failed!

Could not process line:
C:\WINDOWS\system32\scsm.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sfxzmtsmt.dll not found!
Deletion of file C:\WINDOWS\system32\sfxzmtsmt.dll failed!

Could not process line:
C:\WINDOWS\system32\sfxzmtsmt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\sfxzmtsmtspm.dll not found!
Deletion of file C:\WINDOWS\system32\sfxzmtsmtspm.dll failed!

Could not process line:
C:\WINDOWS\system32\sfxzmtsmtspm.dll
Status: 0xc0000034

File C:\WINDOWS\system32\shsvmdim.dll not found!
Deletion of file C:\WINDOWS\system32\shsvmdim.dll failed!

Could not process line:
C:\WINDOWS\system32\shsvmdim.dll
Status: 0xc0000034

File C:\WINDOWS\system32\slbipsch.dll not found!
Deletion of file C:\WINDOWS\system32\slbipsch.dll failed!

Could not process line:
C:\WINDOWS\system32\slbipsch.dll
Status: 0xc0000034

File C:\WINDOWS\system32\slbipsch.exe not found!
Deletion of file C:\WINDOWS\system32\slbipsch.exe failed!

Could not process line:
C:\WINDOWS\system32\slbipsch.exe
Status: 0xc0000034

File C:\WINDOWS\system32\snmpmmcn.dll not found!
Deletion of file C:\WINDOWS\system32\snmpmmcn.dll failed!

Could not process line:
C:\WINDOWS\system32\snmpmmcn.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ssconfig.exe not found!
Deletion of file C:\WINDOWS\system32\ssconfig.exe failed!

Could not process line:
C:\WINDOWS\system32\ssconfig.exe
Status: 0xc0000034

File C:\WINDOWS\system32\statd3d.dll not found!
Deletion of file C:\WINDOWS\system32\statd3d.dll failed!

Could not process line:
C:\WINDOWS\system32\statd3d.dll
Status: 0xc0000034

File C:\WINDOWS\system32\statisr.dll not found!
Deletion of file C:\WINDOWS\system32\statisr.dll failed!

Could not process line:
C:\WINDOWS\system32\statisr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\strmwin8.dll not found!
Deletion of file C:\WINDOWS\system32\strmwin8.dll failed!

Could not process line:
C:\WINDOWS\system32\strmwin8.dll
Status: 0xc0000034

File C:\WINDOWS\system32\sysshtic.dll not found!
Deletion of file C:\WINDOWS\system32\sysshtic.dll failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.dll
Status: 0xc0000034

File C:\WINDOWS\system32\sysshtic.exe not found!
Deletion of file C:\WINDOWS\system32\sysshtic.exe failed!

Could not process line:
C:\WINDOWS\system32\sysshtic.exe
Status: 0xc0000034

File C:\WINDOWS\system32\trkwpipa.exe not found!
Deletion of file C:\WINDOWS\system32\trkwpipa.exe failed!

Could not process line:
C:\WINDOWS\system32\trkwpipa.exe
Status: 0xc0000034

File C:\WINDOWS\system32\tscfvjoy.dll not found!
Deletion of file C:\WINDOWS\system32\tscfvjoy.dll failed!

Could not process line:
C:\WINDOWS\system32\tscfvjoy.dll
Status: 0xc0000034

File C:\WINDOWS\system32\uiqzmticq.dll deleted successfully.

File C:\WINDOWS\system32\ujn6oqt.dll not found!
Deletion of file C:\WINDOWS\system32\ujn6oqt.dll failed!

Could not process line:
C:\WINDOWS\system32\ujn6oqt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ulibofff.exe not found!
Deletion of file C:\WINDOWS\system32\ulibofff.exe failed!

Could not process line:
C:\WINDOWS\system32\ulibofff.exe
Status: 0xc0000034

File C:\WINDOWS\system32\uregdeve.dll not found!
Deletion of file C:\WINDOWS\system32\uregdeve.dll failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.dll
Status: 0xc0000034

File C:\WINDOWS\system32\uregdeve.exe not found!
Deletion of file C:\WINDOWS\system32\uregdeve.exe failed!

Could not process line:
C:\WINDOWS\system32\uregdeve.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vb5dmspo.dll not found!
Deletion of file C:\WINDOWS\system32\vb5dmspo.dll failed!

Could not process line:
C:\WINDOWS\system32\vb5dmspo.dll
Status: 0xc0000034

File C:\WINDOWS\system32\vbscqdv.exe not found!
Deletion of file C:\WINDOWS\system32\vbscqdv.exe failed!

Could not process line:
C:\WINDOWS\system32\vbscqdv.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vdshlicw.exe not found!
Deletion of file C:\WINDOWS\system32\vdshlicw.exe failed!

Could not process line:
C:\WINDOWS\system32\vdshlicw.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vmhevnet.dll not found!
Deletion of file C:\WINDOWS\system32\vmhevnet.dll failed!

Could not process line:
C:\WINDOWS\system32\vmhevnet.dll
Status: 0xc0000034

File C:\WINDOWS\system32\vmhevnet.exe not found!
Deletion of file C:\WINDOWS\system32\vmhevnet.exe failed!

Could not process line:
C:\WINDOWS\system32\vmhevnet.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vp31srsv.exe not found!
Deletion of file C:\WINDOWS\system32\vp31srsv.exe failed!

Could not process line:
C:\WINDOWS\system32\vp31srsv.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vp31rpcs.exe not found!
Deletion of file C:\WINDOWS\system32\vp31rpcs.exe failed!

Could not process line:
C:\WINDOWS\system32\vp31rpcs.exe
Status: 0xc0000034

File C:\WINDOWS\system32\w3sskbda.dll not found!
Deletion of file C:\WINDOWS\system32\w3sskbda.dll failed!

Could not process line:
C:\WINDOWS\system32\w3sskbda.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wmvperf.exe not found!
Deletion of file C:\WINDOWS\system32\wmvperf.exe failed!

Could not process line:
C:\WINDOWS\system32\wmvperf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wmvconf.exe not found!
Deletion of file C:\WINDOWS\system32\wmvconf.exe failed!

Could not process line:
C:\WINDOWS\system32\wmvconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wmvstat.dll not found!
Deletion of file C:\WINDOWS\system32\wmvstat.dll failed!

Could not process line:
C:\WINDOWS\system32\wmvstat.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wmvmgr32.dll not found!
Deletion of file C:\WINDOWS\system32\wmvmgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\wmvmgr32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wmvprf32.dll not found!
Deletion of file C:\WINDOWS\system32\wmvprf32.dll failed!

Could not process line:
C:\WINDOWS\system32\wmvprf32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wstdactx.exe not found!
Deletion of file C:\WINDOWS\system32\wstdactx.exe failed!

Could not process line:
C:\WINDOWS\system32\wstdactx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\winbpowr.exe not found!
Deletion of file C:\WINDOWS\system32\winbpowr.exe failed!

Could not process line:
C:\WINDOWS\system32\winbpowr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wmnecomc.dll not found!
Deletion of file C:\WINDOWS\system32\wmnecomc.dll failed!

Could not process line:
C:\WINDOWS\system32\wmnecomc.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wmpcskdl.dll not found!
Deletion of file C:\WINDOWS\system32\wmpcskdl.dll failed!

Could not process line:
C:\WINDOWS\system32\wmpcskdl.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wmspmsv1.z1 not found!
Deletion of file C:\WINDOWS\system32\wmspmsv1.z1 failed!

Could not process line:
C:\WINDOWS\system32\wmspmsv1.z1
Status: 0xc0000034

File C:\WINDOWS\system32\wshtlprh.dll not found!
Deletion of file C:\WINDOWS\system32\wshtlprh.dll failed!

Could not process line:
C:\WINDOWS\system32\wshtlprh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\wupstlnt.dll not found!
Deletion of file C:\WINDOWS\system32\wupstlnt.dll failed!

Could not process line:
C:\WINDOWS\system32\wupstlnt.dll
Status: 0xc0000034

File C:\WINDOWS\system32\xactcomr.exe not found!
Deletion of file C:\WINDOWS\system32\xactcomr.exe failed!

Could not process line:
C:\WINDOWS\system32\xactcomr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\xpspqdvd.exe not found!
Deletion of file C:\WINDOWS\system32\xpspqdvd.exe failed!

Could not process line:
C:\WINDOWS\system32\xpspqdvd.exe
Status: 0xc0000034

File C:\WINDOWS\system32\xpspqdvd.dat not found!
Deletion of file C:\WINDOWS\system32\xpspqdvd.dat failed!

Could not process line:
C:\WINDOWS\system32\xpspqdvd.dat
Status: 0xc0000034

File C:\WINDOWS\system32\xpspqdvd.dll not found!
Deletion of file C:\WINDOWS\system32\xpspqdvd.dll failed!

Could not process line:
C:\WINDOWS\system32\xpspqdvd.dll
Status: 0xc0000034

File C:\WINDOWS\system32\yapconf.exe not found!
Deletion of file C:\WINDOWS\system32\yapconf.exe failed!

Could not process line:
C:\WINDOWS\system32\yapconf.exe
Status: 0xc0000034

File C:\WINDOWS\system32\zlcocard.dll not found!
Deletion of file C:\WINDOWS\system32\zlcocard.dll failed!

Could not process line:
C:\WINDOWS\system32\zlcocard.dll
Status: 0xc0000034

File C:\WINDOWS\system32\zlcocard.exe not found!
Deletion of file C:\WINDOWS\system32\zlcocard.exe failed!

Could not process line:
C:\WINDOWS\system32\zlcocard.exe
Status: 0xc0000034

Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Registry key HKLM\SOFTWARE\Microsoft\advacfgb not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\advacfgb failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\advacfgb not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\advacfgb failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\attmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\attmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\attmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\audmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\audmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\brwmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\brwmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\brwmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\ccfgcscd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\ccfgcscd failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ccfgcscd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ccfgcscd failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\conmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\conmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\conmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\dbgmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\dbgmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbgmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbgmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\decstat not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\decstat failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\decstat failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\dfssrasc not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\dfssrasc failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dfssrasc failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\dssmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\dssmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dssmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\dxtmmnmd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\dxtmmnmd failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dxtmmnmd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dxtmmnmd failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\jgdwadsn not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\jgdwadsn failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jgdwadsn failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\jpgmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\jpgmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jpgmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jpgmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\lprmneth not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\lprmneth failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lprmneth failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\msrdwint not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\msrdwint failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msrdwint not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msrdwint failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\psbamtxe not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\psbamtxe failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psbamtxe not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psbamtxe failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\samsusrr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\samsusrr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\samsusrr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\sccsumdm not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\sccsumdm failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sccsumdm not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sccsumdm failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\slbipsch not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\slbipsch failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\slbipsch not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\slbipsch failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\sysshtic not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\sysshtic failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysshtic failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\uregdeve not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\uregdeve failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uregdeve failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\vmhevnet not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\vmhevnet failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmhevnet failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\wmvmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\wmvmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmvmgr not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmvmgr failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\wstdactx not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\wstdactx failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wstdactx not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wstdactx failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\xpspqdvd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\xpspqdvd failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xpspqdvd not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xpspqdvd failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|accm.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|accm.exe failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|atmconf
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|atmconf failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|audiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|audiag failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|bin32.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|bin32.exe failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|brwdiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|brwdiag failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|chater.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|chater.exe failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ciodiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ciodiag failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|davctool
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|davctool failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|egdiag failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|gdi32.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|gdi32.exe failed!
Status: 0xc0000034

Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ifcdiag
Deletion of r

win32/nuwar worm . soboru adirka.dll

Kdo je online