Please help - HiJackThis..

[Alenka.cz]

Prosím o kontrolu a rady, jsem Los Lamos

Logfile of HijackThis v1.99.1
Scan saved at 15:55:29, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MSTMON_N.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Alenka\Plocha\log\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xaqsf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jvxwpng.exe
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing)
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\Run: [Win Services] Srv32.exe
O4 - HKLM\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\Run: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\Run: [hiegff] C:\WINDOWS\System32\hqaofh.exe reg_run
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\System32\MSTMON_N.EXE
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aehydsmx.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dudrcdfp.dll",setvm
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kfclmnxj.dll",setvm
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKCU\..\Run: [Bneux] C:\Documents and Settings\Alenka\Dokumenty\??mbols\iexplore.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [fjdslfd] C:\WINDOWS\system32\mat1.exe
O4 - HKCU\..\Run: [fjdslssdfd] C:\WINDOWS\system32\mat2.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9363303016
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E425CF-D8BC-4942-B5C4-3C0FFF4EF6E6}: NameServer = 210.87.250.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{93EF0640-3154-4417-BFE4-1B1375904641}: NameServer = 210.87.250.48
O17 - HKLM\System\CS1\Services\Tcpip\..\{33E425CF-D8BC-4942-B5C4-3C0FFF4EF6E6}: NameServer = 210.87.250.48
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWxlbmth\command.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)

Dík..

[Reklama]

[memphisto]

máš tam nějaké zajímavé názvy souborů

fixni tohle:
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

a pokud nevíš co je tohle tak zkontroluj na http://www.virustotal.com :
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xaqsf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jvxwpng.exe
O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
O4 - HKCU\..\Run: [fjdslfd] C:\WINDOWS\system32\mat1.exe
O4 - HKCU\..\Run: [fjdslssdfd] C:\WINDOWS\system32\mat2.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe

a doinstaluj firewall
třeba někdo poradí ještě víc

[fredik]

Máš tam pěknou sbírku.

Jelikož je tam toho dost tak to rozdělíme na 2 části aby toho nebylo ze začátku toho moc.

1. krok
Stáhni si LSPFix a spusť ho.
V okně zatrhni čtvereček u volby I know what i'm doing a zaktivují se ti šipečky mezi okny.A potom v levém okně označ rsvp32_2.dll šipkama >> jej přesuň do pravého okna.Poté klikni na tlačítko Finish.
Ale nepřesunuj nic jiného jinak by jsi si mohl znefukčnit internet a kdyby v tom pravém bude ještě něco jiného než rsvp32_2.dll tak ho tak to přesuň šipkami << zpět do levého okna.

Teprve až to uděláš první krok pak pokračuj následujícími kroky:
2.krok
Tyto služby zastav měly by se jmenovat:
Command Service
Win32 Kernel Update
MicroSoft Media Tools

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWxlbmth\command.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)

Start -> Spustit - > napiš services.msc a dej OK. Otevře se ti okno Služby. V ní ji najdi, klikni na ní pravým tlačítkem myši Vlastnosti a ve vlastnostech nastavte typ spouštění na zakázáno.

3.krok
Stáhni si SDFix a spusť ho ,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.

Pak co zůstane dořešíme.

[Alenka.cz]

Tak zatím jsem udělala krok 1 a 2.. s tím krokem 3 mám trošku problém, protože když spustím nouzový režim zůstane mi celý černý monitor a v každém rohu je napsáno nouzový režim a nejde na nic kliknout, protože tam vlastně ani nic neni

[fredik]

Ono chvilku trvá než to najede do nouzového režimu. Podle toho co píšeš jsi se asi ještě nedostala k té tabulce kde máš kliknout na Ano. Zkus dát tomu trochu čas. Pokud by to nešlo tak dej vědět. Uděláme jiný postup.

[Alenka.cz]

Objeví se mi tam ta tabulka s ANO a NE, ale zmizí ještě než na ní stihnu kliknout..

[fredik]

Takže to uděláme jinak:
Stáhněte si program NordRem

- Spusťte program a postupně klikněte na tlačítka Další a Rozbalit
- Program se vás zeptá na spuštění souboru start.bat, spuštění potvrďte a počítač se následně restartuje.
- Pokud dojde k ukončení s chybovým hlášením, restartujte do Nouzového režimu, kde ho spustíte již uvedeným způsobem.
- Restartujete již do klasického režimu.

Řekni jestli to projelo v pořádku. Udělej a dej sem aktuální log z HJT.

[Alenka.cz]

Chybová hláška vyskočila, restartovala jsem do NR a tam mi nejdřív naběhlo okno, kde se postupně vypsalo co všechno bylo odstraněno a pak zas jen černý monitor.. tak jak?

[fredik]

S tebou je práce
No teď nevím jestli to projelo nebo ne. Mrkni se na disk C: do adresáře NordRem jestli tam nebude nějaký textový soubor (txt) a zkopíruj sem jeho obsah ale ne soubor script.txt.

[Alenka.cz]

Myslím, že projelo.. když jsem restartovala tak se otevřel poznamkový blok s tím výpisem, tak mmnt, zkopíruju to sem, i výpis z HJT.. sry, že mi to všechno tak dlouho trvá, na tom mým kompu mi totiž nejde net.. tak to nosím na bráchův na flashce

[Alenka.cz]

Takže:)

Výpis z NordRemu:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sgxpkmye

*******************

Script file located at: \??\C:\cvbqajrq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll for deletion
Deletion of file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll failed!

Could not process line:
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\artm_new.dll
Status: 0xc000003a



Could not open file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\partnership.dll for deletion
Deletion of file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\partnership.dll failed!

Could not process line:
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\partnership.dll
Status: 0xc000003a



Could not open file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\polymorph.dll for deletion
Deletion of file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\polymorph.dll failed!

Could not process line:
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\polymorph.dll
Status: 0xc000003a



Could not open file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\winsys2f.dll for deletion
Deletion of file C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\winsys2f.dll failed!

Could not process line:
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\winsys2f.dll
Status: 0xc000003a



File C:\exe.exe not found!
Deletion of file C:\exe.exe failed!

Could not process line:
C:\exe.exe
Status: 0xc0000034



File C:\syst.exe not found!
Deletion of file C:\syst.exe failed!

Could not process line:
C:\syst.exe
Status: 0xc0000034



File C:\WINDOWS\system32\a3dxq.dll not found!
Deletion of file C:\WINDOWS\system32\a3dxq.dll failed!

Could not process line:
C:\WINDOWS\system32\a3dxq.dll
Status: 0xc0000034



File C:\WINDOWS\system32\abc.exe not found!
Deletion of file C:\WINDOWS\system32\abc.exe failed!

Could not process line:
C:\WINDOWS\system32\abc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\adir.dll not found!
Deletion of file C:\WINDOWS\system32\adir.dll failed!

Could not process line:
C:\WINDOWS\system32\adir.dll
Status: 0xc0000034



File C:\WINDOWS\system32\adirka.dll not found!
Deletion of file C:\WINDOWS\system32\adirka.dll failed!

Could not process line:
C:\WINDOWS\system32\adirka.dll
Status: 0xc0000034



File C:\WINDOWS\system32\adirka.exe not found!
Deletion of file C:\WINDOWS\system32\adirka.exe failed!

Could not process line:
C:\WINDOWS\system32\adirka.exe
Status: 0xc0000034



File C:\WINDOWS\system32\adirss.exe not found!
Deletion of file C:\WINDOWS\system32\adirss.exe failed!

Could not process line:
C:\WINDOWS\system32\adirss.exe
Status: 0xc0000034



File C:\WINDOWS\system32\aimsmx.dll not found!
Deletion of file C:\WINDOWS\system32\aimsmx.dll failed!

Could not process line:
C:\WINDOWS\system32\aimsmx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\alsys.exe not found!
Deletion of file C:\WINDOWS\system32\alsys.exe failed!

Could not process line:
C:\WINDOWS\system32\alsys.exe
Status: 0xc0000034



File C:\WINDOWS\system32\aosmx.dll not found!
Deletion of file C:\WINDOWS\system32\aosmx.dll failed!

Could not process line:
C:\WINDOWS\system32\aosmx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\clcbt.exe not found!
Deletion of file C:\WINDOWS\system32\clcbt.exe failed!

Could not process line:
C:\WINDOWS\system32\clcbt.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ctpmon.exe not found!
Deletion of file C:\WINDOWS\system32\ctpmon.exe failed!

Could not process line:
C:\WINDOWS\system32\ctpmon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\dd.exe not found!
Deletion of file C:\WINDOWS\system32\dd.exe failed!

Could not process line:
C:\WINDOWS\system32\dd.exe
Status: 0xc0000034



File C:\WINDOWS\system32\google.png.exe not found!
Deletion of file C:\WINDOWS\system32\google.png.exe failed!

Could not process line:
C:\WINDOWS\system32\google.png.exe
Status: 0xc0000034



File C:\WINDOWS\system32\gtalsmx.dll not found!
Deletion of file C:\WINDOWS\system32\gtalsmx.dll failed!

Could not process line:
C:\WINDOWS\system32\gtalsmx.dll
Status: 0xc0000034



File C:\WINDOWS\system32\inet.exe not found!
Deletion of file C:\WINDOWS\system32\inet.exe failed!

Could not process line:
C:\WINDOWS\system32\inet.exe
Status: 0xc0000034



File C:\WINDOWS\system32\kernels1118.exe not found!
Deletion of file C:\WINDOWS\system32\kernels1118.exe failed!

Could not process line:
C:\WINDOWS\system32\kernels1118.exe
Status: 0xc0000034



File C:\WINDOWS\system32\kernels88.exe not found!
Deletion of file C:\WINDOWS\system32\kernels88.exe failed!

Could not process line:
C:\WINDOWS\system32\kernels88.exe
Status: 0xc0000034



File C:\WINDOWS\system32\lnwin.exe not found!
Deletion of file C:\WINDOWS\system32\lnwin.exe failed!

Could not process line:
C:\WINDOWS\system32\lnwin.exe
Status: 0xc0000034



File C:\WINDOWS\system32\m2.exe not found!
Deletion of file C:\WINDOWS\system32\m2.exe failed!

Could not process line:
C:\WINDOWS\system32\m2.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ma.exe not found!
Deletion of file C:\WINDOWS\system32\ma.exe failed!

Could not process line:
C:\WINDOWS\system32\ma.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ma.exe.exe not found!
Deletion of file C:\WINDOWS\system32\ma.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\ma.exe.exe
Status: 0xc0000034



File C:\WINDOWS\system32\msi.exe not found!
Deletion of file C:\WINDOWS\system32\msi.exe failed!

Could not process line:
C:\WINDOWS\system32\msi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\mszsrn32.dll not found!
Deletion of file C:\WINDOWS\system32\mszsrn32.dll failed!

Could not process line:
C:\WINDOWS\system32\mszsrn32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\nordsys.exe not found!
Deletion of file C:\WINDOWS\system32\nordsys.exe failed!

Could not process line:
C:\WINDOWS\system32\nordsys.exe
Status: 0xc0000034



File C:\WINDOWS\system32\peers.ini not found!
Deletion of file C:\WINDOWS\system32\peers.ini failed!

Could not process line:
C:\WINDOWS\system32\peers.ini
Status: 0xc0000034

File C:\WINDOWS\system32\pfxzmtaim.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtforum.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtgtal.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmticq.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtsmtspm.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtwbmail.dll deleted successfully.
File C:\WINDOWS\system32\pfxzmtymsg.dll deleted successfully.


File C:\WINDOWS\system32\ppl.exe not found!
Deletion of file C:\WINDOWS\system32\ppl.exe failed!

Could not process line:
C:\WINDOWS\system32\ppl.exe
Status: 0xc0000034



File C:\WINDOWS\system32\pp.exe.exe not found!
Deletion of file C:\WINDOWS\system32\pp.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\pp.exe.exe
Status: 0xc0000034



File C:\WINDOWS\system32\rpcc.dll not found!
Deletion of file C:\WINDOWS\system32\rpcc.dll failed!

Could not process line:
C:\WINDOWS\system32\rpcc.dll
Status: 0xc0000034



File C:\WINDOWS\system32\rsvp32_2.dll not found!
Deletion of file C:\WINDOWS\system32\rsvp32_2.dll failed!

Could not process line:
C:\WINDOWS\system32\rsvp32_2.dll
Status: 0xc0000034



File C:\WINDOWS\system32\se.exe not found!
Deletion of file C:\WINDOWS\system32\se.exe failed!

Could not process line:
C:\WINDOWS\system32\se.exe
Status: 0xc0000034



File C:\WINDOWS\system32\se.exe.exe not found!
Deletion of file C:\WINDOWS\system32\se.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\se.exe.exe
Status: 0xc0000034



File C:\WINDOWS\system32\setup.exe.tmp not found!
Deletion of file C:\WINDOWS\system32\setup.exe.tmp failed!

Could not process line:
C:\WINDOWS\system32\setup.exe.tmp
Status: 0xc0000034

File C:\WINDOWS\system32\sfxzmtsmt.dll deleted successfully.
File C:\WINDOWS\system32\sfxzmtsmtspm.dll deleted successfully.


File C:\WINDOWS\system32\sm.exe not found!
Deletion of file C:\WINDOWS\system32\sm.exe failed!

Could not process line:
C:\WINDOWS\system32\sm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\spoolsvv.exe not found!
Deletion of file C:\WINDOWS\system32\spoolsvv.exe failed!

Could not process line:
C:\WINDOWS\system32\spoolsvv.exe
Status: 0xc0000034

File C:\WINDOWS\system32\sporder.dll deleted successfully.


File C:\WINDOWS\system32\ss.exe not found!
Deletion of file C:\WINDOWS\system32\ss.exe failed!

Could not process line:
C:\WINDOWS\system32\ss.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ss.exe.exe not found!
Deletion of file C:\WINDOWS\system32\ss.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\ss.exe.exe
Status: 0xc0000034



File C:\WINDOWS\system32\syspools.exe not found!
Deletion of file C:\WINDOWS\system32\syspools.exe failed!

Could not process line:
C:\WINDOWS\system32\syspools.exe
Status: 0xc0000034



File C:\WINDOWS\system32\taskdir.exe not found!
Deletion of file C:\WINDOWS\system32\taskdir.exe failed!

Could not process line:
C:\WINDOWS\system32\taskdir.exe
Status: 0xc0000034



File C:\WINDOWS\system32\testeter.exe not found!
Deletion of file C:\WINDOWS\system32\testeter.exe failed!

Could not process line:
C:\WINDOWS\system32\testeter.exe
Status: 0xc0000034



File C:\WINDOWS\system32\testtestt.exe not found!
Deletion of file C:\WINDOWS\system32\testtestt.exe failed!

Could not process line:
C:\WINDOWS\system32\testtestt.exe
Status: 0xc0000034



File C:\WINDOWS\system32\via.exe not found!
Deletion of file C:\WINDOWS\system32\via.exe failed!

Could not process line:
C:\WINDOWS\system32\via.exe
Status: 0xc0000034



File C:\WINDOWS\system32\w.exe not found!
Deletion of file C:\WINDOWS\system32\w.exe failed!

Could not process line:
C:\WINDOWS\system32\w.exe
Status: 0xc0000034



File C:\WINDOWS\system32\w.exe.exe not found!
Deletion of file C:\WINDOWS\system32\w.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\w.exe.exe
Status: 0xc0000034

File C:\WINDOWS\system32\Wincom32.ini deleted successfully.


File C:\WINDOWS\system32\wincom32.sys not found!
Deletion of file C:\WINDOWS\system32\wincom32.sys failed!

Could not process line:
C:\WINDOWS\system32\wincom32.sys
Status: 0xc0000034



File C:\WINDOWS\system32\xpupdate.exe not found!
Deletion of file C:\WINDOWS\system32\xpupdate.exe failed!

Could not process line:
C:\WINDOWS\system32\xpupdate.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ymsgsmx.dll not found!
Deletion of file C:\WINDOWS\system32\ymsgsmx.dll failed!

Could not process line:
C:\WINDOWS\system32\ymsgsmx.dll
Status: 0xc0000034

File C:\WINDOWS\system32\zlbw.dll deleted successfully.


File C:\WINDOWS\system32\zu.exe not found!
Deletion of file C:\WINDOWS\system32\zu.exe failed!

Could not process line:
C:\WINDOWS\system32\zu.exe
Status: 0xc0000034



File C:\WINDOWS\system32\zu.exe.exe not found!
Deletion of file C:\WINDOWS\system32\zu.exe.exe failed!

Could not process line:
C:\WINDOWS\system32\zu.exe.exe
Status: 0xc0000034



File C:\WINDOWS\ma.exe not found!
Deletion of file C:\WINDOWS\ma.exe failed!

Could not process line:
C:\WINDOWS\ma.exe
Status: 0xc0000034



File C:\WINDOWS\pp.exe not found!
Deletion of file C:\WINDOWS\pp.exe failed!

Could not process line:
C:\WINDOWS\pp.exe
Status: 0xc0000034



File C:\WINDOWS\sysvx_.exe not found!
Deletion of file C:\WINDOWS\sysvx_.exe failed!

Could not process line:
C:\WINDOWS\sysvx_.exe
Status: 0xc0000034



File C:\WINDOWS\via.exe not found!
Deletion of file C:\WINDOWS\via.exe failed!

Could not process line:
C:\WINDOWS\via.exe
Status: 0xc0000034



File C:\WINDOWS\xpupdate.exe not found!
Deletion of file C:\WINDOWS\xpupdate.exe failed!

Could not process line:
C:\WINDOWS\xpupdate.exe
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Services\wincom32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\wincom32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\wincom32
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\A3dxq not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\A3dxq failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mszsrn32 not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mszsrn32 failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsys2freg not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsys2freg failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Agent
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Agent failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Clcbt.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Clcbt.exe failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft WPCEmail
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft WPCEmail failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|lnwin.exe
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|lnwin.exe failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Nord
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Nord failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Spoolsvv
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Spoolsvv failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Sysinter
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Sysinter failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System spool
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System spool failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System64
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|System64 failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Sysvx
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Sysvx failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Xp_system
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Xp_system failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|SystemTools
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|SystemTools failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|SystemTools32
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|SystemTools32 failed!
Status: 0xc0000034

Program C:\NordRem\fix.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.




A výpis z HJT:

Logfile of HijackThis v1.99.1
Scan saved at 18:38:41, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MSTMON_N.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alenka\Plocha\log\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xaqsf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jvxwpng.exe
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing)
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\Run: [Win Services] Srv32.exe
O4 - HKLM\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\Run: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\Run: [hiegff] C:\WINDOWS\System32\hqaofh.exe reg_run
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\System32\MSTMON_N.EXE
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aehydsmx.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dudrcdfp.dll",setvm
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kfclmnxj.dll",setvm
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKCU\..\Run: [Bneux] C:\Documents and Settings\Alenka\Dokumenty\??mbols\iexplore.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000141.exe
O4 - HKCU\..\Run: [fjdslfd] C:\WINDOWS\system32\mat1.exe
O4 - HKCU\..\Run: [fjdslssdfd] C:\WINDOWS\system32\mat2.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9363303016
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E425CF-D8BC-4942-B5C4-3C0FFF4EF6E6}: NameServer = 210.87.250.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{93EF0640-3154-4417-BFE4-1B1375904641}: NameServer = 210.87.250.48
O17 - HKLM\System\CS1\Services\Tcpip\..\{33E425CF-D8BC-4942-B5C4-3C0FFF4EF6E6}: NameServer = 210.87.250.48
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

[fredik]

Už se pomalu blížíme k cíli:

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\xaqsf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jvxwpng.exe
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing)
O4 - HKLM\..\Run: [winsystems25] winsystems.exe
O4 - HKLM\..\Run: [Win Services] Srv32.exe
O4 - HKLM\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\Run: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [libznc] rundll32.exe C:\WINDOWS\System32\libznc.dll,start
O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aehydsmx.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dudrcdfp.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\kfclmnxj.dll",setvm
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [Win Services] Srv32.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] oylmpics.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] expl0rer.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [Machine Debug Manager] oylmpics.exe
O4 - HKCU\..\Run: [fjdslfd] C:\WINDOWS\system32\mat1.exe
O4 - HKCU\..\Run: [fjdslssdfd] C:\WINDOWS\system32\mat2.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: *.mmohsix.com
po zaškrtnutí klikni na tlačítko Fix Checked

Pak projeď Pc tímto:
Stáhni si Mwav. Proveď update a spusť prohlídku přes tlačítko Scan & Clean (nesmíš mít zatrhnutou volbu Scan Only). Pokud ještě něco najde tak to odstraní. Po skončení prohlídky bude chtít možná restart tak ho povol.

Pak sem dej znovu nový log z HJT.