TMP*.TMP

[zvonicekt]

Zkoušel jsem to pmnlm odstranit killboxem a napsalo to toto:
pendingFileRename Operations Registry Data Has been removed by External Process!

[Reklama]

[Tyrael]

TO X: to je sice pravda ze je to mrtvolka ale nechavat ji v pc taky neni moudre me osobne by to vadilo:P je fakt kdyz uz to nic nedela tak se o to nemusi clovek zajimat ale presto znas to ne! clovek je hold trosku puntickar a kdyz uz tam ten zloduch je tak ho chce dostat pryc!:)

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

PS: Javu pokud jsi zatím neaktualizoval tak to nedělej.

[zvonicekt]

Jelikož je ten výpis dosti dlouhý nahraji ho radši na edisk

http://www.edisk.cz/stahni/65586/ComboFix.txt_61.59KB.html

[Baron Prášil]

použij avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a tento skript

Files to delete:
C:\WINDOWS\system32\hssmkrsc.exe
C:\WINDOWS\system32\pmnlm.exe
C:\WINDOWS\system32\cstatvmq.exe
C:\WINDOWS\system32\amtlldm.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\whse.exe
C:\WINDOWS\system32\dllgcd.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dnhlpss
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcdllx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rmskbsl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winmntfs

po restartu pošli log z avengeru a napiš co kompík

[zvonicekt]

Pokaždé mi to napsalo nějakou chybu. Tady je ten log:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dnhlpss


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcdllx


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rmskbsl


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winmntfs


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yyyvwdjo

*******************

Script file located at: \??\C:\WINDOWS\system32\lfrricmm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\hssmkrsc.exe not found!
Deletion of file C:\WINDOWS\system32\hssmkrsc.exe failed!

Could not process line:
C:\WINDOWS\system32\hssmkrsc.exe
Status: 0xc0000034



File C:\WINDOWS\system32\pmnlm.exe not found!
Deletion of file C:\WINDOWS\system32\pmnlm.exe failed!

Could not process line:
C:\WINDOWS\system32\pmnlm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\cstatvmq.exe not found!
Deletion of file C:\WINDOWS\system32\cstatvmq.exe failed!

Could not process line:
C:\WINDOWS\system32\cstatvmq.exe
Status: 0xc0000034



File C:\WINDOWS\system32\amtlldm.exe not found!
Deletion of file C:\WINDOWS\system32\amtlldm.exe failed!

Could not process line:
C:\WINDOWS\system32\amtlldm.exe
Status: 0xc0000034



Could not open file C:\Program Files\WhenUSearch\Search.exe for deletion
Deletion of file C:\Program Files\WhenUSearch\Search.exe failed!

Could not process line:
C:\Program Files\WhenUSearch\Search.exe
Status: 0xc000003a



Could not open file C:\Program Files\WhenUSearch\whse.exe for deletion
Deletion of file C:\Program Files\WhenUSearch\whse.exe failed!

Could not process line:
C:\Program Files\WhenUSearch\whse.exe
Status: 0xc000003a



File C:\WINDOWS\system32\dllgcd.exe not found!
Deletion of file C:\WINDOWS\system32\dllgcd.exe failed!

Could not process line:
C:\WINDOWS\system32\dllgcd.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[fredik]

Smaž ComboFix co máš na ploše a stáhni si ho znovu. Spusť ho a vlož sem z něho log.