Winlogon.exe vir

[Damned]

Tak log je potom OK.

[Reklama]

[Tequilla]

Zdravim tiez mam problem s winlogon.exe moj firewall Kerio mi vyhadzuje kolonku: Aplikace Sunbelt Kerio Personal Firewall zachytila a zablokovala pokus o průnik typu Injekce kódu.Zablokován pokus o průnik. Narušitel: \??\C:\WINDOWS\system32\winlogon.exe
Podrobnosti:
Jméno produktu: Firefox
Verze produktu: 2.0.0.4
............
Adresa injekce......
Posielam aj Log


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:05:29, on 3.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Moje Dokumenty\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{537AED10-97AB-4273-A1CB-58DFD3CBE23E}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{65EFC17C-C469-4158-9366-ABB4576DE66D}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{92C08AC2-4164-4F7B-BB99-12264CE174F7}: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F4B65F-6402-4744-841B-50B3222D5811}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CS2\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9553 bytes


Za pomoc vopred Dakujem

[fredik]

Zdravím a vítám Tě na fóru: PC-HELP

Příště si založ prosím tě vlastní téma.

1) Stáhni si Killbox
do volného řádku zkopíruj tento tučně označený text:
C:\WINDOWS\SYSTEM32\winepi32.dll

a zaškrtni Delete on Reboot a Unregister .dll Before Deleting
pak stiskni bílý křížek v červeném kolečku. PC bude chtít restart tak to povol.

2) Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: winepi32 - C:\WINDOWS\SYSTEM32\winepi32.dll
po zaškrtnutí klikni na tlačítko Fix Checked

3) Vzhledem k nedávno zveřejněné chybě v Javě (verze kterou tam máš) bych ti doporučil provést její Update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6u1
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6u1 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u1-windows-i586-p.exe, který sis stáhl na začátku.

4) Použij Fixwareout a vlož sem z něho log
+ nový log z HJT.

[Tequilla]

Dííííík moc s winlogom uz problem nemam ale ohladne tej Javy-Stiahol som si ju, vymazal som jej stare adresáre ale pri instalácií taj novej javy sa v polovici instalácie vyhodila tabulka:
Java(TM) SE Runtime Environment 6 Update 1...
Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor.
A potom sa ukonci instalácia. Uz sa mi parkrát stalo ze po pripojeni k internetu sa mi vyhodila tabulka vpravo dole na Paneli nástrojov ze chce Java Update a spravilo to presne toto isté v polovici instalácie vyskocila tato istá tabulka a nevedel som ako dalej. Nevies co s tym mozem mat?

[fredik]

Použij CCleaner (Čistič a Problémy)

Sice to není přesné číslo tvé chyby ale je to stejná chybová hláška, tak zkus použít postup tam zmíněný: Error 1722. There is a problem with this Windows Installer package
uvidíme jestli ti to pomůže.

Vlož se pak ty dva logy jak jsem psal.

[Tequilla]

Skusil som ten CCleaner ale tej blbej tabulke pri instalacii som sa nevihol takze mi len vicistil Comp, co som si vsimol vecsiu rýchlost instalácie pri snahe o instalaciu Javy. A k tym log-om dam Vam sem len log z HiJackThis ktory som spravil po precisteni CCleaner-om lebo ten log z Fixwareout mi nesiel spravit lepsie povedane neviem sa dostat do Núdzového režimu- dal som restartovat PC "presne podla návodu ktory som tu nasiel,, a zadával som rychlo F8 F2 skusal som aj kombinácie ako som tu cital Ctrl Shift Esc ale nic. Mozno je problem v tom ze mam tusim vypalenu poistku v PC (uz raz mi to opravoval jeden Dobrí známi co je Programátor=a PC mi super fungovalo dalej). Lebo teraz mi to vypisuje zasa tu istu hlasku ako vtedy: Rechack to CPU Soft... Press to F1.
Lenže ten moj známi je momentálne v Anglicku a uz ho nechcem otravovat takymito vecami. Este sa budem pokusat dostat do NR ked sa mi to podary tak sem ten Log z Fixwareout urcite dám.

Log z HiJackThis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:27:59, on 4.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxAdslL.exe
C:\WINDOWS\system32\msiexec.exe
E:\Moje Dokumenty\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{537AED10-97AB-4273-A1CB-58DFD3CBE23E}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{65EFC17C-C469-4158-9366-ABB4576DE66D}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{92C08AC2-4164-4F7B-BB99-12264CE174F7}: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F4B65F-6402-4744-841B-50B3222D5811}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O17 - HKLM\System\CS2\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.138 85.255.112.171
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8465 bytes

[fredik]

Ohledně té javy, byla vydán nový její update před pár dny. Stáhneš ho opět na tom odkazu co jsem dal minule, ale hledej ho pod položkou Java Runtime Environment (JRE) 6u2 tak ji zkus stáhnou a nainstalovat. (Před případnou instalací si zkontroluj jestli nemáš žádnou verzi Javy v Přidat nebo odebrat programy)

Ten CCleaner byl jen na pročištění, zkoušel jsi ten postup co jsem dával v tom odkazu "Error 1722. There is a problem with this Windows Installer package". Pokud by to ani pak nešlo tak je ještě jedna možnost ale není tady zaručeno že výsledek nebudu stejný. To můžeme pak zkusit.

Ohledně toho že se nemůžeš dostat do Nouzového režimu tak zkus udělat log z Combofix a vlož ho sem:
Stáhni si a spusť ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Ten Fixwareout se dá použít případně i v normálním režimu, ale uvidíme po logu z Combofixu, jestli je případný problém s nouzovým režimem.

Zkus si zatím zjistit od tvého poskytovatele připojení nastavení IP adresy DNS serverů.

Bude ale chvíli trvat než se ti na to mrknu, protože tu budu až koncem příštího týdne.

[Tequilla]

Tak som si stiahol tu Javu Update2 ale stale mi vyskakuje ta blba tabulka. Hladal som nieco cez google a mam pocit ze som na nieco natrafil http://www.tokeshi.com/index.php?option=com_content&task=view&id=4889 na tejto stranke sa píse nieco ako Prícina ze nejaky MSI balík nemusí byt správne Odstránení z ponuky Pridanie alebo Odstránenie Programov (Ajked v Tejto spomínanej ponuke uz nemam nic od Javy). Osobne neviem ci mozem verit takejto stránke ale z osobných skuseností viem ze pri instalácií niektorých programov som sa so skratkou MSI stretol nieco MSI Installation. A v Rozhodnutí pisu ze mam pouzivat Windows Installer CleanUp Utility, a

Tento nástroj může být použitý pro nějaký MSI program který nemůže instalovat nebo odinstalovat pořádně z Add nebo Remove Programs.

Tak som si ten odporúcany program vahladal cez google a hned prvy odkaz mi vyhodil na Microsoft na http://support.microsoft.com/kb/290301 ale tie informácie:Důležité upozornění ma tak trocha vistrasily veta ze: V případě, že používáte tento nástroj, bude možná nutné přeinstalovat některé programy. Ajked je pravda ze tato utilita kedze je od MS vo mne vzbudzuje dôveru. Ozaj a ku: ComboFix, stiahol som si ho ale ked ho spustim tak vyskoci len okno MS Dos a v nom:Prístup bol odoprený.

[Baron Prášil]

ten log z Combofixu by se hodil

[sakiri]

Pokud ti nejde spustit ComboFix tak udělej toto:
Stáhni si Deckard's System Scanner.
- Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.
- Až program skončí tak by program měl vytvořit 2 logy proto se ti 2krát otevře notepad. Jeden log bude mít název main.txt a druhý extra.txt. Tak sem zkopíruj pouze ten main.txt

[Tequilla]

Tak tu je ten Log z Deckard's System Scanner main.txt


Deckard's System Scanner v20070611.50
Run by Owner on 2007-07-07 at 17:31:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2007-07-07 15:31:12 UTC - RP171 - Deckard's System Scanner Restore Point
76: 2007-07-07 11:50:27 UTC - RP170 - Installed Java(TM) 6 Update 2
75: 2007-07-06 17:43:05 UTC - RP169 - Kontrolný bod systému
74: 2007-07-05 14:43:26 UTC - RP168 - Installed Java(TM) SE Runtime Environment 6 Update 1
73: 2007-07-05 14:24:55 UTC - RP167 - Installed Java(TM) SE Runtime Environment 6 Update 1


-- First Restore Point --
1: 2007-04-09 05:29:41 UTC - RP95 - Kontrolný bod systému


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-07 17:32:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\soundman.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Labtec Wireless Desktop\OSD.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
E:\Moje Dokumenty\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\Trellian\Toolbar\toolbar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\Trellian\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Načítať použitie &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: (no name) - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send To &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... mv9dmo.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ECB1E95-59BD-4095-84A7-363608B41F0F}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{537AED10-97AB-4273-A1CB-58DFD3CBE23E}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{65EFC17C-C469-4158-9366-ABB4576DE66D}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F8F4B65F-6402-4744-841B-50B3222D5811}: NameServer = 85.255.113.138,85.255.112.171
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters:
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters:
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters:
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 MUsbFltr (WayTechUSBFilterDriver) - c:\windows\system32\drivers\musbfltr.sys <Not Verified; Waytech Development, Inc.; >
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 UsbFltr (WayTechUSBFilterDriver) - c:\windows\system32\drivers\usbfltr.sys <Not Verified; Waytech Development, Inc.; Ortek USB Keypad>
R3 CnxEtP (Conexant AccessRunner USB ADSL WAN Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxEtU (Conexant AccessRunner USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant; Conexant USB ADSL Modem>
R3 CnxTgN (Conexant AccessRunner USB ADSL WAN Adapter Driver) - c:\windows\system32\drivers\cnxtgn.sys <Not Verified; Conexant Systems Inc.; Conexant AccessRunner ADSL>
R3 pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 SpyEmrg (Spy Emergency Driver) - c:\windows\system32\drivers\spyemrg.sys (file missing)
S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 FileObjInfo (STFileDriver) - c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys (file missing)
S3 GEARAspiWDM - c:\windows\system32\drivers\gearaspiwdm.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-01-26 21:39:35 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-07 and 2007-07-07 -----------------------------

2007-07-07 13:50:27 0 d-------- C:\Program Files\Java
2007-07-05 15:35:56 90112 -----n--- C:\WINDOWS\SDUnInst.exe <Not Verified; Software Design; UnInstaller Utility for Windows>
2007-07-04 14:13:31 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-07-04 14:02:46 0 d-------- C:\Program Files\CCleaner
2007-07-03 16:24:54 0 d-------- C:\!KillBox
2007-07-01 18:12:56 0 d-------- C:\Program Files\Accent EXCEL Password Recovery
2007-07-01 17:07:59 5120 --a------ C:\cjsmkng.exe
2007-07-01 17:07:53 32330 --a------ C:\hivtvru.exe
2007-07-01 17:07:49 32330 --a------ C:\xfufinsm.exe
2007-07-01 16:03:49 0 d-------- C:\Program Files\SuperDVD Video Editor
2007-07-01 15:08:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Ulead Systems
2007-07-01 15:01:01 0 d-------- C:\Program Files\Windows Media Components
2007-07-01 14:56:28 0 d-------- C:\Program Files\Ulead Systems
2007-06-28 12:17:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-25 21:23:46 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-06-12 20:39:11 0 d-------- C:\Program Files\Passware
2007-06-08 17:14:11 0 d-------- C:\Program Files\EA GAMES


-- Find3M Report ---------------------------------------------------------------

2007-07-07 13:50:07 0 --a------ C:\WINDOWS\XXLGSC
2007-07-05 14:43:05 0 d-------- C:\Program Files\Notepad++
2007-07-05 14:42:16 0 d-------- C:\Documents and Settings\Owner\Application Data\ZipGenius
2007-07-04 18:32:54 0 d-------- C:\Program Files\Windows Live Safety Center
2007-07-03 17:16:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-03 17:15:29 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-07-01 17:07:47 0 d-------- C:\Program Files\Labtec Wireless Desktop
2007-06-26 16:56:18 0 d-------- C:\Program Files\Winamp
2007-06-02 19:26:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2007-06-01 13:21:38 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-06-01 13:14:00 0 d-------- C:\Program Files\MediaCoder
2007-05-29 21:00:02 0 d-------- C:\Program Files\Sierra
2007-05-29 13:02:32 0 d-------- C:\Program Files\vso
2007-05-15 19:21:04 0 d-------- C:\Program Files\AlienGUIse
2007-05-15 19:17:58 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-05-15 18:54:23 0 d-------- C:\Program Files\DarXide games
2007-05-15 18:54:05 0 d-------- C:\Program Files\Nvu
2007-05-15 18:34:40 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{24180B00-2EB6-11d7-BD6F-004854603DCE} C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
{2DB66063-BB98-466A-AA0D-3E7ACF5ED853} C:\WINDOWS\WebIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CnxDslTaskBar"="\"C:\\Program Files\\DrayTek\\Vigor318 ADSL\\CnxDslTb.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WEBTRAN"=""
"OEXPRESS"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Schedule


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c14ac7ba-52f0-11db-afd2-806d6172696f}]
Shell\AutoRun\command E:\setupSNK.exe


-- Hosts -----------------------------------------------------------------------

127.255.255.255 serial.alcohol-soft.com
127.255.255.255 http://www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com


-- End of Deckard's System Scanner: finished at 2007-07-07 at 17:34:00 ---------

[Baron Prášil]

nejdřív použij fixwareout jak psal fredik
http://www.viry.cz/forum/viewtopic.php?t=18759

po restartu použij Avenger
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a skript

Files to delete:
C:\cjsmkng.exe
C:\hivtvru.exe
C:\xfufinsm.exe
C:\WINDOWS\_MSRSTRT.EXE

potom pošli log z fixwareout,z Avengera a hijackthis