Prosim o check HJT logu Vyřešeno

[hulvius]

mam podozrenie, ze nieco nie je v poriadku, kedze mi odmieta nainstalovat akykolvek update z windows update.
nod32 nic neodhalil


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:13, on 15.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Creative\Shared Files\CTDevSrv.exe
D:\Applications\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
D:\Applications\Java\jre6\bin\jqs.exe
D:\Applications\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Applications\Java\jre6\bin\jusched.exe
D:\Applications\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Skype\Phone\Skype.exe
D:\Applications\Yahoo!\Messenger\YahooMessenger.exe
D:\Applications\ASUS\Bluetooth Software\BTTray.exe
D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Applications\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Applications\Windows Live\Contacts\wlcomm.exe
D:\Applications\Skype\Plugin Manager\skypePM.exe
D:\Applications\Mozilla Firefox\firefox.exe
D:\APPLIC~1\MICROS~2\Office12\OUTLOOK.EXE
D:\Applications\Java\jre6\launch4j-tmp\JDownloader.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
D:\Applications\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Applications\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Applications\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Applications\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Applications\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "D:\Applications\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Applications\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Applications\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Applications\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Applications\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Applications\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liatro SWF Decoder Catch - D:\Applications\SWF Decoder 4.6\swfcatch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Applications\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Applications\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Applications\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Applications\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - https://asp22.centra.com/SiteRoots/main ... aterAx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9180095312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B798AA3-F9BB-406C-9CF9-D8B243E60621}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Applications\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - D:\Applications\Creative\Shared Files\CTDevSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Applications\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Applications\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9890644887f18) (gupdate1c9890644887f18) - Google Inc. - D:\Applications\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Applications\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Applications\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - D:\Applications\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10549 bytes

[Reklama]

[jaro3]

Vypni rez. ochrany u ESS ( i firewall).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra..

[hulvius]

tu je ten log (vdaka za pomoc):

ComboFix 09-04-15.08 - Hulvius 15.04.2009 22:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3582.3117 [GMT 2:00]
Running from: d:\users\Hulvius\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 17:33 . 2009-04-15 17:33 32 ----a-w c:\windows\system32\thxcfg.ini
2009-04-15 17:28 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:28 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:28 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:28 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:28 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:28 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:28 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:28 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:28 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:28 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:28 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:28 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 14:39 . 2009-04-03 14:39 -------- d-----w c:\windows\system32\KB905474
2009-04-03 14:39 . 2009-03-10 20:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-03 14:39 . 2009-03-10 20:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-03 14:39 . 2009-02-09 16:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-03 13:34 . 2009-04-03 13:34 -------- d-----w d:\users\Hulvius\Bluetooth Software
2009-04-03 13:32 . 2008-03-27 15:18 47272 ----a-w c:\windows\system32\drivers\btwusb.sys
2009-04-03 13:32 . 2008-03-27 08:17 89896 ----a-w c:\windows\system32\drivers\btwsecfl.sys
2009-04-03 13:32 . 2008-03-10 16:18 57384 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-04-03 13:32 . 2008-02-04 15:57 37160 ----a-w c:\windows\system32\drivers\btport.sys
2009-04-03 13:32 . 2007-09-20 09:59 106557 ----a-w c:\windows\system32\btw_ci.dll
2009-04-03 13:32 . 2007-09-20 09:59 156392 ----a-w c:\windows\system32\drivers\btwdndis.sys
2009-04-03 13:32 . 2008-04-15 09:14 990632 ----a-w c:\windows\system32\drivers\btkrnl.sys
2009-04-03 13:32 . 2008-04-15 09:13 534440 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-03-31 19:40 . 2009-03-31 19:40 -------- d-----w d:\users\LocalService\Local Settings\Application Data\Google
2009-03-28 00:09 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-03-28 00:09 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-03-28 00:09 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-03-28 00:09 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-03-28 00:09 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-03-28 00:09 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-03-28 00:09 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-03-28 00:09 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-03-28 00:09 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-03-28 00:09 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-03-28 00:09 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-28 00:09 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-03-27 21:32 . 2009-03-27 21:32 -------- d-----w d:\users\My Documents\OJOsoft Corporation
2009-03-27 21:32 . 2009-03-27 21:32 -------- d-----w d:\users\My Documents
2009-03-23 21:21 . 2009-04-04 21:10 -------- d-----w d:\users\Hulvius\Application Data\Winamp
2009-03-23 20:20 . 2009-03-24 15:18 -------- d-----w d:\users\All Users\Application Data\NOS
2009-03-23 19:27 . 2009-03-23 19:27 -------- d-sh--w d:\users\Hulvius\IECompatCache
2009-03-23 19:21 . 2009-03-23 19:21 -------- d-sh--w d:\users\Hulvius\IETldCache
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\windows\ie8updates
2009-03-23 18:21 . 2009-03-23 18:22 -------- dc-h--w c:\windows\ie8
2009-03-23 18:20 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:46 . 2007-05-14 21:57 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-15 20:46 . 2007-11-07 19:11 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-04-15 20:37 . 2007-05-15 16:31 -------- d-----w d:\users\Hulvius\Application Data\Skype
2009-04-15 20:22 . 2007-05-15 17:06 -------- d-----w d:\users\All Users\Application Data\Microsoft Help
2009-04-15 17:37 . 2007-07-31 20:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 17:15 . 2008-01-20 16:00 -------- d-----w d:\users\Hulvius\Application Data\skypePM
2009-04-13 22:43 . 2007-05-21 16:48 -------- d-----w d:\users\Hulvius\Application Data\uTorrent
2009-04-03 13:32 . 2008-12-31 17:23 -------- d-----w d:\applications\ASUS
2009-04-03 13:15 . 2009-04-03 13:15 -------- d-----w d:\applications\Microsoft Office Outlook Connector
2009-04-02 08:27 . 2007-05-15 16:40 -------- d-----w d:\applications\Google
2009-04-01 19:23 . 2009-02-01 10:57 -------- d-----w d:\applications\JDownloader
2009-03-31 18:45 . 2008-12-31 15:46 -------- d-----w d:\applications\Java
2009-03-28 19:23 . 2009-03-28 19:21 -------- d-----w d:\applications\WinDjView
2009-03-28 00:10 . 2009-03-28 00:09 -------- d-----w d:\applications\K-Lite Codec Pack
2009-03-26 18:25 . 2007-09-23 16:12 -------- d-----w d:\users\Hulvius\Application Data\Canon
2009-03-24 15:18 . 2009-03-23 20:20 -------- d-----w d:\applications\NOS
2009-03-23 21:22 . 2009-03-23 21:21 -------- d-----w d:\applications\Winamp
2009-03-23 20:28 . 2007-05-15 17:12 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 22:06 . 2009-03-22 20:01 -------- d-----w d:\applications\nLite
2009-03-22 15:16 . 2007-05-15 17:24 -------- d-----w d:\applications\UltraISO
2009-03-22 15:16 . 2007-05-15 17:24 -------- d-----w c:\program files\Common Files\EZB Systems
2009-03-15 20:48 . 2009-02-11 23:37 -------- d-----w d:\applications\All Media Fixer
2009-03-14 21:13 . 2009-02-18 18:35 -------- d-----w d:\applications\Malware Defender
2009-03-14 21:11 . 2009-02-09 13:59 -------- d-----w d:\users\Hulvius\Application Data\Saba
2009-03-09 03:19 . 2008-12-31 15:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2007-05-14 17:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-03 22:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-03 22:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-03 22:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-03 22:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-03 22:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-03 22:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-03 22:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-03 22:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-08-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-27 18:00 . 2008-01-22 18:34 -------- d-----w d:\applications\Microsoft Silverlight
2009-02-27 11:55 . 2008-06-11 22:43 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-02-18 17:29 . 2007-08-06 21:12 -------- d-----w d:\applications\Windows Live
2009-02-18 17:28 . 2009-02-18 17:28 -------- d-----w d:\applications\Microsoft SQL Server Compact Edition
2009-02-12 12:17 . 2007-05-15 19:27 68800 ----a-w d:\users\Hulvius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2004-08-03 22:56 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-03 22:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-03 22:56 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-03 22:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2004-08-03 21:17 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:58 . 2009-02-07 00:58 113 ----a-w d:\users\Hulvius\Local Settings\Application Data\fusioncache.dat
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-03 21:20 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-03 22:56 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-10 19:59 . 2007-05-14 22:16 135352 ----a-w d:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-01-20 16:00 . 2008-01-20 16:00 32 ----a-w d:\users\All Users\Application Data\ezsid.dat
2007-12-15 17:06 . 2007-12-15 17:06 87608 ----a-w d:\users\Hulvius\Application Data\ezpinst.exe
2007-12-15 17:06 . 2007-12-15 17:06 47360 ----a-w d:\users\Hulvius\Application Data\pcouffin.sys
2008-09-21 19:2008-09-21 19:13 13:14 . d:\applications\mozilla firefox\components\gemgecko.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\applications\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="d:\applications\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"Messenger (Yahoo!)"="d:\applications\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SoundMAXPnP"="d:\applications\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"egui"="d:\applications\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="d:\applications\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

d:\users\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\applications\ASUS\Bluetooth Software\BTTray.exe [2008-4-14 596584]
Logitech Desktop Messenger.lnk - d:\applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-8-2 67128]
Logitech SetPoint.lnk - d:\applications\Logitech\SetPoint\SetPoint.exe [2007-5-15 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\users\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\d:\users\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Applications\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Applications\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Applications\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Applications\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Applications\\iTunes\\iTunes.exe"=
"f:\\Torrent\\utorrent.exe"=
"d:\\Applications\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Applications\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Applications\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57090:TCP"= 57090:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R2 gupdate1c9890644887f18;Google Update Service (gupdate1c9890644887f18);d:\applications\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-23 13352]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-01-08 15576]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;d:\applications\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14976cf8-24fa-11dd-920e-0018f3ca8061}]
\Shell\AutoRun\command - Q:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d1ccc-07b4-11dc-9056-0018f3ca8061}]
\Shell\AutoRun\command - k:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\applications\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-02-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\applications\Google\Update\GoogleUpdate.exe [2009-02-07 09:27]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{C95A93DF-BFBA-4B13-95F2-65942B3FF8B8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

2009-04-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-03 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.live.com/
uInternet Settings,ProxyOverride = localhost
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\applic~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liatro SWF Decoder Catch - d:\applications\SWF Decoder 4.6\swfcatch.htm
IE: Send to &Bluetooth Device... - d:\applications\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\applications\ASUS\Bluetooth Software\btsendto_ie.htm
TCP: {5B798AA3-F9BB-406C-9CF9-D8B243E60621} = 81.27.192.33,81.27.192.97
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://asp22.centra.com/SiteRoots/main ... aterAx.cab
FF - ProfilePath - d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: d:\applications\Mozilla Firefox\components\gemgecko.dll
FF - component: d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: d:\applications\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: d:\applications\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\applications\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\applications\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.tabs.closeButtons - 0
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 22:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1614895754-682003330-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2256)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\applications\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\applications\ASUS\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTSVCCDA.EXE
d:\applications\Creative\Shared Files\CTDevSrv.exe
d:\applications\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-04-15 22:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 20:52

Pre-Run: 18,922,909,696 bytes free
Post-Run: 18,920,095,744 bytes free

289 --- E O F --- 2009-04-15 20:31

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

Zvol uložit na plochu, jako název dej: fix.reg , typ: všechny soubory.
Najdi na ploše tento soubor , poklepej na něj a potvrď do registru.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\thxcfg.ini
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\WLXPGSS.SCR


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[hulvius]

tu su logy a combofixu a HJT:
ComboFix 09-04-16.02 - Hulvius 16.04.2009 16:42.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.3582.3109 [GMT 2:00]
Running from: d:\users\Hulvius\Desktop\ComboFix.exe
Command switches used :: d:\users\Hulvius\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\thxcfg.ini
c:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\thxcfg.ini
c:\windows\WLXPGSS.SCR

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-15 17:28 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:28 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:28 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:28 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:28 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:28 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:28 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:28 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:28 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:28 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:28 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:28 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 14:39 . 2009-04-03 14:39 -------- d-----w c:\windows\system32\KB905474
2009-04-03 14:39 . 2009-03-10 20:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-03 14:39 . 2009-03-10 20:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-03 14:39 . 2009-02-09 16:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-03 13:34 . 2009-04-03 13:34 -------- d-----w d:\users\Hulvius\Bluetooth Software
2009-04-03 13:32 . 2008-03-27 15:18 47272 ----a-w c:\windows\system32\drivers\btwusb.sys
2009-04-03 13:32 . 2008-03-27 08:17 89896 ----a-w c:\windows\system32\drivers\btwsecfl.sys
2009-04-03 13:32 . 2008-03-10 16:18 57384 ----a-w c:\windows\system32\drivers\btwhid.sys
2009-04-03 13:32 . 2008-02-04 15:57 37160 ----a-w c:\windows\system32\drivers\btport.sys
2009-04-03 13:32 . 2007-09-20 09:59 106557 ----a-w c:\windows\system32\btw_ci.dll
2009-04-03 13:32 . 2007-09-20 09:59 156392 ----a-w c:\windows\system32\drivers\btwdndis.sys
2009-04-03 13:32 . 2008-04-15 09:14 990632 ----a-w c:\windows\system32\drivers\btkrnl.sys
2009-04-03 13:32 . 2008-04-15 09:13 534440 ----a-w c:\windows\system32\drivers\btaudio.sys
2009-03-31 19:40 . 2009-03-31 19:40 -------- d-----w d:\users\LocalService\Local Settings\Application Data\Google
2009-03-28 00:09 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-03-28 00:09 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-03-28 00:09 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-03-28 00:09 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-03-28 00:09 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-03-28 00:09 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-03-28 00:09 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-03-28 00:09 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-03-28 00:09 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-03-28 00:09 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-03-28 00:09 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-28 00:09 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-03-27 21:32 . 2009-03-27 21:32 -------- d-----w d:\users\My Documents\OJOsoft Corporation
2009-03-27 21:32 . 2009-03-27 21:32 -------- d-----w d:\users\My Documents
2009-03-23 21:21 . 2009-04-04 21:10 -------- d-----w d:\users\Hulvius\Application Data\Winamp
2009-03-23 20:20 . 2009-03-24 15:18 -------- d-----w d:\users\All Users\Application Data\NOS
2009-03-23 19:27 . 2009-03-23 19:27 -------- d-sh--w d:\users\Hulvius\IECompatCache
2009-03-23 19:21 . 2009-03-23 19:21 -------- d-sh--w d:\users\Hulvius\IETldCache
2009-03-23 18:23 . 2009-03-23 18:23 -------- d-----w c:\windows\ie8updates
2009-03-23 18:21 . 2009-03-23 18:22 -------- dc-h--w c:\windows\ie8
2009-03-23 18:20 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 14:38 . 2007-05-15 16:31 -------- d-----w d:\users\Hulvius\Application Data\Skype
2009-04-16 04:32 . 2007-05-21 16:48 -------- d-----w d:\users\Hulvius\Application Data\uTorrent
2009-04-15 20:22 . 2007-05-15 17:06 -------- d-----w d:\users\All Users\Application Data\Microsoft Help
2009-04-15 17:37 . 2007-07-31 20:04 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 17:15 . 2008-01-20 16:00 -------- d-----w d:\users\Hulvius\Application Data\skypePM
2009-04-03 13:32 . 2008-12-31 17:23 -------- d-----w d:\applications\ASUS
2009-04-03 13:15 . 2009-04-03 13:15 -------- d-----w d:\applications\Microsoft Office Outlook Connector
2009-04-02 08:27 . 2007-05-15 16:40 -------- d-----w d:\applications\Google
2009-04-01 19:23 . 2009-02-01 10:57 -------- d-----w d:\applications\JDownloader
2009-03-31 18:45 . 2008-12-31 15:46 -------- d-----w d:\applications\Java
2009-03-28 19:23 . 2009-03-28 19:21 -------- d-----w d:\applications\WinDjView
2009-03-28 00:10 . 2009-03-28 00:09 -------- d-----w d:\applications\K-Lite Codec Pack
2009-03-26 18:25 . 2007-09-23 16:12 -------- d-----w d:\users\Hulvius\Application Data\Canon
2009-03-24 15:18 . 2009-03-23 20:20 -------- d-----w d:\applications\NOS
2009-03-23 21:22 . 2009-03-23 21:21 -------- d-----w d:\applications\Winamp
2009-03-23 20:28 . 2007-05-15 17:12 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 22:06 . 2009-03-22 20:01 -------- d-----w d:\applications\nLite
2009-03-22 15:16 . 2007-05-15 17:24 -------- d-----w d:\applications\UltraISO
2009-03-22 15:16 . 2007-05-15 17:24 -------- d-----w c:\program files\Common Files\EZB Systems
2009-03-15 20:48 . 2009-02-11 23:37 -------- d-----w d:\applications\All Media Fixer
2009-03-14 21:13 . 2009-02-18 18:35 -------- d-----w d:\applications\Malware Defender
2009-03-14 21:11 . 2009-02-09 13:59 -------- d-----w d:\users\Hulvius\Application Data\Saba
2009-03-09 03:19 . 2008-12-31 15:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2007-05-14 17:34 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-03 22:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-03 22:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-03 22:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-03 22:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-03 22:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-03 22:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-03 22:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-03 22:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-08-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-27 18:00 . 2008-01-22 18:34 -------- d-----w d:\applications\Microsoft Silverlight
2009-02-27 11:55 . 2008-06-11 22:43 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-02-18 17:29 . 2007-08-06 21:12 -------- d-----w d:\applications\Windows Live
2009-02-18 17:28 . 2009-02-18 17:28 -------- d-----w d:\applications\Microsoft SQL Server Compact Edition
2009-02-12 12:17 . 2007-05-15 19:27 68800 ----a-w d:\users\Hulvius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2004-08-03 22:56 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-03 22:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-03 22:56 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-03 22:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2004-08-03 21:17 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:58 . 2009-02-07 00:58 113 ----a-w d:\users\Hulvius\Local Settings\Application Data\fusioncache.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-03 21:20 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-08-29 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-03 22:56 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-10 19:59 . 2007-05-14 22:16 135352 ----a-w d:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-01-20 16:00 . 2008-01-20 16:00 32 ----a-w d:\users\All Users\Application Data\ezsid.dat
2007-12-15 17:06 . 2007-12-15 17:06 87608 ----a-w d:\users\Hulvius\Application Data\ezpinst.exe
2007-12-15 17:06 . 2007-12-15 17:06 47360 ----a-w d:\users\Hulvius\Application Data\pcouffin.sys
2008-09-21 19:2008-09-21 19:13 13:14 . d:\applications\mozilla firefox\components\gemgecko.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_20.47.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 14:25 . 2009-04-16 14:25 16384 c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2009-04-16 14:25 . 2008-07-26 06:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-04-15 20:47 . 2008-07-26 06:25 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\applications\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="d:\applications\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"Messenger (Yahoo!)"="d:\applications\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SoundMAXPnP"="d:\applications\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"egui"="d:\applications\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="d:\applications\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

d:\users\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\applications\ASUS\Bluetooth Software\BTTray.exe [2008-4-14 596584]
Logitech Desktop Messenger.lnk - d:\applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-8-2 67128]
Logitech SetPoint.lnk - d:\applications\Logitech\SetPoint\SetPoint.exe [2007-5-15 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Applications\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Applications\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Applications\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Applications\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Applications\\iTunes\\iTunes.exe"=
"f:\\Torrent\\utorrent.exe"=
"d:\\Applications\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Applications\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Applications\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57090:TCP"= 57090:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R2 gupdate1c9890644887f18;Google Update Service (gupdate1c9890644887f18);d:\applications\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-23 13352]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-01-08 15576]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;d:\applications\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14976cf8-24fa-11dd-920e-0018f3ca8061}]
\Shell\AutoRun\command - Q:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d1ccc-07b4-11dc-9056-0018f3ca8061}]
\Shell\AutoRun\command - k:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\applications\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-02-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\applications\Google\Update\GoogleUpdate.exe [2009-02-07 09:27]

2009-03-23 c:\windows\Tasks\User_Feed_Synchronization-{C95A93DF-BFBA-4B13-95F2-65942B3FF8B8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

2009-04-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-03 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.live.com/
uInternet Settings,ProxyOverride = localhost
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\applic~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liatro SWF Decoder Catch - d:\applications\SWF Decoder 4.6\swfcatch.htm
IE: Send to &Bluetooth Device... - d:\applications\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\applications\ASUS\Bluetooth Software\btsendto_ie.htm
TCP: {5B798AA3-F9BB-406C-9CF9-D8B243E60621} = 81.27.192.33,81.27.192.97
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://asp22.centra.com/SiteRoots/main ... aterAx.cab
FF - ProfilePath - d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: d:\applications\Mozilla Firefox\components\gemgecko.dll
FF - component: d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: d:\applications\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: d:\applications\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\applications\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\applications\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.tabs.closeButtons - 0
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1614895754-682003330-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-04-16 16:47
ComboFix-quarantined-files.txt 2009-04-16 14:46
ComboFix2.txt 2009-04-15 21:34

Pre-Run: 18,859,012,096 bytes free
Post-Run: 18,842,685,440 bytes free

266 --- E O F --- 2009-04-15 20:31


************************************************************************************************************************************
************************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:12, on 16.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Creative\Shared Files\CTDevSrv.exe
D:\Applications\ESET\ESET Smart Security\ekrn.exe
D:\Applications\Java\jre6\bin\jqs.exe
D:\Applications\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Applications\ESET\ESET Smart Security\egui.exe
D:\Applications\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\ASUS\Bluetooth Software\BTTray.exe
D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Applications\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
D:\Applications\Trend Micro\HijackThis\HijackThis.exe
D:\Applications\Internet Explorer\IEXPLORE.EXE
D:\Applications\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Applications\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Applications\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Applications\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Applications\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "D:\Applications\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Applications\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Applications\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Applications\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Applications\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Applications\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liatro SWF Decoder Catch - D:\Applications\SWF Decoder 4.6\swfcatch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Applications\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Applications\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Applications\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Applications\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - https://asp22.centra.com/SiteRoots/main ... aterAx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9180095312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B798AA3-F9BB-406C-9CF9-D8B243E60621}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Applications\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - D:\Applications\Creative\Shared Files\CTDevSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Applications\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Applications\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9890644887f18) (gupdate1c9890644887f18) - Google Inc. - D:\Applications\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Applications\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Applications\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - D:\Applications\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10115 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Applications\Java\jre6\bin\jusched.exe"


takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Napiš , jak je to s aktualizacemi.

[hulvius]

updaty neprebehli. ale ked som ich pustil este raz a vynechal som Windows Genuine Advantage Notification (KB905474), tak sa vsetky nainstalovali.

no a Windows Genuine Advantage Notification (KB905474) stale nie.
mozno je to chyba MS a nie zalezitost na mojom PC.

[jaro3]

Stáhni si Dial-a-fix
Fix Windows Update - Opraví problémy se stahováním a instalováním aktualizací Windows Update.

nebo:
Klikni na kladívko-další možnosti:
Reinstall Automatic Updates service - Pokusí se o reinstalaci služby zajišťující automatické aktualizace (případná potřeba instalačního media Windows).
Klikni na službu (zatržítko a potom na GO.

[hulvius]

fajn tool. tento som nepoznal. ale nepomohlo to. stale instalation failed.
neviem. mozno je to verziou IE? aj ten tool este asi verziu 8 nepozna, aspon to oznamil

[jaro3]

No jo , to může být tím , mám to vyzkoušeno jen na IE6 a IE7, takže asi neporadím..

[hulvius]

nevadi. aj tak je to len validator. takze aj ked je oznaceny ako critical, bezpecnost to neovplivni.
aj ked celkom kludny nie som. lebo ma nieco odpaja od inetu, najma po starte systemu. ale niekedy aj len tak necakane. az ked dam repair tak sa spojenie obnovi

[jaro3]

Ohledně toho připojení ještě vyzkoušej dial-a-fix:

Klikni na kladívko-další možnosti:
FlushDNS - Resetuje DNS cache.
Repair/reinstall IE - Reinstaluje Internet Explorer (případná potřeba instalačního media Windows).
Reset networking interfaces - Opraví winsock a síťové nastavení.