Win XP-Nefungujú Automatické Aktualizácie

Čaves, neviem prečo, ale už asi dva týždne sa neviem dostať na automatic update MS.vždy mi vypíše toto. Robí to aj Vám?

[Číslo chyby: 0x80070424]
Na webu došlo k potížím a požadovanou stránku nelze zobrazit. Níže uvedené možnosti mohou pomoci při odstranění potíží.

Mas to zapnute dobre a nastavene ? ake su tie nize uvedene moznosti ?

jj mám to dobre nastavené

[Číslo chyby: 0x80070424]
Na webu došlo k potížím a požadovanou stránku nelze zobrazit. Níže uvedené možnosti mohou pomoci při odstranění potíží.
Možnosti svépomoci:

Nejčastější dotazy

Hledání řešení

Diskusní skupina systému Windows Update
Možnosti odborné pomoci:

Odborná pomoc online společnosti Microsoft (zdarma při problémech se systémem Windows Update)

Ja som stahoval aj včera a aj predvčerom,u mna to funguje.

hmm aj mne to vždy šlo tak neviem prečo to blbne,čo mám teraz robiť?Som ochudobňovaný od služieb Microsoftu

Malo by to ist manualnym zapnutim tejto sluzby (cez prikazovy riadok) Otazka je co ju vyplo..
Posli vypis logu z Hijackthis..
http://www.trendsecure.com/portal/en-US ... nstall.exe

Ak sa nic nenajde nadiktujem ti len zapnutie sluzby.

ďakujem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:44, on 11.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\V0470Mon.exe
D:\WINDOWS\system32\tvfhost.exe
D:\WINDOWS\system32\tvfhost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] D:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [Video Task] tvfhost.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunServices: [Video Task] tvfhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9112 bytes

1.
Cez Hijackthis fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - D:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll


2.
Stiahni si..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
na plochu a spusti..ho
po niekolkych minut ..a restarte pc
..Obsah logu vloz sem do fora...

3.
Na ploche vytvor textovy subor a premenuj ho na: update.bat
Ak ikona nebude mat servisne koliesko- asi si budes musiet povolit zobrazovanie vsetkych pripon..a az tak ho spravne premenovat!
(tento pocitac-nastroje-moznosti zlozky-zobrazenie a tam povolis pripony)

Potom na nom pravym tlacitkom daj "upravit" vloz tam tento kod:


Pred zatvorenim subor Uloz a az potom ho spusti..
..postupne citaj , ci Regsvr32 vykonal dany krok a potvrd vypisane okno..
po restarte pc

(vsetky hlasenia musia mat kladne potvrvdenie o jeho uspesnosti)

4.
..posli novy log z hijackthis..
p.s. Nezabudni na ten log z combofix

Log s combo fix,prvý krát mi vypisovalo niečo a antiviruse, mal som ho deaktivovať,nedal som a avira antivir mi nasla vírus, dpo druhý krát som dal deaktiváciu už.Bod 3 nechápem vôbec, možnosti zložky,tam nemám nič také

ComboFix 09-06-13.09 - Martin 13.06.2009 16:31.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3326.2787 [GMT 2:00]
Running from: d:\documents and settings\Martin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\drivers\npf.sys
d:\windows\system32\packet.dll
d:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 11:08 . 2009-06-13 11:10 -------- d-----w- d:\documents and settings\Martin\Local Settings\Application Data\Ahead
2009-06-13 11:04 . 2009-06-13 11:04 -------- d-----w- d:\documents and settings\Martin\Application Data\Ahead
2009-06-13 11:04 . 2009-06-13 11:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Ahead
2009-06-13 11:03 . 2009-06-13 11:04 -------- d-----w- d:\program files\Common Files\Ahead
2009-06-13 11:03 . 2009-06-13 11:03 -------- d-----w- d:\program files\Nero
2009-06-13 11:03 . 2009-06-13 11:03 -------- d-----w- d:\documents and settings\All Users\Application Data\Nero
2009-06-11 20:45 . 2009-06-11 20:45 -------- d-----w- d:\program files\Trend Micro
2009-06-11 12:38 . 2009-06-11 12:38 -------- d-----w- d:\program files\PowerISO
2009-06-11 11:56 . 2009-06-11 11:56 -------- d-----w- d:\documents and settings\Martin\Local Settings\Application Data\ArmA 2
2009-06-09 14:21 . 2009-06-09 14:21 -------- d-----w- d:\documents and settings\Martin\Local Settings\Application Data\Sony Ericsson
2009-06-09 14:21 . 2009-06-09 14:21 -------- d-----w- d:\documents and settings\All Users\Application Data\BVRP Software
2009-06-09 14:18 . 2009-06-09 14:18 -------- d-----w- d:\windows\system32\drivers\UMDF
2009-06-09 14:11 . 2006-03-01 08:25 8704 ----a-w- d:\windows\system32\drivers\ggsemc.sys
2009-06-07 19:47 . 2009-06-10 17:47 -------- d-----w- d:\program files\OpenAL
2009-06-07 19:47 . 2009-06-07 19:47 -------- d-----w- d:\program files\Common Files\Futuremark Shared
2009-06-07 14:35 . 2009-06-10 17:47 413696 ----a-w- d:\windows\system32\wrap_oal.dll
2009-06-07 14:35 . 2009-06-10 17:47 110592 ----a-w- d:\windows\system32\OpenAL32.dll
2009-06-07 14:34 . 2009-06-07 14:34 -------- d-----w- d:\windows\system32\Futuremark
2009-06-07 14:34 . 2008-09-17 12:14 27672 ----a-r- d:\windows\system32\drivers\Entech.sys
2009-06-07 14:34 . 2004-06-22 13:44 5632 ----a-w- d:\windows\system32\drivers\Entech64.sys
2009-06-07 14:34 . 2001-11-19 17:05 3972 ----a-w- d:\windows\system32\drivers\PciBus.sys
2009-06-07 14:29 . 2009-06-07 14:29 -------- d-----w- d:\program files\Futuremark
2009-06-06 18:56 . 2009-06-06 18:56 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI
2009-06-06 16:44 . 2009-06-06 16:44 -------- d-----w- d:\program files\SimBin
2009-06-03 08:42 . 2000-08-19 17:29 268048 ----a-w- d:\windows\system32\dxtmeta2.dll
2009-06-02 11:34 . 2009-06-02 11:34 -------- d-----w- d:\program files\Braid
2009-05-30 18:54 . 2009-05-30 18:54 -------- d-----w- d:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-05-26 20:33 . 2009-05-26 20:33 -------- d-----w- d:\program files\Winamp Toolbar
2009-05-26 20:33 . 2009-05-26 20:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-05-26 20:33 . 2009-05-26 20:33 -------- d-----w- d:\documents and settings\All Users\Application Data\OrbNetworks
2009-05-26 20:33 . 2009-05-26 20:33 -------- d-----w- d:\program files\Winamp Remote
2009-05-26 20:28 . 2009-05-26 20:29 -------- d-----w- d:\program files\Nexus Radio
2009-05-26 20:27 . 2009-05-26 20:27 -------- d-----w- d:\windows\Downloaded Installations
2009-05-26 09:21 . 2008-04-13 18:45 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-05-18 18:23 . 2009-05-18 18:23 -------- d-----w- d:\documents and settings\Martin\Application Data\Windows Search
2009-05-17 15:50 . 2007-08-13 12:51 446464 ----a-w- d:\windows\system32\wmvdmoe.dll
2009-05-17 15:50 . 2009-05-17 15:50 -------- d-----w- d:\documents and settings\All Users\Application Data\PY_Software
2009-05-17 15:50 . 2009-05-17 16:11 -------- d-----w- d:\program files\Active WebCam
2009-05-17 09:25 . 2009-05-17 09:25 -------- d-----w- d:\windows\CtDrvInstall
2009-05-17 09:25 . 2007-06-03 23:01 32768 ----a-w- d:\windows\V0470Mon.exe
2009-05-17 09:25 . 2007-06-03 23:01 266240 ----a-w- d:\windows\system32\V0470Cvw.dll
2009-05-17 09:25 . 2007-05-08 23:00 146720 ----a-w- d:\windows\system32\drivers\V0470Vid.sys
2009-05-17 09:25 . 2007-04-21 23:00 28672 ----a-w- d:\windows\system32\V0470Hwx.dll
2009-05-17 09:25 . 2007-04-19 23:00 24576 ----a-w- d:\windows\V0470Cfg.exe
2009-05-17 09:25 . 2005-07-06 23:07 36864 ----a-w- d:\windows\system32\CtCamMgr.dll
2009-05-17 09:20 . 2009-05-17 09:23 33439272 ----a-w- d:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Cam Center 2.02.05__\LCC_PCAPP_LA_2_02_05.exe
2009-05-17 09:20 . 2009-05-17 09:20 2316880 ----a-w- d:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Live! Cam Notebook Driver version 1.01.01 _br____\LCNB_PCDRV_US_1_01_01.EXE
2009-05-17 08:21 . 2009-05-17 09:10 -------- d-----w- d:\documents and settings\Martin\Application Data\Creative
2009-05-17 08:21 . 2009-05-17 08:21 -------- d-----w- d:\documents and settings\Martin\Application Data\muvee Technologies
2009-05-17 08:04 . 2009-05-17 08:05 -------- d-----w- d:\documents and settings\All Users\Application Data\Creative
2009-05-17 08:00 . 2006-10-06 06:17 53248 ------w- d:\windows\Ctregrun.exe
2009-05-17 07:59 . 2006-06-16 03:30 90112 ----a-r- d:\windows\CtDrvIns.exe
2009-05-17 07:59 . 2007-04-10 17:00 20480 ----a-r- d:\windows\system32\V0470Srv.exe
2009-05-17 07:59 . 2007-04-20 23:00 36864 ----a-w- d:\windows\system32\V0470Pin.dll
2009-05-17 07:57 . 2006-08-30 05:10 158456 ------w- d:\windows\system32\pxwma.dll
2009-05-17 07:57 . 2009-05-17 07:57 -------- d-----w- d:\program files\Common Files\muvee Technologies
2009-05-17 07:57 . 2009-05-17 07:57 -------- d-----w- d:\program files\muvee Technologies
2009-05-17 07:57 . 2009-05-17 07:57 -------- d-----w- d:\documents and settings\All Users\Application Data\muvee Technologies
2009-05-17 07:56 . 2009-05-17 07:56 -------- d-----w- d:\program files\SightSpeed
2009-05-17 07:55 . 2009-05-17 08:00 -------- d-----w- d:\program files\Creative
2009-05-15 17:40 . 2009-02-20 18:09 52224 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-05-15 17:40 . 2009-02-20 18:09 459264 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2009-05-15 17:40 . 2009-02-20 18:09 268288 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-05-15 17:40 . 2009-02-20 18:09 6066176 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-05-15 17:40 . 2009-02-20 10:20 13824 -c----w- d:\windows\system32\dllcache\ieudinit.exe
2009-05-15 17:40 . 2009-02-20 18:09 63488 -c----w- d:\windows\system32\dllcache\icardie.dll
2009-05-15 17:40 . 2009-02-20 18:09 383488 -c----w- d:\windows\system32\dllcache\ieapfltr.dll
2009-05-15 17:40 . 2008-07-09 14:25 2455488 -c----w- d:\windows\system32\dllcache\ieapfltr.dat
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w- d:\documents and settings\Martin\Application Data\Windows Desktop Search
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w- d:\program files\Windows Desktop Search
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w- d:\windows\system32\GroupPolicy
2009-05-15 17:37 . 2008-03-07 17:02 98304 -c----w- d:\windows\system32\dllcache\nlhtml.dll
2009-05-15 17:37 . 2008-03-07 17:02 29696 -c----w- d:\windows\system32\dllcache\mimefilt.dll
2009-05-15 17:37 . 2008-03-07 17:02 192000 -c----w- d:\windows\system32\dllcache\offfilt.dll
2009-05-15 17:36 . 2009-05-15 17:36 -------- d-----w- d:\windows\system32\URTTEMP
2009-05-15 17:15 . 2009-05-18 12:19 -------- d-----w- d:\documents and settings\Martin\Local Settings\Application Data\CamSpace
2009-05-15 17:14 . 2009-05-18 12:19 -------- d-----w- d:\documents and settings\Martin\My CamSpace Games
2009-05-15 17:14 . 2009-05-15 17:14 -------- d-----w- d:\program files\CamSpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 14:32 . 2009-05-09 18:01 -------- d-----w- d:\documents and settings\Martin\Application Data\DNA
2009-06-13 14:22 . 2009-04-20 20:45 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-06-13 14:22 . 2009-05-09 18:01 -------- d-----w- d:\program files\DNA
2009-06-13 14:21 . 2009-04-20 18:53 16608 ----a-w- d:\windows\gdrv.sys
2009-06-13 11:29 . 2009-04-20 21:39 -------- d-----w- d:\program files\BitComet
2009-06-10 16:51 . 2009-04-20 18:54 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-06-09 14:20 . 2009-06-09 14:20 148736 ----a-w- d:\documents and settings\All Users\Application Data\hpe152.dll
2009-06-09 14:20 . 2009-06-09 14:20 148736 ----a-w- d:\documents and settings\All Users\Application Data\hpe152.dll
2009-06-09 14:20 . 2009-06-09 14:20 -------- d-----w- d:\program files\Sony Ericsson
2009-06-09 14:20 . 2009-06-09 14:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Sony Ericsson
2009-06-06 18:52 . 2009-04-20 19:10 -------- d-----w- d:\program files\ATI Technologies
2009-06-03 15:52 . 2009-05-13 20:12 -------- d-----w- d:\program files\AGEIA Technologies
2009-06-03 07:35 . 2009-04-20 19:41 21960 ----a-w- d:\documents and settings\Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:54 . 2009-05-13 20:11 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-05-26 20:36 . 2009-05-09 06:02 -------- d-----w- d:\program files\Winamp
2009-05-17 04:57 . 2009-05-17 04:57 129 ----a-w- d:\documents and settings\Martin\Local Settings\Application Data\fusioncache.dat
2009-05-16 19:31 . 2009-04-20 21:35 -------- d-----w- d:\program files\TuneUp Utilities 2009
2009-05-16 15:58 . 2009-05-16 15:58 635392 ----a-w- d:\documents and settings\Martin\Application Data\Thinstall\Sony Vegas\1000000b00002i\rundll32.exe
2009-05-16 15:58 . 2009-05-16 15:58 -------- d-----w- d:\documents and settings\Martin\Application Data\Thinstall
2009-05-16 10:09 . 2009-05-16 10:09 -------- d-----w- d:\program files\Lavalys
2009-05-16 09:49 . 2009-04-21 19:08 -------- d-----w- d:\program files\Common Files\Adobe
2009-05-13 22:28 . 2009-05-13 19:59 -------- d-----w- d:\program files\Steinberg
2009-05-13 22:27 . 2009-05-13 22:27 -------- d-----w- d:\program files\Syncrosoft
2009-05-13 20:26 . 2009-05-13 20:26 -------- d--h--r- d:\documents and settings\Martin\Application Data\SecuROM
2009-05-13 20:26 . 2009-05-13 20:26 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-05-10 09:52 . 2009-05-10 09:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2009-05-10 09:52 . 2009-05-10 09:52 22328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-05-10 09:52 . 2009-05-10 09:52 22328 ----a-w- d:\documents and settings\Martin\Application Data\PnkBstrK.sys
2009-05-10 09:52 . 2009-05-10 09:52 22328 ----a-w- d:\documents and settings\Martin\Application Data\PnkBstrK.sys
2009-05-10 09:51 . 2009-05-10 09:51 107832 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-05-10 09:51 . 2009-05-10 09:51 66872 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-05-10 09:51 . 2009-05-10 09:51 2337865 ----a-w- d:\windows\system32\pbsvc.exe
2009-05-09 06:05 . 2009-05-09 06:05 -------- d-----w- d:\program files\Common Files\NSV
2009-05-09 06:03 . 2009-05-09 06:03 -------- d-----w- d:\documents and settings\Martin\Application Data\MusicIP
2009-05-06 17:32 . 2009-05-05 21:18 -------- d-----w- d:\program files\BobsTrackBuilder
2009-05-06 01:09 . 2009-05-06 01:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Trymedia
2009-05-05 21:18 . 2009-05-05 21:18 -------- d-----w- d:\documents and settings\All Users\Application Data\IsolatedStorage
2009-05-05 21:18 . 2009-05-05 21:18 99678 ----a-r- d:\documents and settings\Martin\Application Data\Microsoft\Installer\{ECDF8120-703D-4A96-B36C-A565419B3900}\_877A65849698A9CD821C78.exe
2009-05-05 21:18 . 2009-05-05 21:18 4286 ----a-r- d:\documents and settings\Martin\Application Data\Microsoft\Installer\{ECDF8120-703D-4A96-B36C-A565419B3900}\_01BF7A7B71C4BF65EBF1E7.exe
2009-05-05 13:34 . 2009-05-05 13:34 -------- d-----w- d:\program files\CTDP's ChampionShipManager NX
2009-05-03 19:13 . 2009-05-03 18:42 -------- d-----w- d:\documents and settings\Martin\Application Data\Skype
2009-05-03 18:43 . 2009-05-03 18:43 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-05-03 18:43 . 2009-05-03 18:43 -------- d-----w- d:\documents and settings\Martin\Application Data\skypePM
2009-05-03 18:41 . 2009-05-03 18:41 -------- d-----w- d:\program files\Common Files\Skype
2009-05-03 18:41 . 2009-05-03 18:41 -------- d-----r- d:\program files\Skype
2009-05-03 18:41 . 2009-05-03 18:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-05-02 21:03 . 2009-04-25 20:35 -------- d-----w- d:\program files\Sony Setup
2009-05-01 15:47 . 2009-05-01 15:47 66840 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-30 16:33 . 2009-04-30 16:33 77824 ----a-w- d:\windows\system32\CamTraxAPI.dll
2009-04-30 11:05 . 2009-04-30 11:05 -------- d-----w- d:\program files\Avira
2009-04-30 11:05 . 2009-04-30 11:05 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2009-04-29 17:56 . 2009-04-29 17:55 -------- d-----w- d:\program files\rFactor
2009-04-29 03:30 . 2009-03-16 21:33 3643904 ----a-w- d:\windows\system32\drivers\ati2mtag.sys
2009-04-29 02:18 . 2009-03-16 20:27 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll
2009-04-29 02:17 . 2009-03-16 20:26 335872 ----a-w- d:\windows\system32\ati2dvag.dll
2009-04-29 02:07 . 2009-03-16 20:17 204800 ----a-w- d:\windows\system32\atipdlxx.dll
2009-04-29 02:06 . 2009-03-16 20:16 155648 ----a-w- d:\windows\system32\Oemdspif.dll
2009-04-29 02:06 . 2009-03-16 20:16 26112 ----a-w- d:\windows\system32\Ati2mdxx.exe
2009-04-29 02:06 . 2009-03-16 20:16 43520 ----a-w- d:\windows\system32\ati2edxx.dll
2009-04-29 02:06 . 2009-03-16 20:16 155648 ----a-w- d:\windows\system32\ati2evxx.dll
2009-04-29 02:04 . 2009-03-16 20:15 602112 ----a-w- d:\windows\system32\ati2evxx.exe
2009-04-29 02:03 . 2009-03-16 20:13 53248 ----a-w- d:\windows\system32\ATIDDC.DLL
2009-04-29 02:00 . 2009-03-16 20:17 311296 ----a-w- d:\windows\system32\atiiiexx.dll
2009-04-29 01:56 . 2009-03-16 20:06 2997536 ----a-w- d:\windows\system32\ati3duag.dll
2009-04-29 01:45 . 2009-03-16 20:04 11603968 ----a-w- d:\windows\system32\atioglxx.dll
2009-04-29 01:42 . 2009-03-16 19:53 2687872 ----a-w- d:\windows\system32\ativvaxx.dll
2009-04-29 01:26 . 2009-03-16 19:40 49664 ----a-w- d:\windows\system32\atimpc32.dll
2009-04-29 01:26 . 2009-03-16 19:40 49664 ----a-w- d:\windows\system32\amdpcom32.dll
2009-04-29 01:22 . 2009-03-16 19:36 479232 ----a-w- d:\windows\system32\atikvmag.dll
2009-04-29 01:20 . 2009-03-16 19:35 45056 ----a-w- d:\windows\system32\aticalrt.dll
2009-04-29 01:20 . 2009-03-16 19:34 45056 ----a-w- d:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2009-03-16 19:35 135168 ----a-w- d:\windows\system32\atiadlxx.dll
2009-04-29 01:19 . 2009-03-16 19:34 17408 ----a-w- d:\windows\system32\atitvo32.dll
2009-04-29 01:19 . 2009-03-16 19:34 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2009-04-29 01:18 . 2009-03-16 19:33 3280896 ----a-w- d:\windows\system32\aticaldd.dll
2009-04-29 01:17 . 2009-03-16 19:35 303104 ----a-w- d:\windows\system32\atiok3x2.dll
2009-04-29 01:13 . 2009-03-16 19:28 630784 ----a-w- d:\windows\system32\ati2cqag.dll
2009-04-28 19:05 . 2009-04-20 19:10 593920 ------w- d:\windows\system32\ati2sgag.exe
2009-04-28 15:26 . 2009-04-28 15:15 -------- d-----w- d:\program files\GuildFTPd
2009-04-28 14:54 . 2009-04-28 14:35 -------- d-----w- d:\program files\Cerberus
2009-04-27 20:42 . 2009-04-27 20:42 -------- d-----w- d:\program files\NVIDIA Corporation
2009-04-27 20:41 . 2009-04-21 19:10 151552 ----a-w- d:\windows\system32\nvRegDev.dll
2009-04-25 20:40 . 2009-04-25 20:40 -------- d-----w- d:\documents and settings\Martin\Application Data\Publish Providers
2009-04-25 20:40 . 2009-04-25 20:39 -------- d-----w- d:\documents and settings\Martin\Application Data\Sony
2009-04-25 20:36 . 2009-04-25 20:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Sony
2009-04-25 20:36 . 2009-04-25 20:35 -------- d-----w- d:\program files\Microsoft SQL Server
2009-04-25 20:34 . 2009-04-25 20:33 -------- d-----w- d:\program files\Sony
2009-04-24 09:25 . 2009-04-24 09:25 -------- d-----w- d:\program files\rulesPlayer
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w- d:\program files\iXi Tools
2009-04-23 14:57 . 2009-04-23 14:57 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield
2009-04-23 14:57 . 2009-04-20 18:54 -------- d-----w- d:\program files\Common Files\InstallShield
2009-04-22 08:36 . 2009-04-22 08:36 -------- d-----w- d:\program files\Alcohol Soft
2009-04-22 08:33 . 2009-04-22 08:33 -------- d-----w- d:\program files\Common Files\Logitech
2009-04-22 08:33 . 2009-04-22 08:33 -------- d-----w- d:\program files\Logitech
2009-04-21 19:09 . 2009-04-21 19:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Macrovision
2009-04-21 17:04 . 2009-04-21 17:02 -------- d-----w- d:\program files\VDOWNLOADER
2009-04-21 17:02 . 2009-04-21 17:02 -------- d-----w- d:\documents and settings\Martin\Application Data\Desktopicon
2009-04-20 22:12 . 2009-04-20 22:12 -------- d-----w- d:\program files\Windows Defender
2009-04-20 21:55 . 2009-04-20 21:55 603904 ----a-w- d:\windows\system32\TUProgSt.exe
2009-04-20 21:55 . 2009-04-20 21:55 360192 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2008-04-14 00:12 . 2004-08-03 22:56 1159168 --sh--r- d:\windows\system32\tvfhost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2009-05-09 342848]
"Creative Live! Cam Manager"="d:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"Orb"="d:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="d:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="d:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"V0470Mon.exe"="d:\windows\V0470Mon.exe" [2007-06-03 32768]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" - d:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - d:\windows\alcwzrd.exe [2008-06-19 2808832]
"Video Task"="tvfhost.exe" - d:\windows\system32\tvfhost.exe [2008-04-14 1159168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Video Task"="tvfhost.exe" - d:\windows\system32\tvfhost.exe [2008-04-14 1159168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\BitComet\\plugin_emule\\plugin_eMule.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\RS VEGAS 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Games\\RS VEGAS 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\GamesBrother in ArmsHell\\Binaries\\biahh.exe"=
"d:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Games\\X-MEN Origins\\Binaries\\Wolverine.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Games\\MIRRORS EDGE\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22319:TCP"= 22319:TCP:BitComet 22319 TCP
"22319:UDP"= 22319:UDP:BitComet 22319 UDP
"1032:TCP"= 1032:TCP:BitComet 1032 TCP
"1032:UDP"= 1032:UDP:BitComet 1032 UDP
"18459:TCP"= 18459:TCP:BitComet 18459 TCP(ED2K)
"18459:UDP"= 18459:UDP:BitComet 18459 UDP(ED2K)
"22437:TCP"= 22437:TCP:BitComet 22437 TCP
"22437:UDP"= 22437:UDP:BitComet 22437 UDP
"17610:TCP"= 17610:TCP:BitComet 17610 TCP
"17610:UDP"= 17610:UDP:BitComet 17610 UDP
"12864:TCP"= 12864:TCP:BitComet 12864 TCP
"12864:UDP"= 12864:UDP:BitComet 12864 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 13:05 108289]
R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [20.4.2009 20:54 80392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;d:\windows\system32\TUProgSt.exe [20.4.2009 23:55 603904]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;d:\windows\system32\drivers\CamSpaceBus.sys [24.8.2008 13:55 14848]
R3 CamSpaceJoy;CamSpace Virtual Joystick device driver;d:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 13:55 30464]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [20.7.2007 18:40 84992]
S3 cpuz130;cpuz130;\??\d:\docume~1\Martin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\Martin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [9.6.2009 16:20 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [9.6.2009 16:20 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [9.6.2009 16:20 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [9.6.2009 16:20 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [9.6.2009 16:20 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [9.6.2009 16:20 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [9.6.2009 16:20 115752]
S3 VF0470Vid;Live! Cam Notebook (VF0470);d:\windows\system32\drivers\V0470Vid.sys [17.5.2009 11:25 146720]
S4 Rdpdumwwpnad;Rdpdumwwpnad; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-13 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = start.qip.ru
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Stiahnuť &všetky odkazy pomocou BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath -

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1035525444-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bf,fb,f3,58,22,f5,3e,4d,84,24,f9,a8,94,8f,19,06,8e,99,63,c7,39,
cd,b3,07,ad,4d,78,67,5a,a7,35,1d,37,21,97,dd,50,b9,0c,8d,a5,42,62,b0,82,f5,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-13 16:33
ComboFix-quarantined-files.txt 2009-06-13 14:33
ComboFix2.txt 2009-06-13 14:25

Pre-Run: 9 813 032 960 bytes free
Post-Run: 9 797 644 288 voľných bajtov

333 --- E O F --- 2009-06-03 18:26

hej pred spustenim combofixu treba vypnut rezidentnu ochranu..

Tak 3. bod skus teda takto:

Vo WinXP daj Start spustit, napis cmd a [enter]
Zobrazi sa jednoduche cierne okno a napis presne:
echo >c:\update.bat [enter]

Najdi tento subor (update.bat) na disku c:\ (tento pocitac, lokalny disk c)
Potom na nom pravym tlacitkom daj "upravit" ..povodny obsah vymaz a nahrad ho tym kodom vid hore.. .ulozis ..a pokracuj dalej, ako som hore pisal..


potom este aj bod 4.
p.s. este su tam nejake problemy ..to az potom

Všetky odpvede som mal kladne-OK
Tu je nový log z fixu
woooow už to funguje, aktualizácie mi opäť idú, ďakujem pekne roberbo,si mácher

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:47, on 14.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\V0470Mon.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\tvfhost.exe
D:\WINDOWS\system32\tvfhost.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Winamp Remote\bin\OrbTray.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] D:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [Video Task] tvfhost.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunServices: [Video Task] tvfhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8225 bytes

A zas to neide to isté

Hej, aj ked po oprave, po restartovani pc skodlivy kod opat ozije ...

..tak postupne..

Nove:
Cez hijackthis fixni:
O4 - HKLM\..\Run: [Video Task] tvfhost.exe
O4 - HKLM\..\RunServices: [Video Task] tvfhost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Na adrese:
http://www.virustotal.com/

nacitaj nasledujuci subor a nechaj prekontrolovat a posli stav;

D:\WINDOWS\V0470Mon.exe

a opat zas posli vypis cez hijackthis..

Pozri sa tu: http://www.lisak.cz/windows-update-chyb ... 70424.html

hm, (samael.35) ..hej ..odkaz pre postup v obnoveni aktualizacii, ktory som navrhol..vid hore ..cez update.bat ..., lenze neriesi pricinu.


Jeffo696:
..skus moj posledny prispevok, a po restarte pc opatovne znovu spusti upadate.bat, ulozene v roote c:\
.. a daj vediet..ci sa problem vracia...

Nič tak nič,asi preinstalujem win, ďakujem pekne za trpezlivosť

este by som to nezavrhol,
ak si to nepreinstaloval, po restarte pc este raz posli aktualny vypis z hijackthis, ci su v nom zmeny..,

Ak Ti nebezia len tie aktualizacie a pc je v pohode, nevidim to hned na reinstal windowsu.. (lebo to je tiez dalsia pakaren) ..

mozme sa este pozriet na spustene viditelne procesy.. cez inu utilitu a tak by sa mohla postupne aj odhalit pricina....

Windows preinštalovaný,už nepomohlo nič,teraz všetko ide ako má,ďakujem Roberbo za snahu a trpezlivosť