if u right down a few steps i will run thru them tmoz!! tar pal
Windows update error!
Started by
f0xy
, Feb 25 2009 09:11 AM
#16
Posted 26 February 2009 - 05:25 PM
if u right down a few steps i will run thru them tmoz!! tar pal
#17
Posted 26 February 2009 - 05:32 PM
Go ahead and go back to the steps to edit the registry files and try again. It should allow you to edit it now. Make sure you check for all of the services that are set incorrectly. You should have no problems after that. I'll check back tomorrow and see how it went.
Edited by Gnomad1600, 26 February 2009 - 05:33 PM.
#18
Posted 27 February 2009 - 08:44 AM
it wont let me edit it still!
#19
Posted 27 February 2009 - 02:34 PM
What happened when you ran the script from the prior post?
#20
Posted 27 February 2009 - 05:00 PM
1st time it disabled me from opening reedit..so i restarted ran it again and it let me open it, but still wont let me edit that key
#21
Posted 01 March 2009 - 07:13 AM
anyone else help here?
#22
Posted 01 March 2009 - 07:15 AM
Lets see if you have any errors in the event viewer.
Regards,
Olrik
- Go to Start and open Run.
- In the Box, type in eventvwr
- When the window pops up. Go to the system log and application log.
- Look for red circles with Xs in them around the time of error.
- Once you've opened the error press the button to the right with the 2 papers on it. (under the 'down' arrow)
- Please attach the information you just copied onto your next reply.
Regards,
Olrik
#23
Posted 01 March 2009 - 07:37 AM
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 01/03/2009
Time: 12:32:04
User: N/A
Computer: HOME
Description:
The Automatic Updates service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 01/03/2009
Time: 12:32:04
User: N/A
Computer: HOME
Description:
The Automatic Updates service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
#24
Posted 01 March 2009 - 07:39 AM
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 01/03/2009
Time: 12:32:04
User: N/A
Computer: HOME
Description:
The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 01/03/2009
Time: 12:32:04
User: N/A
Computer: HOME
Description:
The Background Intelligent Transfer Service service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
#25
Posted 01 March 2009 - 07:43 AM
No need to post them separately
Please make sure the following file is there:
C:\WINDOWS\System32\wuauclt.exe
Regards,
Olrik
Please make sure the following file is there:
C:\WINDOWS\System32\wuauclt.exe
Regards,
Olrik
#26
Posted 01 March 2009 - 07:46 AM
wuauclt1.exe
wuauclt.exe I have
wuauclt.exe I have
#27
Posted 01 March 2009 - 07:57 AM
U just took a quick look at your malware topic and I am just going to discuss something with a few 'colleagues'
Regards,
Olrik
Regards,
Olrik
#28
Posted 01 March 2009 - 07:58 AM
Ok thanks pal...do you think they did something wrong? o_O..haha
#30
Posted 03 April 2009 - 01:07 AM
Hey there fellas,
So I got a similar problem f0xy has/had a month ago. BITS and Automatic update services are disabled and I can't start them because the source path has been changed to %fystemroot%..., which I can't edit with the tool Artellos suggested. I followed the link to the other thread, tried to run Combofix, but all it did was pop up a blue and blank cmd screen, which seemed to be doing nothing. I scanned by explorer.exe file online. It's not infected. I also ran Malwarebytes previously because my computer got infected with something, which removed a bunch of files and I also made a clean copy of svchost.exe from my Windows install CD because it too got infected. So now my PC seems to be clean of infections and works OK except for the error mentioned above. I have XP SP2
Do you have any tips? Thanks a lot and have a nice day.
Here's my HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:18:09, on 2009.04.03.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Sandboxie\SbieSvc.exe
D:\Portable\Spyware Terminator 2.5.5.166 Final Portable Rus\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\UAService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe
D:\Portable\Maxthon 2.1.5.1250\Maxthon.exe
C:\PROGRAM FILES\STARDOCK\OBJECTDOCK\OBJECTDOCK.EXE
D:\Portable\OperaPortable 9.63.10476\OperaPortable\OperaPortable.exe
D:\Portable\OperaPortable 9.63.10476\OperaPortable\App\Opera\Opera.exe
D:\appz\uTorrent\utorrent 1.8.1.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Portable\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portfolio.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Dativus - {434A0D07-D1DB-4787-8FE6-347CF2F2F416} - C:\PROGRA~1\DATIVU~1\Dativus\DATIVU~2.DLL
O3 - Toolbar: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [winpatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [twcu] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [soundmaxpnp] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundmax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a high definition audio tulajdonságlap parancsikonja] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [winroll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [sandboxiecontrol] C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [daemon tools pro agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe] D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe
O8 - Extra context menu item: add to net snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: customize menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: e&xportálás microsoft excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: fill forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: roboform toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: save forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: translate with &babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320af880-6646-11d3-abee-c5dbf3571f46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320af880-6646-11d3-abee-c5dbf3571f46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320af880-6646-11d3-abee-c5dbf3571f49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320af880-6646-11d3-abee-c5dbf3571f49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1229599375093
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229599366078
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Háttérben futó intelligens átviteli szolgáltatás (BITS) - Unknown owner - %fystemRoot%\System32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Portable\Spyware Terminator 2.5.5.166 Final Portable Rus\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: SecuROM User Access Service (useraccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: Automatikus frissítések (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)
So I got a similar problem f0xy has/had a month ago. BITS and Automatic update services are disabled and I can't start them because the source path has been changed to %fystemroot%..., which I can't edit with the tool Artellos suggested. I followed the link to the other thread, tried to run Combofix, but all it did was pop up a blue and blank cmd screen, which seemed to be doing nothing. I scanned by explorer.exe file online. It's not infected. I also ran Malwarebytes previously because my computer got infected with something, which removed a bunch of files and I also made a clean copy of svchost.exe from my Windows install CD because it too got infected. So now my PC seems to be clean of infections and works OK except for the error mentioned above. I have XP SP2
Do you have any tips? Thanks a lot and have a nice day.
Here's my HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:18:09, on 2009.04.03.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Sandboxie\SbieSvc.exe
D:\Portable\Spyware Terminator 2.5.5.166 Final Portable Rus\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\UAService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe
D:\Portable\Maxthon 2.1.5.1250\Maxthon.exe
C:\PROGRAM FILES\STARDOCK\OBJECTDOCK\OBJECTDOCK.EXE
D:\Portable\OperaPortable 9.63.10476\OperaPortable\OperaPortable.exe
D:\Portable\OperaPortable 9.63.10476\OperaPortable\App\Opera\Opera.exe
D:\appz\uTorrent\utorrent 1.8.1.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Portable\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portfolio.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Dativus - {434A0D07-D1DB-4787-8FE6-347CF2F2F416} - C:\PROGRA~1\DATIVU~1\Dativus\DATIVU~2.DLL
O3 - Toolbar: WhiteSmoke IE Toolbar - {ebba2a2f-7b79-462a-a550-e500fe0dd556} - C:\Program Files\WhiteSmoke_IE\tbWhi0.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [winpatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [twcu] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [soundmaxpnp] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundmax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a high definition audio tulajdonságlap parancsikonja] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [winroll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [sandboxiecontrol] C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [daemon tools pro agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe] D:\Portable\NetMeter 1.1.3\Portable NetMeter\NetMeter.exe
O8 - Extra context menu item: add to net snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: customize menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: e&xportálás microsoft excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: fill forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: roboform toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: save forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: translate with &babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320af880-6646-11d3-abee-c5dbf3571f46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320af880-6646-11d3-abee-c5dbf3571f46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320af880-6646-11d3-abee-c5dbf3571f49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320af880-6646-11d3-abee-c5dbf3571f49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1229599375093
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229599366078
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.h...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Háttérben futó intelligens átviteli szolgáltatás (BITS) - Unknown owner - %fystemRoot%\System32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Portable\Spyware Terminator 2.5.5.166 Final Portable Rus\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: SecuROM User Access Service (useraccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: Automatikus frissítések (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)
Edited by mcaleck, 03 April 2009 - 01:18 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users