Hú én először futtattam az OTM-et, aztán akartam kipucolni a combofix-et, és beírtam a futtatásba, de nem találja. Már az ikonja is csak ilyen fehér általános izé. Ez nagy baj?

Megcsinálom mindenféleképpen és köszönöm a segítséget.

eztet nemirtad hogy ismered e ,,hogy mi ez i:\undercover\FAH.exe
tolds le az OTMOVEIT3 programot,,a bal ablakba masold be a zold[piros.textet]=klik-MOVEIT,,amit ad ted ide
http://oldtimer.geekstogo.com/OTM.exe

leszedni a geprol a combofixet-start-futatas-masold be innen,,combofix /u ok,
Kipucolni a gepet CCleaneral.
start-futatas-beirod cleanmgr ok-ful-tovabi lehetosegek-a rendszer viszaalitasi pontokat kipucoln--ok
Futatod az OTMOVEIT programot-klik-Cleanup-yes-yes-ok
es enyi az egesz,
udv

Na megcsináltam amit írtál, és íme a logfile, remélem mostmár jó.

ComboFix 09-09-28.01 - Máté Balázs 009.09.30. 10:26.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3327.2616 [GMT 2:00]
Running from: i:\dvd-re xxx\ComboFix.exe
Command switches used :: c:\documents and settings\Máté Balázs\Asztal\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
"c:\windows\system32\usbctl.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\usbctl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USBCTL
-------\Service_usbctl


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 21:18 . 2009-09-28 21:18 -------- d-----w- c:\program files\MSXML 4.0
2009-09-27 17:43 . 2009-09-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-25 15:37 . 2009-09-25 21:45 573472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 15:37 . 2009-09-25 21:45 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-25 15:20 . 2009-09-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-25 14:38 . 2009-09-25 15:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-25 12:19 . 2009-09-25 12:19 -------- d-----w- c:\program files\Trend Micro
2009-09-21 10:32 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-09-21 10:32 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-09-21 10:32 . 2009-09-21 10:32 -------- d-----w- c:\program files\Common Files\Creative
2009-09-21 09:52 . 2009-09-21 09:52 -------- d-----w- c:\program files\BOINC
2009-09-20 14:04 . 2009-09-20 14:04 -------- d-----w- c:\program files\Razer
2009-09-20 12:31 . 2009-09-20 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-18 14:56 . 2003-02-25 12:30 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-09-18 14:56 . 2002-10-24 08:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-09-18 14:56 . 2003-05-24 07:06 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-09-18 14:55 . 1998-11-13 11:06 307712 ----a-w- c:\windows\IsUn040e.exe
2009-09-18 13:02 . 2009-03-31 09:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-09-18 12:54 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-18 12:54 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 12:54 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 12:54 . 2009-09-18 12:55 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-18 12:54 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-18 12:54 . 2009-09-27 19:28 -------- d-----w- c:\program files\Spyware Doctor
2009-09-18 12:54 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-18 12:53 . 2009-09-27 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-17 11:00 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-17 11:00 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-17 11:00 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-17 11:00 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-17 11:00 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-09-17 11:00 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-09-17 11:00 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-09-16 23:17 . 2006-10-13 06:18 18216 ----a-w- c:\windows\nvoclk64.sys
2009-09-16 23:17 . 2006-10-13 06:18 6912 ----a-w- c:\windows\nvoclock.sys
2009-09-16 23:17 . 2006-10-13 06:18 380928 ----a-w- c:\windows\ntuneoem.dll
2009-09-16 23:17 . 2006-10-13 06:16 421888 ----a-w- c:\windows\nvsulib.dll
2009-09-16 23:17 . 2006-10-13 06:13 1622016 ----a-w- c:\windows\NVBenchMarks.dll
2009-09-16 23:17 . 2006-10-13 06:12 28672 ----a-w- c:\windows\AutoTuneScript.dll
2009-09-16 23:17 . 2006-09-05 12:59 217088 ----a-w- c:\windows\NVGfxOgl.dll
2009-09-16 23:17 . 2006-08-21 07:20 45056 ----a-w- c:\windows\NTuneGpu.dll
2009-09-16 23:17 . 2006-06-01 15:22 53248 ----a-w- c:\windows\Nvgpio.dll
2009-09-16 23:17 . 2005-09-23 14:33 499712 ----a-w- c:\windows\msvcp71.dll
2009-09-16 23:17 . 2005-09-23 14:33 348160 ----a-w- c:\windows\msvcr71.dll
2009-09-16 23:17 . 2005-09-23 14:33 1060864 ----a-w- c:\windows\MFC71.dll
2009-09-15 17:52 . 2008-04-14 07:01 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 23:31 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 09:03 . 2007-07-12 03:49 96384 ----a-r- c:\windows\system32\drivers\Rtnicxp.sys
2009-09-09 12:57 . 2004-07-02 10:37 81991 ------w- c:\windows\system32\Qscrnt.dll
2009-09-09 12:57 . 2009-09-09 12:57 -------- d-----w- c:\windows\system32\Generex
2009-09-09 12:57 . 2009-09-09 12:57 -------- d-----w- c:\program files\UPS
2009-09-06 11:25 . 2009-09-06 11:25 -------- d-----w- c:\program files\UPC Fiber Power Optimizer
2009-08-31 13:47 . 2009-09-04 09:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-31 13:47 . 2009-08-31 13:47 -------- d-----w- c:\program files\Zone Labs
2009-08-31 13:46 . 2009-09-16 22:45 -------- d-----w- c:\windows\Internet Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 08:39 . 2009-09-30 08:39 96784 ----a-w- c:\windows\system32\WPRO_40_1340woem.tmp
2009-09-30 08:39 . 2009-09-30 08:39 109072 ----a-w- c:\windows\system32\WPRO_40_1340woem_nm.tmp
2009-09-29 15:27 . 2008-10-20 08:43 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-09-28 21:19 . 2009-09-28 21:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-09-28 21:19 . 2008-09-10 18:53 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-09-28 21:18 . 2008-09-10 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-09-28 21:18 . 2008-09-10 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-09-25 21:45 . 2009-09-25 15:37 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-25 21:45 . 2009-09-25 15:37 16064 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-21 14:04 . 2008-08-30 14:39 -------- d-----w- c:\program files\Logitech
2009-09-21 14:04 . 2009-05-13 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-21 10:59 . 2009-06-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-21 10:56 . 2008-08-30 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 10:56 . 2009-08-29 20:50 -------- d-----w- c:\program files\Creative
2009-09-21 10:55 . 2003-10-14 03:53 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-21 10:42 . 2009-06-25 16:39 -------- d--h--w- c:\program files\Creative Installation Information
2009-09-20 21:33 . 2009-02-15 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-20 17:44 . 2009-01-08 10:51 -------- d-----w- c:\program files\Microsoft
2009-09-20 17:41 . 2009-02-15 13:38 -------- d-----w- c:\program files\Microsoft Works
2009-09-20 14:08 . 2009-05-13 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 14:08 . 2009-05-13 18:13 -------- d-----w- c:\program files\Raptr
2009-09-19 23:24 . 2009-09-19 23:24 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-09-19 23:24 . 2004-08-18 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-09-19 21:28 . 2008-08-31 08:18 -------- d-----w- c:\program files\DivX
2009-09-19 17:06 . 2004-08-18 12:00 526546 ----a-w- c:\windows\system32\perfh00E.dat
2009-09-19 17:06 . 2004-08-18 12:00 131798 ----a-w- c:\windows\system32\perfc00E.dat
2009-09-18 16:15 . 2008-08-30 12:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 16:15 . 2008-08-30 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-17 19:51 . 2008-12-18 18:59 -------- d-----w- c:\program files\Setup Files
2009-09-16 23:17 . 2008-09-05 17:56 -------- d-----w- c:\program files\MSI
2009-09-16 12:13 . 2008-10-23 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-16 12:12 . 2008-10-07 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-15 18:38 . 2008-08-30 14:39 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-12 19:53 . 2008-09-27 21:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 20:50 . 2008-09-07 14:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-10 20:50 . 2008-09-07 14:10 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-09 12:52 . 2008-09-02 16:08 -------- d-----w- c:\program files\BCDC++
2009-08-31 15:38 . 2008-09-30 08:03 -------- d-----w- c:\program files\ESET
2009-08-29 00:43 . 2009-08-29 00:43 298104 ----a-w- c:\windows\system32\imon.dll
2009-08-29 00:43 . 2009-08-29 00:43 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-08-29 00:43 . 2009-08-29 00:43 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-08-29 00:38 . 2009-08-28 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-27 11:47 . 2009-08-27 11:47 -------- d-----w- c:\program files\SiSoftware
2009-08-26 19:44 . 2008-10-06 08:46 -------- d-----w- c:\program files\Java
2009-08-22 14:16 . 2008-09-07 14:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-20 11:26 . 2009-08-20 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-14 04:58 . 2009-09-18 12:54 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-11 10:35 . 2009-08-31 00:32 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-06 09:48 . 2009-08-06 09:48 -------- d-----w- c:\program files\LGInternetKit
2009-08-06 09:46 . 2009-08-05 16:40 -------- d-----w- c:\program files\LG Electronics
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:59 . 2008-08-31 15:16 3532 ----a-w- C:\drmHeader.bin
2009-07-25 03:23 . 2008-11-19 12:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 14:34 . 2008-08-30 09:32 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ------w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-29_10.26.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 08:35 . 2009-09-30 08:35 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2009-09-30 08:35 . 2008-12-16 20:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2009-03-11 08:53 . 2009-09-30 08:36 214874 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Máté Balázs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-17 133104]
"PC Suite Tray"="h:\nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Raptr"="c:\progra~1\Raptr\RaptrStub.exe" [2009-09-18 42424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-29 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-06-27 19456]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRUN.DLL [2006-07-03 10752]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M t‚ Bal zs\Start Menu\Programs\Indˇt˘pult\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-9-17 192512]
ExifLauncher2.lnk - h:\fiji1000fd\QuickDCF2.exe [2008-12-23 303104]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-11 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\SteamApps\\wogwog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UPS\\Upsman\\upsman.exe"=
"c:\\Program Files\\UPS\\Upsman\\www\\ServiceDriver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\Steam\\SteamApps\\wogwog\\day of defeat source\\hl2.exe"=
"h:\\KOD4\\iw3mp.exe"=
"h:\\Crysis special edition\\Bin32\\Crysis.exe"=
"h:\\Crysis special edition\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life deathmatch source\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\source sdk base\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Steam\\SteamApps\\wogwog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"h:\\Burnout Paradise\\BurnoutLauncher.exe"=
"h:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"h:\\Burnout Paradise\\BurnoutParadise.exe"=
"f:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Warhammer Dawn Of War 2\\DOW2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTUNES\\iTunes.exe"=
"c:\\Documents and Settings\\Máté Balázs\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"i:\\KOD2\\CoD2MP_s.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"d:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\Raptr\\Raptr.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.09.18. 14:54 206256]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006.07.05. 14:46 63352]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009.09.18. 15:02 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009.09.18. 15:02 39200]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.08.29. 2:43 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009.09.18. 14:54 159600]
R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\Upsman\www\ServiceDriver.exe [2009.09.09. 14:57 225353]
R2 UPSMan;UPSMan;c:\program files\UPS\Upsman\upsman.exe [2009.09.09. 14:57 2990165]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009.03.30. 16:28 1533808]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009.05.13. 20:00 12032]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 20:21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 20:21 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\MTBALZ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MTBALZ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 20:21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 20:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 20:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 20:21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 20:21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 20:21 566296]
S3 FIXUSTOR;FIXUSTOR; [x]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008.08.30. 16:39 14156]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [2009.09.14. 18:16 18432]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009.09.18. 14:54 64392]
S3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [2008.10.18. 21:42 4608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.09.18. 14:54 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009.09.18. 15:02 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S4 FAH@i:+Undercover+FAH.exe;FAH@i:+Undercover+FAH.exe;i:\undercover\FAH.exe -svcstart --> i:\undercover\FAH.exe -svcstart [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUALCORECENTER
*NewlyCreated* - RUSHTOPDEVICE2
*Deregistered* - DualCoreCenter
*Deregistered* - RushTopDevice2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemail.hu
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - i:\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - i:\getright\GRbrowse.htm
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Máté Balázs\Application Data\Mozilla\Firefox\Profiles\ukn1m0f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freemail.hu/
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 10:36
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...


c:\windows\system32\WPRO_40_1340woem.tmp 96784 bytes executable
c:\windows\system32\WPRO_40_1340woem_nm.tmp 109072 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FAH@i:+Undercover+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\windows\system32\themeui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
h:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
h:\nokia\Nokia PC Suite 7\NGSCM.DLL
h:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_hun.nlr
h:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Máté Balázs\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2009-09-30 10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 08:46
ComboFix2.txt 2009-09-29 10:33

Pre-Run: 2 467 905 536 bájt szabad
Post-Run: 2 339 602 432 bájt szabad

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
401

eztet tudod e mi ez?? i:\undercover\FAH.exe
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide

Hát azzal van igazán bajom, hogy az usbctl.exe néha felbukkan random és eszi a procit. Kilövöm, és újra kb. fél napig.

A tcp/ip elemzése:

A(z) TCPIP.SYS állomány feltöltve: 2009.09.21 11:13:55 (UTC)
Pillanatnyi állapot: befejeződött

Eredmény: 0/41 (0.00%)
Formázott Eredmény nyomtatása Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.24 2009.09.21 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.21 -
Antiy-AVL 2.0.3.7 2009.09.21 -
Authentium 5.1.2.4 2009.09.21 -
Avast 4.8.1351.0 2009.09.20 -
AVG 8.5.0.412 2009.09.21 -
BitDefender 7.2 2009.09.21 -
CAT-QuickHeal 10.00 2009.09.21 -
ClamAV 0.94.1 2009.09.21 -
Comodo 2390 2009.09.21 -
DrWeb 5.0.0.12182 2009.09.21 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6750 2009.09.21 -
F-Prot 4.5.1.85 2009.09.21 -
F-Secure 8.0.14470.0 2009.09.21 -
Fortinet 3.120.0.0 2009.09.21 -
GData 19 2009.09.21 -
Ikarus T3.1.1.72.0 2009.09.21 -
Jiangmin 11.0.800 2009.09.21 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.21 -
McAfee 5747 2009.09.20 -
McAfee+Artemis 5747 2009.09.20 -
McAfee-GW-Edition 6.8.5 2009.09.21 -
Microsoft 1.5005 2009.09.21 -
NOD32 4442 2009.09.21 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.21 -
Panda 10.0.2.2 2009.09.21 -
PCTools 4.4.2.0 2009.09.20 -
Prevx 3.0 2009.09.21 -
Rising 21.48.02.00 2009.09.21 -
Sophos 4.45.0 2009.09.21 -
Sunbelt 3.2.1858.2 2009.09.20 -
Symantec 1.4.4.12 2009.09.21 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.21 -
VBA32 3.12.10.10 2009.09.20 -
ViRobot 2009.9.21.1944 2009.09.21 -
VirusBuster 4.6.5.0 2009.09.20 -
További információ
File size: 361600 bytes
MD5 : d24ea301e2b36c4e975fd216ca85d8e7
SHA1 : fa9dc1de4881552c6b71c1bce9cfaf60a3c9db79
SHA256: b69b3c719d9d36cd9f86b1a15cab38ed6b00e3d58fd0d62abe464ac13e6ee71f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50D23
timedatestamp.....: 0x485B99AD (Fri Jun 20 13:51:09 2008)
machinetype.......: 0x14C (Intel I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3F05A 0x3F080 6.58 469827b02f4403f5236e017c0c4bc49a
.rdata 0x3F400 0x574 0x580 4.44 0eb5bdbba26ed4d079a201f965266cb4
.data 0x3F980 0xA4A4 0xA500 0.06 ea0c5005c163289d0c29ae80301cb86f
PAGE 0x49E80 0x1F85 0x2000 6.38 29223020b8202f58b61651e2099c84e8
PAGELK 0x4BE80 0x6F2 0x700 6.19 d82540f4886ebcffb849774114194524
PAGEIPMc 0x4C580 0x2781 0x2800 6.43 bb13276e642dee8cf0a818967e06b022
.edata 0x4ED80 0x341 0x380 5.23 32781ababdbcd87358c1d1eb84509dd0
INIT 0x4F100 0x5936 0x5980 6.19 3eef4225642f44cf2334841334fa434b
.rsrc 0x54A80 0x3F0 0x400 3.41 3fd0d62483602aa6ce780c14866b4e39
.reloc 0x54E80 0x3590 0x3600 6.79 1e3ca28ef6ff9cf6fa16149dbf4fe144

( 0 imports )


( 0 exports )

TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:WJVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCzKLQ/xyczo:WDxTl2OzryZCAQ4CQDQ/
PEiD : -
RDS : NSRL Reference Data Set
-

Az usbctl.exe vizsgálati eredménye:

Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.24 2009.09.24 -
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.24 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2009.09.24 -
Authentium 5.1.2.4 2009.09.24 W32/NewMalware-Rootkit-I-based!Maximus
Avast 4.8.1351.0 2009.09.23 -
AVG 8.5.0.412 2009.09.24 -
BitDefender 7.2 2009.09.24 -
CAT-QuickHeal 10.00 2009.09.24 -
ClamAV 0.94.1 2009.09.24 -
Comodo 2424 2009.09.24 -
DrWeb 5.0.0.12182 2009.09.24 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6758 2009.09.24 -
F-Prot 4.5.1.85 2009.09.24 W32/NewMalware-Rootkit-I-based!Maximus
F-Secure 8.0.14470.0 2009.09.24 -
Fortinet 3.120.0.0 2009.09.24 -
GData 19 2009.09.24 -
Ikarus T3.1.1.72.0 2009.09.24 -
Jiangmin 11.0.800 2009.09.24 -
K7AntiVirus 7.10.853 2009.09.24 -
Kaspersky 7.0.0.125 2009.09.24 -
McAfee 5751 2009.09.24 Downloader-BVX
McAfee+Artemis 5751 2009.09.24 Downloader-BVX
McAfee-GW-Edition 6.8.5 2009.09.24 Heuristic.BehavesLike.Win32.Spyware.H
Microsoft 1.5005 2009.09.23 -
NOD32 4455 2009.09.24 -
Norman 6.01.09 2009.09.24 -
nProtect 2009.1.8.0 2009.09.24 -
Panda 10.0.2.2 2009.09.24 -
PCTools 4.4.2.0 2009.09.24 -
Prevx 3.0 2009.09.24 -
Rising 21.48.34.00 2009.09.24 -
Sophos 4.45.0 2009.09.24 -
Sunbelt 3.2.1858.2 2009.09.24 -
Symantec 1.4.4.12 2009.09.24 -
TheHacker 6.5.0.2.017 2009.09.24 -
TrendMicro 8.950.0.1094 2009.09.24 -
VBA32 3.12.10.11 2009.09.24 -
ViRobot 2009.9.24.1952 2009.09.24 -
VirusBuster 4.6.5.0 2009.09.24 -
További információ
File size: 67072 bytes
MD5 : 186278a7fcbba1939fdcdf07d697a59b
SHA1 : 444415c125fd4a14c1febe9ef73edb7c75799a2a
SHA256: b502d4a48df19f7ea1f6d497164b11d388b2d368e75bfc5aa12469a24ff52fab
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xA3C2
timedatestamp.....: 0x4ABA4B34 (Wed Sep 23 18:22:12 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x95A8 0x9600 6.52 1b0427b0ace41a4522eaa0a1ddf67669
.rdata 0xB000 0x814 0xA00 4.26 fd5fc5175b7d33d0eceaf5604f670b58
.data 0xC000 0x20AAAC 0x5E00 6.87 593ffae9a67581c163d9cd3fb278a4f3
.rsrc 0x217000 0x2D8 0x400 2.52 d4ce134ac884b0ae46174efeb263478c

( 4 imports )

> kernel32.dll: lstrcatA, lstrcpyA, SetEvent, CreateEventA, lstrcmpiA, lstrlenA, lstrcpynA, Sleep, GetLastError, GetModuleHandleA, GetProcAddress, LoadLibraryA, lstrcmpA, MultiByteToWideChar, GlobalAlloc, FreeLibrary, GlobalFree
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, exit, _XcptFilter, _exit, strcmp, strtoul, _strrev, _beginthread, _endthread, sscanf, _strupr, strchr, toupper, isspace, memmove, tolower, strncpy, ftell, fclose, fread, fopen, fseek, strlen, strcpy, sprintf, __2@YAPAXI@Z, __3@YAXPAX@Z, strstr, memcpy, atoi, memset, atol
> wininet.dll: InternetCrackUrlA, InternetFindNextFileA, InternetConnectA, FtpFindFirstFileA, InternetCloseHandle, InternetWriteFile, InternetOpenA, InternetReadFile, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpOpenFileA
> ws2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 1536:gqBhes5RIdRzpzCCvWATFI8oDbUb8vvOjXJifw6mVV:jhes5CdRYC+g0DZ+jZvfV
PEiD : -
RDS : NSRL Reference Data Set

teszteld le a
VIRUSTOTALu


c:\windows\system32\usbctl.exe
c:\windows\system32\drivers\TCPIP.SYS

az eredmenyt ted ide,,en tobb problemat latok ezen a gepenn,,jol megy ez a gep??

aha mar latom,,at vizsgalom,,

azt amit ir neved figyelembe a combofix viat vizsgalja ha van e virus irtod,,nem a gep meg nincsen renben,,latnom kel a C:\combofix.txt es akor megmondom,,ted ide

Azt írja a log, hogy a vírusírtó ment, holott kikapcsoltam teljesen.
Közben meg amikor ment a folyamat letörölt asszem 3 file-t.
Akkor mostmár okés a gép, vagy hogy van ez?

ComboFix 09-09-28.01 - Máté Balázs 009.09.29. 12:12.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3327.2602 [GMT 2:00]
Running from: i:\dvd-re xxx\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-383137952-743768379-3712798748-1001
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\Cache
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-28 21:18 . 2009-09-28 21:18 -------- d-----w- c:\program files\MSXML 4.0
2009-09-27 17:43 . 2009-09-27 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-25 15:37 . 2009-09-25 21:45 573472 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-25 15:37 . 2009-09-25 21:45 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-25 15:20 . 2009-09-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-25 14:38 . 2009-09-25 15:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-25 12:19 . 2009-09-25 12:19 -------- d-----w- c:\program files\Trend Micro
2009-09-21 10:32 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2009-09-21 10:32 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2009-09-21 10:32 . 2009-09-21 10:32 -------- d-----w- c:\program files\Common Files\Creative
2009-09-21 09:52 . 2009-09-21 09:52 -------- d-----w- c:\program files\BOINC
2009-09-20 14:04 . 2009-09-20 14:04 -------- d-----w- c:\program files\Razer
2009-09-20 13:21 . 2009-09-23 16:30 67072 ----a-w- c:\windows\system32\usbctl.exe
2009-09-20 12:31 . 2009-09-20 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-18 14:56 . 2003-02-25 12:30 45056 ----a-w- c:\windows\system32\vusetup.dll
2009-09-18 14:56 . 2002-10-24 08:07 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2009-09-18 14:56 . 2003-05-24 07:06 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2009-09-18 14:55 . 1998-11-13 11:06 307712 ----a-w- c:\windows\IsUn040e.exe
2009-09-18 13:02 . 2009-03-31 09:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-09-18 13:02 . 2009-03-31 09:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-09-18 12:54 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-18 12:54 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 12:54 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-18 12:54 . 2009-09-18 12:55 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-18 12:54 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-18 12:54 . 2009-09-27 19:28 -------- d-----w- c:\program files\Spyware Doctor
2009-09-18 12:54 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-18 12:53 . 2009-09-27 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-17 11:00 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-17 11:00 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-17 11:00 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-17 11:00 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-17 11:00 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-09-17 11:00 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-09-17 11:00 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-09-16 23:17 . 2006-10-13 06:18 18216 ----a-w- c:\windows\nvoclk64.sys
2009-09-16 23:17 . 2006-10-13 06:18 6912 ----a-w- c:\windows\nvoclock.sys
2009-09-16 23:17 . 2006-10-13 06:18 380928 ----a-w- c:\windows\ntuneoem.dll
2009-09-16 23:17 . 2006-10-13 06:16 421888 ----a-w- c:\windows\nvsulib.dll
2009-09-16 23:17 . 2006-10-13 06:13 1622016 ----a-w- c:\windows\NVBenchMarks.dll
2009-09-16 23:17 . 2006-10-13 06:12 28672 ----a-w- c:\windows\AutoTuneScript.dll
2009-09-16 23:17 . 2006-09-05 12:59 217088 ----a-w- c:\windows\NVGfxOgl.dll
2009-09-16 23:17 . 2006-08-21 07:20 45056 ----a-w- c:\windows\NTuneGpu.dll
2009-09-16 23:17 . 2006-06-01 15:22 53248 ----a-w- c:\windows\Nvgpio.dll
2009-09-16 23:17 . 2005-09-23 14:33 499712 ----a-w- c:\windows\msvcp71.dll
2009-09-16 23:17 . 2005-09-23 14:33 348160 ----a-w- c:\windows\msvcr71.dll
2009-09-16 23:17 . 2005-09-23 14:33 1060864 ----a-w- c:\windows\MFC71.dll
2009-09-15 17:52 . 2008-04-14 07:01 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 23:31 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 09:03 . 2007-07-12 03:49 96384 ----a-r- c:\windows\system32\drivers\Rtnicxp.sys
2009-09-09 12:57 . 2004-07-02 10:37 81991 ------w- c:\windows\system32\Qscrnt.dll
2009-09-09 12:57 . 2009-09-09 12:57 -------- d-----w- c:\windows\system32\Generex
2009-09-09 12:57 . 2009-09-09 12:57 -------- d-----w- c:\program files\UPS
2009-09-06 11:25 . 2009-09-06 11:25 -------- d-----w- c:\program files\UPC Fiber Power Optimizer
2009-08-31 13:47 . 2009-09-04 09:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-31 13:47 . 2009-08-31 13:47 -------- d-----w- c:\program files\Zone Labs
2009-08-31 13:46 . 2009-09-16 22:45 -------- d-----w- c:\windows\Internet Logs
2009-08-31 00:33 . 2009-08-31 00:33 -------- d-----w- c:\windows\system32\AGEIA
2009-08-31 00:32 . 2009-04-30 20:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-31 00:32 . 2009-08-11 10:35 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 10:23 . 2009-03-08 15:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-29 10:23 . 2009-03-08 15:15 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-09-28 21:19 . 2009-09-28 21:18 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-09-28 21:19 . 2008-09-10 18:53 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-09-28 21:18 . 2008-09-10 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-09-28 21:18 . 2008-09-10 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-09-28 19:23 . 2008-10-20 08:43 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-09-25 21:45 . 2009-09-25 15:37 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-25 21:45 . 2009-09-25 15:37 16064 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-21 14:04 . 2008-08-30 14:39 -------- d-----w- c:\program files\Logitech
2009-09-21 14:04 . 2009-05-13 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-21 10:59 . 2009-06-25 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-09-21 10:56 . 2008-08-30 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 10:56 . 2009-08-29 20:50 -------- d-----w- c:\program files\Creative
2009-09-21 10:55 . 2003-10-14 03:53 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-21 10:42 . 2009-06-25 16:39 -------- d--h--w- c:\program files\Creative Installation Information
2009-09-20 21:33 . 2009-02-15 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-20 17:44 . 2009-01-08 10:51 -------- d-----w- c:\program files\Microsoft
2009-09-20 17:41 . 2009-02-15 13:38 -------- d-----w- c:\program files\Microsoft Works
2009-09-20 14:08 . 2009-05-13 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 14:08 . 2009-05-13 18:13 -------- d-----w- c:\program files\Raptr
2009-09-19 23:24 . 2009-09-19 23:24 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-09-19 23:24 . 2004-08-18 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-09-19 21:28 . 2008-08-31 08:18 -------- d-----w- c:\program files\DivX
2009-09-19 17:06 . 2004-08-18 12:00 526546 ----a-w- c:\windows\system32\perfh00E.dat
2009-09-19 17:06 . 2004-08-18 12:00 131798 ----a-w- c:\windows\system32\perfc00E.dat
2009-09-18 16:15 . 2008-08-30 12:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 16:15 . 2008-08-30 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-17 19:51 . 2008-12-18 18:59 -------- d-----w- c:\program files\Setup Files
2009-09-16 23:17 . 2008-09-05 17:56 -------- d-----w- c:\program files\MSI
2009-09-16 12:13 . 2008-10-23 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-16 12:12 . 2008-10-07 10:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-15 18:38 . 2008-08-30 14:39 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-12 19:53 . 2008-09-27 21:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 20:50 . 2008-09-07 14:11 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-10 20:50 . 2008-09-07 14:10 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-09 12:52 . 2008-09-02 16:08 -------- d-----w- c:\program files\BCDC++
2009-08-31 15:38 . 2008-09-30 08:03 -------- d-----w- c:\program files\ESET
2009-08-29 00:43 . 2009-08-29 00:43 298104 ----a-w- c:\windows\system32\imon.dll
2009-08-29 00:43 . 2009-08-29 00:43 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-08-29 00:43 . 2009-08-29 00:43 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-08-29 00:38 . 2009-08-28 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-27 11:47 . 2009-08-27 11:47 -------- d-----w- c:\program files\SiSoftware
2009-08-26 19:44 . 2008-10-06 08:46 -------- d-----w- c:\program files\Java
2009-08-22 14:16 . 2008-09-07 14:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-20 11:26 . 2009-08-20 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-14 04:58 . 2009-09-18 12:54 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-06 09:48 . 2009-08-06 09:48 -------- d-----w- c:\program files\LGInternetKit
2009-08-06 09:46 . 2009-08-05 16:40 -------- d-----w- c:\program files\LG Electronics
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:59 . 2008-08-31 15:16 3532 ----a-w- C:\drmHeader.bin
2009-07-25 03:23 . 2008-11-19 12:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 14:34 . 2008-08-30 09:32 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-09-19 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Máté Balázs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-17 133104]
"PC Suite Tray"="h:\nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Raptr"="c:\progra~1\Raptr\RaptrStub.exe" [2009-09-18 42424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"iTunesHelper"="f:\itunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-29 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-06-27 19456]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRUN.DLL [2006-07-03 10752]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\M t‚ Bal zs\Start Menu\Programs\Indˇt˘pult\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-9-17 192512]
ExifLauncher2.lnk - h:\fiji1000fd\QuickDCF2.exe [2008-12-23 303104]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-11 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\SteamApps\\wogwog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\UPS\\Upsman\\upsman.exe"=
"c:\\Program Files\\UPS\\Upsman\\www\\ServiceDriver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BCDC++\\DCPlusPlus.exe"=
"d:\\Steam\\SteamApps\\wogwog\\day of defeat source\\hl2.exe"=
"h:\\KOD4\\iw3mp.exe"=
"h:\\Crysis special edition\\Bin32\\Crysis.exe"=
"h:\\Crysis special edition\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\half-life deathmatch source\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\source sdk base\\hl2.exe"=
"d:\\Steam\\SteamApps\\wogwog\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Steam\\SteamApps\\wogwog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"h:\\Burnout Paradise\\BurnoutLauncher.exe"=
"h:\\Burnout Paradise\\BurnoutConfigTool.exe"=
"h:\\Burnout Paradise\\BurnoutParadise.exe"=
"f:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Warhammer Dawn Of War 2\\DOW2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\iTUNES\\iTunes.exe"=
"c:\\Documents and Settings\\Máté Balázs\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"i:\\KOD2\\CoD2MP_s.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"d:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\Raptr\\Raptr.exe"=
"h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.09.18. 14:54 206256]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006.07.05. 14:46 63352]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009.09.18. 15:02 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009.09.18. 15:02 39200]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.08.29. 2:43 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009.09.18. 14:54 159600]
R2 qHTTPs;UPSMAN HTTP;c:\program files\UPS\Upsman\www\ServiceDriver.exe [2009.09.09. 14:57 225353]
R2 UPSMan;UPSMan;c:\program files\UPS\Upsman\upsman.exe [2009.09.09. 14:57 2990165]
R2 usbctl;Microsoft USB Bus Controller;c:\windows\system32\usbctl.exe [2009.09.20. 15:21 67072]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009.03.30. 16:28 1533808]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009.09.17. 1:17 28160]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009.05.13. 20:00 12032]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2009.09.17. 1:17 56320]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 20:21 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008.06.27. 20:21 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\MTBALZ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MTBALZ~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 20:21 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008.06.27. 20:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 20:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008.06.27. 20:21 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 20:21 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008.06.27. 20:21 566296]
S3 FIXUSTOR;FIXUSTOR; [x]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008.08.30. 16:39 14156]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [2009.09.14. 18:16 18432]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009.09.18. 14:54 64392]
S3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [2008.10.18. 21:42 4608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.09.18. 14:54 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009.09.18. 15:02 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S4 FAH@i:+Undercover+FAH.exe;FAH@i:+Undercover+FAH.exe;i:\undercover\FAH.exe -svcstart --> i:\undercover\FAH.exe -svcstart [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUALCORECENTER
*NewlyCreated* - RUSHTOPDEVICE2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemail.hu
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - i:\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - i:\getright\GRbrowse.htm
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Máté Balázs\Application Data\Mozilla\Firefox\Profiles\ukn1m0f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.freemail.hu/
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 1\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: f:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 12:25
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...


c:\windows\system32\WPRO_40_1340woem.tmp 96784 bytes executable
c:\windows\system32\WPRO_40_1340woem_nm.tmp 109072 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FAH@i:+Undercover+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1229272821-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,0e,df,aa,95,20,05,4d,cc,fe,06,b7,61,90,51,3b,f8,8b,3f,ac,8f,c0,bf,
08,4f,24,e4,aa,f8,eb,d4,67,b8,68,62,c9,85,0d,56,ae,c2,47,69,cb,87,5d,e9,34,\
"??"=hex:33,d2,ec,6c,73,f8,0d,93,a3,ba,11,e3,d8,e9,59,cf

[HKEY_USERS\S-1-5-21-776561741-1229272821-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,ff,52,20,97,d4,a7,35,65,b1,f0,26,62,ba,81,9f,fb,51,9b,72,72,
2c,bd,ab,89,20,f5,9b,9e,82,0f,28,67,46,cf,65,19,40,f3,d6,0e,3f,2e,2b,f0,fe,\
"rkeysecu"=hex:34,99,ef,4f,38,d4,ab,14,3d,04,9d,f7,a9,c9,75,39

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\WININET.dll
c:\windows\system32\themeui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
h:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
h:\nokia\Nokia PC Suite 7\NGSCM.DLL
h:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_hun.nlr
h:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Razer\Lachesis\OSD.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\documents and settings\Máté Balázs\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Razer\Lachesis\razertra.exe
c:\program files\Razer\Lachesis\razerofa.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2009-09-29 12:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 10:33

Pre-Run: 2 103 287 808 bájt szabad
Post-Run: 2 538 938 368 bájt szabad

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
424

nemkell csokentet modban futatnod az combofixet,rendesen windowsban,,a csokentet modot nemikor kilovik a virusok,,futasd igy

Oké, megnézem azzal. Köszi a tippet. A csökkentett mód nem jó, mert két oprendszerem van, és bejön egy választó képernyő, és a windows 7 az alapértelmezett rendszer, foggalmam nincsen, hogy miért. ha xp-re ráállok, akkor hiába nyomkodom az F8-at sajna...

udv
Kérdésem ha kilövöm HijackThis-el,
A HJT vel csak a register kulcsot lovod ki a kartevot nem,,es ha van ott egy akor vanak baratai is,,az hogy a virus vedo programok nem talaltak semmit,,nem szamit semmit,,ezert ha akarod valahova a security temaba futasd le a combofixet es ted oda a loglyat,
udv

Így rákeresve szinte biztos hogy ez valami kártevő. Csökkentett módban próbáld meg eltávolítani, de Stell valószínűleg tud precízebb megoldást erre is.

Sziasztok.

Van egy ilyen a taskmanager-ben, ami kb. 50% processzoridőt elvesz, ha simán kilövöm, minden megjavul, minden oké. Az összes létező anti spy, és vírusírtóval megnéztem, de nem találnak hibát. Kérdésem ha kilövöm HijackThis-el, akkor abból lehet valamilyen problémám?

Előre is köszi asz infót.