javítottam a képet most se?

mire megoldast,a kep nemtalalhato,,

Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.18 2009.07.04 -
AhnLab-V3 5.0.0.2 2009.07.04 -
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.03 -
Avast 4.8.1335.0 2009.07.03 -
AVG 8.5.0.386 2009.07.03 -
BitDefender 7.2 2009.07.04 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.04 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.03 -
F-Secure 8.0.14470.0 2009.07.04 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.04 -
Ikarus T3.1.1.64.0 2009.07.04 -
Jiangmin 11.0.706 2009.07.04 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.04 -
McAfee 5666 2009.07.04 -
McAfee+Artemis 5666 2009.07.04 -
McAfee-GW-Edition 6.8.5 2009.07.04 -
Microsoft 1.4803 2009.07.04 -
NOD32 4216 2009.07.04 -
Norman 6.01.09 2009.07.04 -
nProtect 2009.1.8.0 2009.07.04 -
Panda 10.0.0.14 2009.07.04 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.04 -
Rising 21.36.52.00 2009.07.04 -
Sophos 4.43.0 2009.07.04 -
Sunbelt 3.2.1858.2 2009.07.04 -
Symantec 1.4.4.12 2009.07.04 -
TheHacker 6.3.4.3.361 2009.07.04 -
TrendMicro 8.950.0.1094 2009.07.04 -
VBA32 3.12.10.7 2009.07.04 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.03 -
További információ
File size: 104 bytes
MD5...: 70571b84704be3a0d2e74f2c244450ac
SHA1..: 4d9f2f2e4cfb093c02d23db8175ceed9666270a0
SHA256: b7e46486efba798493ea4f3ba4bf475a7d272ddf9153430ad18fc08af0448beb
ssdeep: 3:/ldEVGOvcFl/lOopjHp:gvCl/QO9
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

még egy probléma hátha erre is tudsz megoldást:

teszteld le a virustotalon,de elote kapcsold be a rejtet mapak,falok meglyeleniteset,
c:\windows\SYSTEM32\5BC6FD03FA.sys

javat töröltem igaz 3 lehetőség közül telepítettem az egyiket de mivel nem tudok angolul kieséses alapon úgy döntöttem mindegyik ugyanaz most vagy bejött vagy nem
de egyenlőre azzal kapcsolatba nincsen probléma
ez a jegyzettömb maradt utána:(igaz ezt nem kérted de hátha jó lesz valamire)
JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jul 04 15:56:43 2009

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

felesleges program futtatásnál 3-at talált 1 javat, ctfmon.exe a 3. nem tudom már mi volt de mind3 disabled-en hagytam


OTMOVEIT program is kész
log fájl:
All processes killed
Error: Unable to interpret <Kód:> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\005751_.tmp moved successfully.
C:\WINDOWS\INF\HFX19C.tmp moved successfully.
C:\WINDOWS\Installer\MSIE9.tmp moved successfully.
C:\WINDOWS\Installer\MSIF5.tmp moved successfully.
C:\WINDOWS\Installer\MSI425.tmp moved successfully.
C:\WINDOWS\Installer\MSI42B.tmp moved successfully.
C:\WINDOWS\Installer\MSI9D.tmp moved successfully.
C:\WINDOWS\TEMP\NOD99DD.tmp moved successfully.
C:\WINDOWS\TEMP\E_S10F.tmp moved successfully.
C:\WINDOWS\TEMP\E_S277.tmp moved successfully.
C:\WINDOWS\TEMP\DSPD.tmp moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Both György
->Temp folder emptied: 752916427 bytes
->Temporary Internet Files folder emptied: 63603890 bytes
->Java cache emptied: 19835468 bytes
->FireFox cache emptied: 29788984 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Rendszergazda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 258383 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes

RecycleBin emptied: 58328125 bytes

Total Files Cleaned = 881,96 mb


OTM by OldTimer - Version 3.0.0.3 log created on 07042009_164436

Files moved on Reboot...

Registry entries deleted on Reboot...

végül combofix program logja:
ComboFix 09-07-03.03 - Both György 9. 07. 04. 17:06.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.991.692 [GMT 2:00]
Running from: c:\documents and settings\Both György\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
c:\windows\Installer\1c7976.msi
c:\windows\Installer\38fae66.msi
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 14:44 . 2009-07-04 14:44 -------- d-----w- C:\_OTM
2009-07-04 14:13 . 2009-07-04 14:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-04 12:48 . 2009-07-04 12:48 -------- d-----w- C:\rsit
2009-07-04 08:33 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-04 08:33 . 2009-07-04 08:33 -------- d-----w- c:\windows\ie8updates
2009-07-04 08:33 . 2009-04-30 21:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-04 08:33 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-04 08:29 . 2009-07-04 08:29 -------- d--h--w- c:\windows\ie8
2009-07-04 08:21 . 2009-07-04 08:21 -------- d-----w- c:\program files\WinClamAVShield
2009-07-04 08:17 . 2009-07-04 08:17 -------- d-----w- c:\program files\Crawler
2009-07-04 08:17 . 2009-07-04 08:17 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-07-04 08:17 . 2009-07-04 08:17 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-07-04 08:17 . 2009-07-04 08:17 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-04 08:17 . 2009-07-04 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-07-04 08:17 . 2009-07-04 08:17 -------- d-----w- c:\program files\Spyware Terminator
2009-07-04 07:59 . 2009-07-04 07:59 -------- d-----w- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 10:27 . 2008-07-05 18:26 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 09:12 . 2009-05-28 09:12 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-28 09:12 . 2009-05-28 09:12 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-28 09:10 . 2009-05-28 09:10 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-26 11:20 . 2009-06-04 10:27 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-06-18 07:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 16:12 . 2009-05-25 16:12 -------- d-----w- c:\program files\MagicISO
2009-05-13 05:06 . 2004-11-11 17:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2005-01-22 15:37 348160 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 15:41 . 2005-01-22 15:39 54878 ----a-w- c:\windows\system32\perfc00E.dat
2009-04-30 15:41 . 2005-01-22 15:39 297456 ----a-w- c:\windows\system32\perfh00E.dat
2009-04-23 17:11 . 2005-01-22 15:55 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-19 19:51 . 2005-01-22 15:39 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:55 . 2005-01-23 12:05 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-01-22 15:28 . 2005-01-22 15:28 11231 ---h--w- c:\program files\folder.htt
2005-06-11 16:26 . 2005-06-11 13:00 104 --sh--r- c:\windows\SYSTEM32\5BC6FD03FA.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 19:03 8482304 ----a-w- c:\windows\SYSTEM32\shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2005-02-23 692286]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-28 2029640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-04 1783808]
"PCTVOICE"="pctspk.exe" - c:\windows\SYSTEM32\pctspk.exe [2001-10-26 86016]
"VTPreset"="VTPreset.exe" - c:\windows\SYSTEM32\VTPreset.exe [2004-02-24 45056]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MsMsgs.EXE"=
"c:\\dc új\\StrongDC.exe"=
"c:\\strongdc 2.12\\StrongDC.exe"=
"c:\\dc\\StrongDC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [2009. 05. 28. 11:12 107256]
R1 epfwtdir;epfwtdir;c:\windows\SYSTEM32\DRIVERS\epfwtdir.sys [2009. 05. 28. 11:12 94360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys [2009. 07. 04. 10:17 141312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009. 05. 28. 11:12 731840]
R2 ScanDrv;ScanDrv;c:\windows\SYSTEM32\DRIVERS\scandrv.sys [2005. 07. 02. 14:31 195396]
R3 EPPSCSIx;Agfa EPPSCSI Driver;c:\windows\SYSTEM32\DRIVERS\EPPSCAN.sys [1999. 10. 21. 16:10 95336]
S3 LU1103A;LU1103A Filter;c:\windows\SYSTEM32\DRIVERS\LU1103A.sys [2007. 12. 14. 13:42 22016]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RAM_DEFRAG - (no file)
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B5A16F53-5EBC-4318-ACC9-017717A7FBCB}
FF - ProfilePath - c:\documents and settings\Both György\Application Data\Mozilla\Firefox\Profiles\exd0xbg3.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 17:14
Windows 5.1.2600 Szervizcsomag 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-04 17:18
ComboFix-quarantined-files.txt 2009-07-04 15:18
ComboFix2.txt 2008-02-10 10:21

Pre-Run: 6 985 416 704 bájt szabad
Post-Run: 6 956 974 080 bájt szabad

188 --- E O F --- 2009-07-04 08:34

letoltod az OTMOVEIT programot
http://oldtimer.geekstogo.com/OTM.exe
a bal ablakba a sarga vonas ala masold be

KLIK_MOVEIT
a restart utan a logot ted ide,,

üdv stell
elkészült amit kértél virusírtást nem tudtam kivárni mert több mint 3 óra mulva is csak 5%-nál tartot és nem talált semmit

info.txt logfile of random's system information tool 1.06 2009-07-04 14:50:02

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
1EUR - Német szótár-->"C:\DigitalMedia\1EUR - Német szótár\unins000.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.2 CE-->MsiExec.exe /I{AC76BA86-7AD7-1045-7646-CEA000000001}
AGFAnet Print Service-->C:\PROGRA~1\AGFANET\INTERN~1\UNWISE.EXE C:\PROGRA~1\AGFANET\INTERN~1\INSTALL.LOG
Ant-Mahjongg v1.2-->"C:\Program Files\Ant-Mahjongg v1.2\Uninstal.exe"
Belkin Wireless USB Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A6359CCF-215D-43D9-8366-479D231F2A72}
Caesar 3-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cFosSpeed v2.02-->"C:\Program Files\cFosSpeed\setup.exe" -uninstall
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON nyomtatószoftver-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESDX4000_4050_CX3900-->C:\Program Files\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE
EVEREST Home Edition v2.00-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ffdshow [rev 610] [2006-12-01]-->"C:\Program Files\ffdshow\unins000.exe"
Harciszekerek-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7540BD1D-924A-4BF1-A8BA-B7041C4A69F9}
HighMAT-bővítmény a Microsoft Windows XP CD-írás varázslójához-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HSP56 MR Drivers-->ptuninst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040E-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MM603 Maverick-->C:\Program Files\FT7191\uninst.exe
Mozilla Firefox (2.0.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Pawn-->C:\Program Files\Pawn\Uninstal.exe
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SHOUTcast Source DSP 1.8.2 (remove only)-->C:\Program Files\Winamp\uninst-dsp.exe
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Stronghold Crusader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0xe
Tina Pro for Windows-->C:\WINDOWS\IsUn040e.exe -f"C:\Program Files\DesignSoft\Tina Pro Book\uninst.isu"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Transport Tycoon Deluxe-->C:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 7 biztonsági frissítés - KB938127-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB942615-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB944533-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB950759-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB958215-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB960714-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB963027-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 gyorsjavítás - KB947864-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 frissítés - KB971930-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live bejelentkezési segéd-->MsiExec.exe /I{79449B16-5C47-4C4D-87CE-7E141572C8EE}
Windows Live installer-->MsiExec.exe /X{999CE3F5-C179-4607-BEDF-B9544B0DD232}
Windows Live Messenger-->MsiExec.exe /X{AF2815A6-0573-45A4-BAE3-3194C1D4393C}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Biztonsági frissítés (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Windows Media Player 10 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Biztonsági frissítés (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923561-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-v2-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB946648-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950760-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950762-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950974-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951066-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-v2-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951698-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951748-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952004-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952954-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954211-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954459-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954600-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB955069-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956391-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956572-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956802-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956803-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956841-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957095-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957097-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958644-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958687-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958690-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB959426-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960225-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960715-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960803-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961373-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961501-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB968537-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB969898-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB970238-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP frissítés - KB951072-v2-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows XP frissítés - KB951978-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP frissítés - KB955839-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP frissítés - KB967715-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB952287-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

195.184.181.216 l2authd.lineage2.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: J5C6T1
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Szervizcsomag 2 Uniprocessor Free.

Record Number: 55086
Source Name: EventLog
Time Written: 20090331145942.000000+120
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 6006
Message: Az Eseménynapló szolgáltatás leállt.

Record Number: 55085
Source Name: EventLog
Time Written: 20090331053538.000000+120
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 7036
Message: A(z) QoS RSVP szolgáltatás állapota: "leállítva".

Record Number: 55084
Source Name: Service Control Manager
Time Written: 20090331045232.000000+120
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 7036
Message: A(z) Távelérési csatlakozáskezelő szolgáltatás állapota: "fut".

Record Number: 55083
Source Name: Service Control Manager
Time Written: 20090331045038.000000+120
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 7036
Message: A(z) IMAPI CD-égető COM-szolgáltatás szolgáltatás állapota: "leállítva".

Record Number: 55082
Source Name: Service Control Manager
Time Written: 20090331045036.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: J5C6T1
Event Code: 1800
Message: A Windows Biztonsági központ szolgáltatása elindult.

Record Number: 16087
Source Name: SecurityCenter
Time Written: 20071229114218.000000+060
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 4137
Message: A CI megkezdődött a következő katalógus számára: c:\system volume information\catalog.wci.

Record Number: 16086
Source Name: Ci
Time Written: 20071229112314.000000+060
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 0
Message:
Record Number: 16085
Source Name: PctSpk
Time Written: 20071229111651.000000+060
Event Type: hiba
User:

Computer Name: J5C6T1
Event Code: 1800
Message: A Windows Biztonsági központ szolgáltatása elindult.

Record Number: 16084
Source Name: SecurityCenter
Time Written: 20071229111554.000000+060
Event Type: információ
User:

Computer Name: J5C6T1
Event Code: 1517
Message: A Windows mentette J5C6T1\Both György felhasználó rendszerleíró adatbázisát, mert azt a kijelentkezés közben egy másik alkalmazás vagy szolgáltatás is használta. A felhasználó rendszerleíró adatbázisa által használt memória nem lett felszabadítva. A rendszerleíró adatbázis akkor lesz eltávolítva, amikor már nincs használatban.


Ezt a problémát általában felhasználói fiókként futó szolgáltatások okozzák. Próbálja a szolgáltatásokat úgy konfigurálni, hogy a helyi vagy a hálózati szolgáltatásfiókban fussanak.

Record Number: 16083
Source Name: Userenv
Time Written: 20071229111448.000000+060
Event Type: figyelmeztetés
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\system32;%SYSTEMROOT%;%SYSTEMROOT%\system32\WBEM
"windir"=C:\WINDOWS
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=C:\WINDOWS\TEMP
"TMP"=C:\WINDOWS\TEMP
"PROMPT"=$p$g
"winbootdir"=C:\WINDOWS
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Both György at 2009-07-04 14:48:26
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 6 GB (16%) free of 39 GB
Total RAM: 991 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:51, on 2009. 07. 04.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Both György\Asztal\RSIT.exe
C:\Program Files\trend micro\Both György.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O1 - Hosts: 195.184.181.216 l2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S277.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1960459312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8205524859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B5A16F53-5EBC-4318-ACC9-017717A7FBCB} -
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7228 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-10-08 1193984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-10-08 1193984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS\system32\SysTray.Exe [2001-10-26 3072]
"PCTVOICE"=C:\WINDOWS\system32\pctspk.exe [2001-10-26 86016]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"RAM_DEFRAG"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"cFosSpeed"=C:\Program Files\cFosSpeed\cFosSpeed.exe [2005-02-23 692286]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-28 2029640]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-04 1783808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\MsMsgs.EXE"="C:\Program Files\Messenger\MsMsgs.EXE:*:Enabled:Windows Messenger"
"C:\dc új\StrongDC.exe"="C:\dc új\StrongDC.exe:*:Enabled:StrongDC++"
"C:\strongdc 2.12\StrongDC.exe"="C:\strongdc 2.12\StrongDC.exe:*:Enabled:StrongDC++"
"C:\dc\StrongDC.exe"="C:\dc\StrongDC.exe:*:Enabled:StrongDC++ Matrix"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8badb7a8-dfcf-11dd-aa99-00173fb35481}]
shell\AutoRun\command - H:\setupSNK.exe


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-07-04 14:48:26 ----D---- C:\rsit
2009-07-04 10:33:26 ----D---- C:\WINDOWS\ie8updates
2009-07-04 10:29:23 ----HD---- C:\WINDOWS\ie8
2009-07-04 10:21:10 ----D---- C:\Program Files\WinClamAVShield
2009-07-04 10:17:52 ----D---- C:\Program Files\Crawler
2009-07-04 10:17:22 ----D---- C:\Documents and Settings\Both György\Application Data\Spyware Terminator
2009-07-04 10:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-07-04 10:17:12 ----D---- C:\Program Files\Spyware Terminator
2009-07-04 09:59:17 ----D---- C:\Program Files\trend micro
2009-06-17 09:04:07 ----A---- C:\WINDOWS\DEBUGSM.INI
2009-06-12 05:22:46 ----HD---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 05:22:33 ----HD---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 05:17:04 ----HD---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 05:16:21 ----HD---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-04 10:41:40 ----A---- C:\WINDOWS\SchedLog.Txt
2009-07-04 10:33:54 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-28 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-28 94360]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-26 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-28 114472]
R2 HidUsb;USB Miniport Driver for Input Devices; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R2 ScanDrv;ScanDrv; C:\WINDOWS\system32\drivers\ScanDrv.sys [1999-10-21 195396]
R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
R3 EPPSCSIx;Agfa EPPSCSI Driver; C:\WINDOWS\System32\DRIVERS\EPPSCAN.sys [1999-10-21 95336]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet adapter NT-illesztőprogramja; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 MODEMCSA;Unimodem Streaming Filter eszköz; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2003-01-14 136044]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB szabványos hub-illesztőprogram; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-03-24 88960]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 cFosSpeed;cFosSpeed Miniport; C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [2005-02-23 343103]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 LU1103A;LU1103A Filter; C:\WINDOWS\system32\DRIVERS\LU1103A.sys [2007-04-04 22016]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\Sandra.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cFosSpeedS;cFosSpeed System Service; C:\Program Files\cFosSpeed\spd.exe [2005-02-23 254006]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28 731840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-07-04 570880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28 20680]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-06-14 68096]
S3 usnjsvc;Messenger megosztási mappák – USN-naplóolvasó szolgáltatás; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

udv szergely cimbi,
igen win-7nem latok semit,de sajnos a win-7-re nincsenek ,nem tudok alyanlani semijen tisztito programot,,,es ugyanugy mar fertozotek,,de nincsen meg ra program,,

Üdv stell mester !
úgy latom mindig van vírus nem tudom volt már dolgod Windows 7s-sel
Itt is van no name fene gondolom a k.génekkel telepöl . nezd csak meg.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:12, on 2009.07.04.
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'HÁLÓZATI SZOLGÁLTATÁS')
O9 - Extra button: Küldés blogba - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Küldés blogba a Windows Live Writer programmal - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6023 bytes

szia
nem baj én is csak most tudom megcsinálni de először most másik asztali gépet csinálom meg mert én reggel visszaaludtam
de az is megadat
létrejött 100%-os CPU használattal egy olyan hogy felhasználónév.exe
és nem akart tovább menni nem tudom hogy ez normális de aztán tovább engedte mikor megszűnt a 100%os terheltség
ugyanez szokta főként lassítani csak akkor az svchost.exe van 100%-on
egyenlőre ennyi most láttam hogy újra kell telepíteni a gépeken a vírusirtókat még azokat lefuttatom aztán megcsinálom azt amit kértél
üdv
Gyuri

igen az RSIT-loglyat ted ide es majd lasuk hogy mi van,de csak delutan lesz idom,

szia
vissza állítási pontot töröltem
késleltetés megszűnt az adott meghajtón
hibákat talált a program de egészen máshol mint ahogy gondoltam azon a meghajtón nem amin éppen gondoltam
igaz tegnap elaludtam így további problémát nem találtam

következő gépről milyen adatra van szüksége?
ugyanúgy ezt a programot futtassam?:
RSIT és illesszem be ide aztán meglátod mi szükséges a továbbiakban?
másik két gép egyébként régebbi de azok is elég jó állapotba voltak míg nem lettek betegek
írok egy két sort arról ami volt a gépemen
végül is egy crack által került fel a gépre szerintem
tünetei azok voltak hogy megváltozott a hátér és ha rákattintottam akkor egy ablak jelent meg ,nem volt jogosultságom,magától megnyílt a IE böngésző attól függetlenül hogy nem az volt az alapértelmezett és folyamatosan jelentek meg oldalak mit töltsek le
és persze folyamatosan lassult a gép
végén elkezdett túlmelegedni és folyamatosan kikapcsolt lelát kék halállal kifagyott végül el se indult lehet hogy ez már valami komplett hiba volt
de ennek a gyengébbik vírus verziója került át a másik gépre mert ott is voltak ilyen jelek de ott utána nem jelenkezet miikor leirtottam
úgyhogy nem tudom hogy rajta van e vagy sincs de azóta van egy két hibaüzenet amivel nem tudtam mit kezdeni

ez a gép azonban úgy lett megcsinálva végül hogy IDE vezérlő hiba lett tehát alapcserét kellet végre hajtani azóta jól működik persze most még jobban hogy le lett ellenőrizve

így harmadik nekifutásra ennyit tudok mondani jelenlegi és visszatekintve a problémára ami elvileg megoldódott akkor de nem tudom hogy nem e csak lelet blokkolva és ezért nem látszik a hatása

várom az utasításokat:)
köszönöm
üdv
Gyuri

visszaállítási pontokat akkor töröljem az utolsó kivételével
igen pontosan eztet csinald meg

és az egyik meghajtót elég nehezen akarja betölteni megmutatni a tartalmát nem tudom hogy ez okozhatja vírus
igen lehetseges,ezert letoltod a WEBCUREIT programot,csinalsz az expres skan utan,,komplet skant csokentet modban,,,,mikor konyilik majd a zold ablak megvetelre a webcureinal,,csal zard be a jobb felso sarokban a keresztell,ok,majd ird meg talalt e valamit,,,ha talal gyogyitani,,
http://www.viry.cz/forum/viewtopic.php?t=47721/

szia stell
tegnap óta semmi rossz nem volt a géppel amióta csinálgattuk
visszaállítási pontokat akkor töröljem az utolsó kivételével mert arra nem írtál semmit

egy észrevételt még is teszek nekem több részre van felosztva a merevlemez és az egyik meghajtót elég nehezen akarja betölteni megmutatni a tartalmát nem tudom hogy ez okozhatja vírus vagy valami program van ott ami lassíthat ott valamit
ha esetleg van erre valami megoldás...

ha viszont nem találunk rá akkor még mindig van itthon két gép amit szintén erről áterjedő vírus ölt le mindegyiket sikerült helyreállítani kisebb nagyobb sikerrel ezért is haldokolnak és ezt már meg is írtam neked első levelembe
igaz a sok segítség közbe nem tudom menyire maradt meg benned
hát egyenlőre így második nekifutásra ennyi a nyűgöm:)
remélem lesz rájuk megoldás
előre is köszönöm a segítséged
üdv
Gyuri

Igen Lacikam szed le,ez a teatimer egy csak szereny probalkozas hogy vedje a registert,,meg mi egy mast,tobnyire aztan vedi a trojakot hogy mindig viszaalitlya,,
ted fel a SAS-superantispywaret es futasd le majd meglepodsz,,

Ajaj.
Te vagy a profi ebben. Szedjem le, ne higyjek neki? Pedig állandóan frissíti magát, és elég megyőzően jelzi, miket véd.

ugy hogy lacikam a spybot a multe,a mai virusokra es az oszes szemetre mar keves,,

Ezt hogy érted?

szia
utolsó kivételével mindent megcsináltam
de az utolsónál nem volt olyan hogy rendszer visszaállítási pont pucolás
de innen is kilehet már ha egyre gondoltunk? C:\Documents and Settings\All Users\Start Menu\Programs\Kellékek\Rendszereszközök
holnap én csak este körül fogok tudni lenni ha addig lesz valami majd megírom de nem hiszem mert én is megyek
jó éjt
üdv
Gyuri

leszedni a combofixet-start-futatas-beirni combofix /u ok
kipucolni a gepret CCleaneral
start-futatas beirni cleanmgr ok-bepipazni-temporary internet,temp,offline,szemet kupa ok
ujbol beirni cleanmgr ok--tovabbi lehetosegek-aloll-rendszer viszaalitas-kipucolni ok,,
Es ird le mia hejzet a gepell,majd holnap delutan megnezem,,

remélem így jó lesz
ComboFix 09-07-01.04 - B.György 009.07.02. 21:44.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.511.100 [GMT 2:00]
Running from: c:\documents and settings\B.György\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\5aebf6.msi
c:\windows\system32\dcdecdec7_s.dll
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 16:44 . 2009-07-02 16:45 -------- d-----w- C:\rsit
2009-06-29 18:39 . 2009-06-29 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-27 06:30 . 2009-06-27 06:30 -------- d-----w- c:\program files\loogoos
2009-06-20 11:58 . 2009-06-20 12:16 -------- d-----w- c:\program files\jv16 PowerTools 2006
2009-06-15 11:35 . 2009-06-15 11:35 -------- d-----w- c:\program files\Common Files\NSV
2009-06-13 09:22 . 2009-06-13 09:22 -------- d-----w- c:\program files\SCi Games
2009-06-12 04:35 . 2009-04-30 21:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 04:35 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-07 13:31 . 2008-12-04 19:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-07 13:31 . 2009-06-07 13:31 -------- d-----w- c:\program files\Xvid
2009-06-07 13:31 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-07 13:30 . 2009-06-07 13:31 -------- d-----w- c:\program files\WMV9_VCM
2009-06-07 13:30 . 2009-06-07 13:30 -------- d-----w- c:\program files\Real Alternative
2009-06-07 13:28 . 2009-06-07 13:28 -------- d-----w- c:\program files\illiminable
2009-06-07 13:27 . 2000-06-23 12:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-06-07 13:27 . 2000-06-22 11:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-06-07 13:27 . 2009-06-07 13:27 -------- d-----w- c:\program files\Ligos
2009-06-07 13:23 . 2009-06-07 13:24 -------- d-----w- c:\program files\AC3Filter
2009-06-07 13:22 . 2009-06-07 13:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 13:22 . 2009-06-07 13:23 -------- d-----w- c:\program files\DivX
2009-06-06 18:41 . 2009-06-06 18:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-05 15:10 . 2009-06-06 18:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-05 13:47 . 2009-06-05 13:47 -------- d-----w- c:\program files\Glary Utilities
2009-06-05 12:11 . 2009-06-20 01:24 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-05 12:08 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 12:08 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 12:08 . 2009-06-05 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 12:07 . 2009-06-20 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 19:14 . 2008-10-12 18:14 -------- d-----w- c:\program files\Spyware Terminator
2009-07-02 18:14 . 2007-12-26 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-02 13:06 . 2009-04-13 16:56 -------- d-----w- c:\program files\valve
2009-07-02 07:50 . 2008-10-12 18:38 -------- d-----w- c:\program files\WinClamAVShield
2009-07-01 20:43 . 2007-08-18 09:29 -------- d-----w- c:\program files\Disk Washer
2009-06-28 21:14 . 2007-11-11 11:06 -------- d-----w- c:\program files\EPSON
2009-06-28 17:42 . 2008-10-12 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-17 22:29 . 2009-01-21 21:00 -------- d-----w- c:\program files\QuickTime
2009-06-17 22:29 . 2008-07-28 06:51 -------- d-----w- c:\program files\Macromedia
2009-06-13 09:22 . 2007-12-23 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 09:50 . 2007-08-17 12:28 -------- d-----w- c:\program files\Java
2009-06-01 11:21 . 2008-12-11 08:20 -------- d-----w- c:\program files\Winamp
2009-05-28 09:12 . 2009-05-28 09:12 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-28 09:12 . 2009-05-28 09:12 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-28 09:10 . 2009-05-28 09:10 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:06 . 2007-01-04 12:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2004-08-18 11:00 348160 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-26 10:44 . 2009-04-26 10:44 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-26 10:44 . 2009-04-26 10:44 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-19 19:51 . 2007-03-01 12:03 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 09:11 . 2004-08-18 11:00 57716 ----a-w- c:\windows\system32\perfc00E.dat
2009-04-16 09:11 . 2004-08-18 11:00 303356 ----a-w- c:\windows\system32\perfh00E.dat
2009-04-15 14:55 . 2004-08-18 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-28 2029640]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-22 90112]

c:\documents and settings\B.Gy”rgy\Start Menu\Programs\Indˇt˘pult\
webPanel.lnk - c:\documents and settings\B.Gy”rgy\Application Data\webPanel\webPanel.exe [2008-11-9 281143]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Belkin Wireless USB Utility.lnk]
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"e:\\letöltés\\programok\\letöltö progi\\utorrent.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\dc\\sdc221_src\\StrongDC.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA_server.exe"=
"e:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program1\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.28. 11:12 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.05.28. 11:12 94360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008.10.12. 20:15 141312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.05.28. 11:12 731840]
S3 EPPSCSIx;Agfa EPPSCSI Driver;c:\windows\system32\DRIVERS\EPPSCAN.sys --> c:\windows\system32\DRIVERS\EPPSCAN.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-05 09:39]

2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{BC4BC43E-CB99-4253-BD13-C9EE21E7E8F9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\B.György\Application Data\Mozilla\Firefox\Profiles\h0yn9yid.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox? ... u:official
FF - component: c:\documents and settings\B.György\Application Data\webPanel\component_v2\mozillaObserver2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 21:48
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\documents and settings\B.György\Application Data\webPanel\ieObserver32.dll
c:\documents and settings\B.György\Application Data\webPanel\crtlib32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-02 21:51
ComboFix-quarantined-files.txt 2009-07-02 19:51
ComboFix2.txt 2009-06-05 18:53

Pre-Run: 27 403 894 784 bájt szabad
Post-Run: 27 380 715 520 bájt szabad

177 --- E O F --- 2009-06-12 04:48

igen,futasd de csak siman,nem cfscriptel,es a logjat ted ide,

most nem ott van hanem itt:
csinált egy mappát
C:\ComboFix
de ott csak annyi van benne amit átküldtem neked
futtassam újra?

a combofix logja nem komplet ,ted ide megegyszer az egesz logot c:combofix.txt,

c:\documents and settings\B.Gy”rgy\Application Data\webPanel\webPanel.exe
Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.18 2009.07.02 -
AhnLab-V3 5.0.0.2 2009.07.02 -
AntiVir 7.9.0.204 2009.07.02 -
Antiy-AVL 2.0.3.1 2009.07.02 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.02 -
BitDefender 7.2 2009.07.02 -
CAT-QuickHeal 10.00 2009.07.02 -
ClamAV 0.94.1 2009.07.02 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.02 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6593 2009.07.02 -
F-Prot 4.4.4.56 2009.07.01 -
F-Secure 8.0.14470.0 2009.07.02 -
Fortinet 3.117.0.0 2009.07.02 -
GData 19 2009.07.02 -
Ikarus T3.1.1.64.0 2009.07.02 -
Jiangmin 11.0.706 2009.07.02 -
K7AntiVirus 7.10.782 2009.07.02 -
Kaspersky 7.0.0.125 2009.07.02 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.02 -
Microsoft 1.4803 2009.07.02 -
NOD32 4210 2009.07.02 -
Norman 6.01.09 2009.07.02 -
nProtect 2009.1.8.0 2009.07.02 -
Panda 10.0.0.14 2009.07.02 -
PCTools 4.4.2.0 2009.07.02 -
Rising 21.36.34.00 2009.07.02 -
Sophos 4.43.0 2009.07.02 -
Sunbelt 3.2.1858.2 2009.07.01 -
Symantec 1.4.4.12 2009.07.02 -
TheHacker 6.3.4.3.359 2009.07.02 -
TrendMicro 8.950.0.1094 2009.07.02 -
VBA32 3.12.10.7 2009.07.02 -
ViRobot 2009.7.2.1816 2009.07.02 -
VirusBuster 4.6.5.0 2009.07.02 -
További információ
File size: 281143 bytes
MD5...: 7da93119f8a6f0c6fd3912ed682da28f
SHA1..: 559352e1061c690f64aa543ab5169ae9bb3e2b7e
SHA256: 442398e3e3545ec9aa0c8a4d34e0089fcc3113bc37cd4aaf53da1e502bbf6525
ssdeep: 6144:SKd8859f/f+EG0GG5H5/ninSfdepR4icsaQWc/22/Kqf:SKXrV4r4ic8Wc/
r
PEiD..: -
TrID..: File type identification
-
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x20540
timedatestamp.....: 0x49f9e31d (Thu Apr 30 17:42:53 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f62c 0x1f800 6.15 9b5a213c9567568f4e46ff2c015262b8
.rdata 0x21000 0x2dac 0x2e00 7.29 66618c430fb872057303db236fc583f9
.data 0x24000 0x34210 0x2200 5.77 eef668d126c670e4358bb16cdf0da15d
.rsrc 0x59000 0x1fc30 0x1fe00 6.27 304a1c6cef87dd7bc90ff07b71278f4d

( 8 imports )
> KERNEL32.dll: LoadResource, FindResourceA, LoadLibraryExA, GetSystemInfo, GetCurrentProcess, GetVersionExA, InterlockedIncrement, InterlockedDecrement, MultiByteToWideChar, LoadLibraryA, lstrcpyA, GetModuleFileNameA, CreateThread, CreateEventA, WaitForMultipleObjectsEx, ResetEvent, SetEvent, WaitForSingleObject, WaitForMultipleObjects, FindClose, FindFirstFileA, GetFileSize, GetTickCount, ReadFile, FindNextFileA, lstrcatA, GetCurrentDirectoryA, LockResource, SystemTimeToFileTime, SetEndOfFile, CreateDirectoryA, Sleep, CreateProcessA, OpenEventA, GetCurrentThreadId, GetCurrentProcessId, RemoveDirectoryA, MoveFileA, MoveFileExA, HeapFree, SetLastError, HeapAlloc, GetProcessHeap, IsBadWritePtr, VirtualProtect, VirtualQuery, lstrcmpiA, SetUnhandledExceptionFilter, GetCommandLineA, DuplicateHandle, TerminateThread, GetCurrentThread, TerminateProcess, ExitProcess, SizeofResource, FreeLibrary, GetModuleHandleA, GetProcAddress, GetSystemDirectoryA, lstrlenA, EnterCriticalSection, CreateFileA, LeaveCriticalSection, GetLastError, SetFilePointer, GetLocalTime, WriteFile, CloseHandle, DeleteCriticalSection, DeleteFileA, lstrcmpA, InitializeCriticalSection, GetStartupInfoA
> USER32.dll: BeginPaint, ScreenToClient, GetWindowRect, GetDlgItem, GetDesktopWindow, MoveWindow, GetParent, EnumWindows, GetClassNameA, SetActiveWindow, SystemParametersInfoA, IsWindow, LoadCursorA, LoadImageA, GetSystemMetrics, RegisterWindowMessageA, IsDialogMessageA, GetForegroundWindow, DestroyIcon, PostQuitMessage, TrackPopupMenuEx, GetCursorPos, AppendMenuA, CreatePopupMenu, DestroyMenu, SetTimer, GetDoubleClickTime, EndPaint, SetParent, PtInRect, SetFocus, GetSysColor, GetSysColorBrush, AdjustWindowRectEx, DialogBoxParamA, EndDialog, SendDlgItemMessageA, EnableWindow, DestroyWindow, PostMessageA, SetForegroundWindow, CreateDialogParamA, ShowWindow, SetWindowPos, MsgWaitForMultipleObjectsEx, PeekMessageA, GetMessageA, TranslateMessage, DispatchMessageA, MessageBoxA, GetWindowLongA, DefWindowProcA, RegisterClassA, SetWindowLongA, CreateWindowExA, SendMessageA, FillRect, GetClientRect, DrawTextA, ReleaseDC, KillTimer, InvalidateRect, GetDC
> GDI32.dll: DeleteObject, SetBkColor, SetTextColor, CreateSolidBrush, DeleteDC, CreateCompatibleBitmap, BitBlt, StretchBlt, SetBrushOrgEx, SetStretchBltMode, GetStockObject, CreateFontIndirectA, CreateCompatibleDC, CreateFontA, SelectObject
> COMCTL32.dll: -
> SHELL32.dll: SHGetPathFromIDListA, Shell_NotifyIconA
> ole32.dll: CoInitialize, OleUninitialize, OleInitialize, CoCreateInstance, CoTaskMemFree, CoUninitialize
> WS2_32.dll: -, -, WSACloseEvent, -, -, WSAGetOverlappedResult, WSAResetEvent, -, -, WSAEnumNetworkEvents, -, WSAEventSelect, -, -, -, WSASocketA, WSACreateEvent, -, WSARecv, WSASend
> OLEAUT32.dll: -, -, -

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
c:\documents and settings\B.György\Application Data\webPanel\ieObserver32.dll
Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.18 2009.07.02 -
AhnLab-V3 5.0.0.2 2009.07.02 -
AntiVir 7.9.0.204 2009.07.02 -
Antiy-AVL 2.0.3.1 2009.07.02 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.02 -
BitDefender 7.2 2009.07.02 -
CAT-QuickHeal 10.00 2009.07.02 -
ClamAV 0.94.1 2009.07.02 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.02 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6593 2009.07.02 -
F-Prot 4.4.4.56 2009.07.01 -
F-Secure 8.0.14470.0 2009.07.02 -
Fortinet 3.117.0.0 2009.07.02 -
GData 19 2009.07.02 -
Ikarus T3.1.1.64.0 2009.07.02 -
Jiangmin 11.0.706 2009.07.02 -
K7AntiVirus 7.10.782 2009.07.02 -
Kaspersky 7.0.0.125 2009.07.02 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.02 -
Microsoft 1.4803 2009.07.02 -
NOD32 4210 2009.07.02 -
Norman 6.01.09 2009.07.02 -
nProtect 2009.1.8.0 2009.07.02 -
Panda 10.0.0.14 2009.07.02 -
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.02 -
Rising 21.36.34.00 2009.07.02 -
Sophos 4.43.0 2009.07.02 -
Sunbelt 3.2.1858.2 2009.07.01 -
Symantec 1.4.4.12 2009.07.02 -
TheHacker 6.3.4.3.359 2009.07.02 -
TrendMicro 8.950.0.1094 2009.07.02 -
VBA32 3.12.10.7 2009.07.02 -
ViRobot 2009.7.2.1816 2009.07.02 -
VirusBuster 4.6.5.0 2009.07.02 -
További információ
File size: 36928 bytes
MD5...: 07d63639572bb158cf0b7a7e8e52bf34
SHA1..: de863bae29ac34b118d470175767ef8faaad537e
SHA256: ff45814e5276e085cde5dcf73b7fe55723f81d7d4313db197d116d3a56d4c169
ssdeep: 768:VhVE8Xv85rIhsCazyN+aQNcFD36fgPphS/0n6:XVJ/85zCFZL6fE3S/06
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7ca0
timedatestamp.....: 0x49f9e2e7 (Thu Apr 30 17:41:59 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6e2c 0x7000 6.02 dd646ff9b7093f57702a5080747f9f63
.rdata 0x8000 0x91f 0xa00 5.00 20cbd1e3f5baa19194fe10c5ceeddebb
.data 0x9000 0x13c4 0x600 4.59 873dab5ce1ed06bccd2df884e6f918e9
.shared 0xb000 0x8 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0xc000 0xa8 0x200 0.91 a1c1f4ed37ccffdbc841cd128b3c1004
.reloc 0xd000 0x7fc 0x800 6.70 ac41e7a87ae2d196b1be4986b3cc740e

( 4 imports )
> KERNEL32.dll: LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, DeleteCriticalSection, FreeLibrary, GetProcAddress, LoadLibraryA, lstrcpyA, GetModuleFileNameA, GetModuleHandleA, WaitForSingleObject, ReleaseMutex, GetCurrentThreadId, GetLastError, GetCurrentProcessId, lstrlenA, lstrcmpiA, SetLastError, DisableThreadLibraryCalls, lstrcmpA, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, CloseHandle, SetEvent, OpenEventA, CreateThread, CreateEventA, WaitForMultipleObjects, Sleep, GetSystemInfo, ExitProcess
> USER32.dll: IsWindowVisible, GetWindowPlacement, PostMessageA, GetPropA, GetClassNameA, KillTimer, SetTimer, SetPropA, EnumChildWindows, GetParent, RemovePropA, GetForegroundWindow, SetWindowsHookExA, EnumWindows, RegisterWindowMessageA, DestroyWindow, DispatchMessageA, TranslateMessage, GetMessageA, PeekMessageA, MsgWaitForMultipleObjectsEx, CreateWindowExA, RegisterClassA, DefWindowProcA, CallNextHookEx, IsWindow, GetWindowThreadProcessId, UnhookWindowsHookEx
> ole32.dll: OleUninitialize, CoCreateInstance, OleInitialize
> OLEAUT32.dll: -

( 2 exports )
CBTProc, MouseProc
PDFiD.: -
RDS...: NSRL Reference Data Set
-
c:\documents and settings\B.György\Application Data\webPanel\crtlib32.dll
Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.5.0.18 2009.07.02 -
AhnLab-V3 5.0.0.2 2009.07.02 -
AntiVir 7.9.0.204 2009.07.02 -
Antiy-AVL 2.0.3.1 2009.07.02 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.02 -
BitDefender 7.2 2009.07.02 -
CAT-QuickHeal 10.00 2009.07.02 -
ClamAV 0.94.1 2009.07.02 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.02 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6593 2009.07.02 -
F-Prot 4.4.4.56 2009.07.01 -
F-Secure 8.0.14470.0 2009.07.02 -
Fortinet 3.117.0.0 2009.07.02 -
GData 19 2009.07.02 -
Ikarus T3.1.1.64.0 2009.07.02 -
Jiangmin 11.0.706 2009.07.02 -
K7AntiVirus 7.10.782 2009.07.02 -
Kaspersky 7.0.0.125 2009.07.02 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.02 -
Microsoft 1.4803 2009.07.02 -
NOD32 4210 2009.07.02 -
Norman 6.01.09 2009.07.02 -
nProtect 2009.1.8.0 2009.07.02 -
Panda 10.0.0.14 2009.07.02 -
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.02 -
Rising 21.36.34.00 2009.07.02 -
Sophos 4.43.0 2009.07.02 -
Sunbelt 3.2.1858.2 2009.07.01 -
Symantec 1.4.4.12 2009.07.02 -
TheHacker 6.3.4.3.359 2009.07.02 -
TrendMicro 8.950.0.1094 2009.07.02 -
VBA32 3.12.10.7 2009.07.02 -
ViRobot 2009.7.2.1816 2009.07.02 -
VirusBuster 4.6.5.0 2009.07.02 -
További információ
File size: 28732 bytes
MD5...: 0f196108e62f6795dd0da5559216f023
SHA1..: f31e27f86d671efa3440c1dab83d2a6ac6e86bd6
SHA256: 7e3b8e0b8fa00f3f9cd652ca84cc751a1e8d78785a93e627e8bce7c53c7b21eb
ssdeep: 384:fobvoLC6xB30TFZ8mYYzJqe/FgIMe4sxCQs:A7ihiQvNsvs
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2190
timedatestamp.....: 0x49ca915b (Wed Mar 25 20:17:31 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2336 0x3000 5.30 c62a45ce7d83feff661c2dbbf121f02f
.rdata 0x4000 0x704 0x1000 2.72 3cf32eeb61e89fa7a11dbc6bbe106202
.data 0x5000 0x6c 0x1000 0.13 bf7b9236ac654d9f1415e34f9a2ad549
.reloc 0x6000 0x212 0x1000 1.28 4a35b32db5385bce91db7ead7ac0557f

( 2 imports )
> KERNEL32.dll: lstrcpyA, lstrlenA, GetCommandLineA, DisableThreadLibraryCalls, GetSystemInfo, ExitProcess, InitializeCriticalSection, GetCurrentProcessId, CloseHandle, MapViewOfFile, GetLastError, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ReadConsoleA, SetConsoleMode, GetConsoleMode, GetStdHandle, HeapCompact, GetProcessHeap, HeapCreate, HeapDestroy, HeapAlloc, HeapSize, HeapValidate, HeapReAlloc, HeapFree, WriteFile, CompareStringA
> USER32.dll: CharToOemBuffA

( 30 exports )
CopyMemory, FillMemory, MoveMemory, ZeroMemory, __vsnprintf, _atof, _atoi, _crtlib_init, _doexit, _getch, _init_args, _mem_crash_init, _term_args, crtlib_set_module_type, crtlib_str_trunc, crtlib_strchr, crtlib_strcpy, crtlib_stricmp, crtlib_strlen, crtlib_strncmp, crtlib_strnicmp, crtlib_strstr, mem_alloc, mem_alloc_zero, mem_compact, mem_free, mem_realloc, mem_realloc_zero, oem_printf, snprintf
PDFiD.: -
RDS...: NSRL Reference Data Set
-


ComboFix 09-07-01.04 - B.György 009.07.02. 21:02:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.511.135 [GMT 2:00]
Running from: C:\Documents and Settings\B.György\Asztal\ComboFix.exe
Command switches used :: C:\Documents and Settings\B.György\Asztal\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\5aebf6.msi
C:\WINDOWS\system32\dcdecdec7_s.dll
C:\WINDOWS\system32\mlfcache.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 16:44:51 . 2009-07-02 16:45:22 0 d-----w- C:\rsit
2009-06-29 18:39:31 . 2009-06-29 18:39:31 0 d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-06-27 06:30:28 . 2009-06-27 06:30:28 0 d-----w- C:\Program Files\loogoos
2009-06-20 11:58:18 . 2009-06-20 12:16:14 0 d-----w- C:\Program Files\jv16 PowerTools 2006
2009-06-15 11:35:20 . 2009-06-15 11:35:20 0 d-----w- C:\Program Files\Common Files\NSV
2009-06-13 09:22:32 . 2009-06-13 09:22:32 0 d-----w- C:\Program Files\SCi Games
2009-06-12 04:35:39 . 2009-04-30 21:17:39 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2009-06-12 04:35:38 . 2009-04-30 21:17:27 246272 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2009-06-07 13:31:14 . 2008-12-04 19:42:56 815104 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2009-06-07 13:31:13 . 2009-06-07 13:31:14 0 d-----w- C:\Program Files\Xvid
2009-06-07 13:31:13 . 2008-12-04 19:46:08 180224 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2009-06-07 13:30:55 . 2009-06-07 13:31:00 0 d-----w- C:\Program Files\WMV9_VCM
2009-06-07 13:30:26 . 2009-06-07 13:30:34 0 d-----w- C:\Program Files\Real Alternative
2009-06-07 13:28:28 . 2009-06-07 13:28:28 0 d-----w- C:\Program Files\illiminable
2009-06-07 13:27:16 . 2000-06-23 12:05:44 136704 ----a-w- C:\WINDOWS\system32\iacenc.dll
2009-06-07 13:27:16 . 2000-06-22 11:09:24 56320 ------w- C:\WINDOWS\system32\iyvu9_32.dll
2009-06-07 13:27:14 . 2009-06-07 13:27:14 0 d-----w- C:\Program Files\Ligos
2009-06-07 13:23:57 . 2009-06-07 13:24:36 0 d-----w- C:\Program Files\AC3Filter
2009-06-07 13:22:06 . 2009-06-07 13:22:15 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-06-07 13:22:05 . 2009-06-07 13:23:00 0 d-----w- C:\Program Files\DivX
2009-06-06 18:41:29 . 2009-06-06 18:41:30 721904 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2009-06-05 15:10:56 . 2009-06-06 18:59:08 0 d-----w- C:\Program Files\DAEMON Tools Lite
2009-06-05 13:47:40 . 2009-06-05 13:47:49 0 d-----w- C:\Program Files\Glary Utilities
2009-06-05 12:11:33 . 2009-06-20 01:24:38 3561743 ----a-w- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-05 12:08:17 . 2009-06-17 09:27:44 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-06-05 12:08:09 . 2009-06-17 09:27:56 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-06-05 12:08:00 . 2009-06-05 12:08:00 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-05 12:07:55 . 2009-06-20 01:35:12 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 18:14:05 . 2007-12-26 12:17:42 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-02 13:06:45 . 2009-04-13 16:56:44 0 d-----w- C:\Program Files\valve
2009-07-02 07:50:43 . 2008-10-12 18:38:41 0 d-----w- C:\Program Files\WinClamAVShield
2009-07-01 20:43:07 . 2007-08-18 09:29:58 0 d-----w- C:\Program Files\Disk Washer
2009-06-28 21:14:14 . 2007-11-11 11:06:55 0 d-----w- C:\Program Files\EPSON
2009-06-28 17:42:39 . 2008-10-12 18:15:02 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-06-28 17:42:27 . 2008-10-12 18:14:57 0 d-----w- C:\Program Files\Spyware Terminator
2009-06-17 22:29:46 . 2009-01-21 21:00:31 0 d-----w- C:\Program Files\QuickTime
2009-06-17 22:29:46 . 2008-07-28 06:51:20 0 d-----w- C:\Program Files\Macromedia
2009-06-13 09:22:31 . 2007-12-23 14:03:42 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-05 09:50:52 . 2007-08-17 12:28:12 0 d-----w- C:\Program Files\Java
2009-06-01 11:21:42 . 2008-12-11 08:20:05 0 d-----w- C:\Program Files\Winamp
2009-05-28 09:12:34 . 2009-05-28 09:12:34 94360 ----a-w- C:\WINDOWS\system32\drivers\epfwtdir.sys
2009-05-28 09:12:06 . 2009-05-28 09:12:06 107256 ----a-w- C:\WINDOWS\system32\drivers\ehdrv.sys
2009-05-28 09:10:44 . 2009-05-28 09:10:44 114472 ----a-w- C:\WINDOWS\system32\drivers\eamon.sys
2009-05-13 05:06:08 . 2007-01-04 12:58:01 915456 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-05-07 15:34:15 . 2004-08-18 11:00:00 348160 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-05-01 21:02:28 . 2009-05-01 21:02:28 90112 ----a-w- C:\WINDOWS\system32\dpl100.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 823296 ----a-w- C:\WINDOWS\system32\divx_xx0c.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 823296 ----a-w- C:\WINDOWS\system32\divx_xx07.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 815104 ----a-w- C:\WINDOWS\system32\divx_xx0a.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 811008 ----a-w- C:\WINDOWS\system32\divx_xx16.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 802816 ----a-w- C:\WINDOWS\system32\divx_xx11.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 685056 ----a-w- C:\WINDOWS\system32\DivX.dll
2009-05-01 18:30:36 . 2009-05-01 18:30:36 3366912 ----a-w- C:\WINDOWS\system32\GPhotos.scr
2009-04-26 10:44:56 . 2009-04-26 10:44:56 262144 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2009-04-26 10:44:56 . 2009-04-26 10:44:55 86016 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2009-04-19 19:51:40 . 2007-03-01 12:03:45 1847168 ----a-w- C:\WINDOWS\system32\win32k.sys
2009-04-16 09:11:30 . 2004-08-18 11:00:00 57716 ----a-w- C:\WINDOWS\system32\perfc00E.dat
2009-04-16 09:11:30 . 2004-08-18 11:00:00 303356 ----a-w- C:\WINDOWS\system32\perfh00E.dat
2009-04-15 14:55:01 . 2004-08-18 11:00:00 585216 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
.

spybot-ot letöröltem
spyterminátor pajzsát lekapcsoltam

igen a spybot mar elavult es nemfuthat 2,3-antispyware program a gepen csak 1-ha hagyod a terminatort szinten kikel kapcsolnod a virus pajzat,mert verekszik a virusirto programa,csinal fagyasokat,meg mindenfele mas dolgot,,
Letesztelni a Virustotalon ezeket amit ide irok,a linket a tesztrol ted majd ide,
c:\documents and settings\B.Gy”rgy\Application Data\webPanel\webPanel.exe
c:\documents and settings\B.György\Application Data\webPanel\ieObserver32.dll
c:\documents and settings\B.György\Application Data\webPanel\crtlib32.dll
VIRUSTOTALu
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros[zold] textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide

szia
a spyterminátor jobb mint a spybot?
tessék a combofix:
ComboFix 09-06-05.02 - B.György 009.06.05. 20:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.511.149 [GMT 2:00]
Running from: c:\documents and settings\B.György\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 15:13 . 2009-06-05 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-05 15:12 . 2009-06-05 15:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-05 15:10 . 2009-06-05 15:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-05 13:48 . 2009-06-05 13:48 -------- d-----w- c:\program files\AskBarDis
2009-06-05 13:47 . 2009-06-05 13:47 -------- d-----w- c:\program files\Glary Utilities
2009-06-05 12:11 . 2009-06-05 12:11 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-05 12:08 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 12:08 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 12:08 . 2009-06-05 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 12:07 . 2009-06-05 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 18:58 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-28 17:38 . 2009-05-28 17:38 -------- d-----w- c:\windows\ie8updates
2009-05-28 17:38 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-28 17:35 . 2009-05-28 17:36 -------- dc-h--w- c:\windows\ie8
2009-05-21 14:10 . 2009-05-21 14:40 -------- d-----w- C:\Sims 2 Gigapack
2009-05-19 12:05 . 2009-05-19 12:05 20312 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-19 10:06 . 2009-05-19 10:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-10 17:16 . 2009-05-10 17:16 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 14:25 . 2007-08-18 09:29 -------- d-----w- c:\program files\Disk Washer
2009-06-05 09:50 . 2007-08-17 12:28 -------- d-----w- c:\program files\Java
2009-06-01 11:21 . 2008-12-11 08:20 -------- d-----w- c:\program files\Winamp
2009-05-29 04:20 . 2007-12-26 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-29 04:12 . 2008-10-12 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-05-29 04:12 . 2008-10-12 18:14 -------- d-----w- c:\program files\Spyware Terminator
2009-05-28 21:25 . 2008-10-12 18:38 -------- d-----w- c:\program files\WinClamAVShield
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-26 10:44 . 2009-04-26 10:44 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-26 10:44 . 2009-04-26 10:44 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-26 10:39 . 2009-04-26 10:39 -------- d-----w- c:\program files\Futuremark
2009-04-26 10:39 . 2007-12-23 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-18 19:16 . 2009-04-18 19:15 -------- d-----w- c:\program files\Google
2009-04-16 09:11 . 2004-08-18 11:00 57716 ----a-w- c:\windows\system32\perfc00E.dat
2009-04-16 09:11 . 2004-08-18 11:00 303356 ----a-w- c:\windows\system32\perfh00E.dat
2009-04-13 17:48 . 2009-04-13 16:56 -------- d-----w- c:\program files\valve
2009-04-12 11:46 . 2008-07-28 06:52 -------- d-----w- c:\program files\Common Files\Macromedia
2009-04-12 11:46 . 2008-07-28 06:51 -------- d-----w- c:\program files\Macromedia
2009-03-09 03:19 . 2008-11-26 07:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2007-01-04 12:58 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-18 11:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-18 11:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-18 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-18 11:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-18 11:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-18 11:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-18 11:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-18 11:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-18 11:00 156160 ----a-w- c:\windows\system32\msls31.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-30 21738792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-06-02 102912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-22 90112]

c:\documents and settings\B.Gy”rgy\Start Menu\Programs\Indˇt˘pult\
webPanel.lnk - c:\documents and settings\B.Gy”rgy\Application Data\webPanel\webPanel.exe [2008-11-9 281143]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Belkin Wireless USB Utility.lnk]
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"e:\\letöltés\\programok\\letöltö progi\\utorrent.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\dc\\sdc221_src\\StrongDC.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Program Files\\EA GAMES\\MOHAA\\MOHAA_server.exe"=
"e:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program1\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008.07.01. 9:04 34312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008.10.12. 20:15 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008.07.01. 9:02 468224]
S3 EPPSCSIx;Agfa EPPSCSI Driver;c:\windows\system32\DRIVERS\EPPSCAN.sys --> c:\windows\system32\DRIVERS\EPPSCAN.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-05 09:39]

2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{BC4BC43E-CB99-4253-BD13-C9EE21E7E8F9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\B.György\Application Data\Mozilla\Firefox\Profiles\h0yn9yid.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox? ... u:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\B.György\Application Data\webPanel\component_v2\mozillaObserver2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 20:51
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1767777339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BAA4B7E-A955-2BC3-B8BA-CB78FECAB8E9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abljbkpfkamjahmcbieidphcblekladnme"=hex:61,62,6a,6f,6f,65,67,63,6b,6d,65,6d,
70,64,64,6b,6f,65,63,68,62,70,62,70,6c,69,6e,65,69,64,6a,61,6f,6f,00,77
"bbljbkpfkamjahmcbihigmbenhggmneipknh"=hex:61,62,65,6e,6d,69,6e,6a,6a,6d,64,66,
68,6a,66,6b,6b,64,68,65,68,6e,6c,69,70,66,62,65,62,6a,67,6f,64,61,00,77
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2328)
c:\documents and settings\B.György\Application Data\webPanel\ieObserver32.dll
c:\documents and settings\B.György\Application Data\webPanel\crtlib32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-06-05 20:53
ComboFix-quarantined-files.txt 2009-06-05 18:53

Pre-Run: 29 033 742 336 bájt szabad
Post-Run: 29 017 567 232 bájt szabad

167 --- E O F --- 2009-05-13 13:55

szed le a geprol C:\Program Files\Spybot - Search & Destroy
ot van a terminator,
futasd le ezt a programot-restart-
http://go.microsoft.com/?linkid=9668866
latom hogy futatad a combofixet,ted ide a logjat,

info.txt logfile of random's system information tool 1.06 2009-07-02 18:45:22

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
AC3Filter 1.61b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Ant-Mahjongg v1.2-->"C:\Program Files\Ant-Mahjongg v1.2\Uninstal.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Belkin Wireless USB Utility-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A6359CCF-215D-43D9-8366-479D231F2A72}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CheatCodeX-->C:\Program Files\CheatCodeX\Uninstall.exe "C:\Program Files\CheatCodeX\install.log"
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Conflict Desert Storm II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}\Setup.exe" -l0x9
Disk Washer-->"C:\Program Files\Disk Washer\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
Dungeon Keeper Gold-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL1.isu
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVEREST Ultimate Edition v2.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ffdshow (remove only)-->"C:\Program Files\K-Lite Codec Pack\ffdshow\uninstall.exe"
ffdshow [rev 1821] [2008-01-27]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
GameSpy Arcade-->E:\PROGRA~1\GAMESP~1\UNWISE.EXE E:\PROGRA~1\GAMESP~1\INSTALL.LOG
Glary Utilities 2.13.0.689-->"C:\Program Files\Glary Utilities\unins000.exe"
Harciszekerek-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7540BD1D-924A-4BF1-A8BA-B7041C4A69F9}
HijackThis 2.0.2-->"C:\Documents and Settings\B.György\Asztal\hijackthis\HijackThis.exe" /uninstall
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lineage II-->C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040E-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
oggcodecs 0.69.8924-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 2.2-->MsiExec.exe /I{09286554-D7EF-49F7-ADF4-77C8504A4774}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Settlers II Hu-->C:\WINDOWS\uninst.exe -f"C:\Program Files\loogoos\Settlers II Hu\DeIsL1.isu" -c"C:\Program Files\loogoos\Settlers II Hu\_ISREG32.DLL"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Stronghold Crusader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0xe
Teszt_gyakorlas-->C:\WINDOWS\uninst.exe -f"C:\Program Files\KRESZ\Teszt_gyakorlas\DeIsL1.isu" -c"C:\Program Files\KRESZ\Teszt_gyakorlas\_ISREG32.DLL"
Tesztlap-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Autosiskola\Tesztlap\DeIsL1.isu" -c"C:\Program Files\Autosiskola\Tesztlap\_ISREG32.DLL"
Theme Hospital-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB938127-v2-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB958215-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB960714-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB963027-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 frissítés - KB971180-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{01EE13C7-04FC-4A46-B4C9-AFD43C0DDB5F}
Windows Media Player Biztonsági frissítés (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923561-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-v2-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB946648-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950762-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950974-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951066-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-v2-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951698-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951748-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952004-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952954-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954211-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954459-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954600-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB955069-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956391-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956572-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956802-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956803-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956841-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957095-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957097-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958215-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958644-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958687-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958690-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB959426-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960225-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960714-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960715-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960803-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961373-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961501-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB968537-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB969898-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB970238-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP frissítés - KB951978-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP frissítés - KB955839-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP frissítés - KB967715-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB952287-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe
XnView 1.96-->"C:\Program Files\XnView\unins000.exe"
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

195.184.181.216 l2authd.lineage2.com 127.0.0.1
216.107.250.194 nprotect.lineage2.com
127.0.0.1 webbrowser.tv
127.0.0.1 www.webbrowser.tv
127.0.0.1 urawa.cool.ne.jp
127.0.0.1 by.ru
127.0.0.1 www.by.ru
127.0.0.1 f*ckdenniss.com
127.0.0.1 f*cknicepics.com
127.0.0.1 free-f*cking-video.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: PITON
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Szervizcsomag 3 Uniprocessor Free.

Record Number: 21488
Source Name: EventLog
Time Written: 20090505203516.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 6006
Message: Az Eseménynapló szolgáltatás leállt.

Record Number: 21487
Source Name: EventLog
Time Written: 20090505070747.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 7036
Message: A(z) Ati HotKey Poller szolgáltatás állapota: "leállítva".

Record Number: 21486
Source Name: Service Control Manager
Time Written: 20090505070729.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 7036
Message: A(z) Messenger megosztási mappák – USN-naplóolvasó szolgáltatás szolgáltatás állapota: "fut".

Record Number: 21485
Source Name: Service Control Manager
Time Written: 20090505063503.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 7035
Message: A(z) Messenger megosztási mappák – USN-naplóolvasó szolgáltatás szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 21484
Source Name: Service Control Manager
Time Written: 20090505063500.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: PITON
Event Code: 1003
Message:
Record Number: 6544
Source Name: WgaSetup
Time Written: 20090416124027.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 1005
Message:
Record Number: 6543
Source Name: WgaSetup
Time Written: 20090416124026.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 1000
Message: A(z) WmiApRpl szolgáltatás (WmiApRpl) teljesítményszámlálóinak betöltése sikeresen
befejeződött. Az új indexértékeket tartalmazó rekordadat hozzá lett rendelve
a szolgáltatáshoz.

Record Number: 6542
Source Name: LoadPerf
Time Written: 20090416111130.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 1001
Message: A(z) WmiApRpl szolgáltatás (WmiApRpl) teljesítményszámlálóinak eltávolítása sikeresen
befejeződött. A rekordadat tartalmazza a rendszer utolsó számlálójához és az
utolsó súgóhoz tartozó rendszerleíró bejegyzés értékeit.

Record Number: 6541
Source Name: LoadPerf
Time Written: 20090416111129.000000+120
Event Type: információ
User:

Computer Name: PITON
Event Code: 302
Message: MsnMsgr (1848) \\.\C:\Documents and Settings\B.György\Local Settings\Application Data\Microsoft\Messenger\piton.hu@vipmail.hu\SharingMetadata\Working\database_FC60_8BC3_608B_835E\dfsr.db: Az adatbázismotor sikeresen befejezte a helyreállítás lépéseit.

Record Number: 6540
Source Name: ESENT
Time Written: 20090416110932.000000+120
Event Type: információ
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by B.György at 2009-07-02 18:44:51
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 26 GB (52%) free of 50 GB
Total RAM: 511 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:17, on 2009.07.02.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\B.György\Application Data\webPanel\webPanel.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\B.György\Asztal\RSIT.exe
C:\Documents and Settings\B.György\Asztal\hijackthis\B.György.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O1 - Hosts: 195.184.181.216 l2authd.lineage2.com 127.0.0.1
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: webPanel.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4016499671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3531279625
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5219 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BC4BC43E-CB99-4253-BD13-C9EE21E7E8F9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - E:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-28 2029640]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-10-12 1783808]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Belkin Wireless USB Utility.lnk]
C:\PROGRA~1\Belkin\USBF5D~1\WIRELE~1\BELKIN~1.EXE [2005-10-28 1404928]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\B.György\Start Menu\Programs\Indítópult
webPanel.lnk - C:\Documents and Settings\B.György\Application Data\webPanel\webPanel.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-15 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="E:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"E:\letöltés\programok\letöltö progi\utorrent.exe"="E:\letöltés\programok\letöltö progi\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC alkalmazásmegosztás"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\dc\sdc221_src\StrongDC.exe"="E:\dc\sdc221_src\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\Program Files\GameSpy Arcade\Aphex.exe"="E:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\Program Files\EA GAMES\MOHAA\MOHAA_server.exe"="E:\Program Files\EA GAMES\MOHAA\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"E:\Sierra\Empire Earth\Empire Earth.exe"="E:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\valve\hl.exe"="C:\Program Files\valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program1\EA GAMES\Command and Conquer Generals\game.dat"="C:\Program1\EA GAMES\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-02 18:44:51 ----D---- C:\rsit
2009-07-02 14:54:12 ----A---- C:\avenger.txt
2009-06-29 20:39:31 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-06-27 08:30:28 ----D---- C:\Program Files\loogoos
2009-06-27 08:16:27 ----D---- C:\Documents and Settings\B.György\Application Data\Free Download Manager
2009-06-20 13:58:44 ----ASH---- C:\WINDOWS\system32\dcdecdec7_s.dll
2009-06-20 13:58:18 ----D---- C:\Program Files\jv16 PowerTools 2006
2009-06-15 13:35:20 ----D---- C:\Program Files\Common Files\NSV
2009-06-13 11:22:32 ----D---- C:\Program Files\SCi Games
2009-06-12 06:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 06:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 06:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 06:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-07 16:01:07 ----D---- C:\Documents and Settings\B.György\Application Data\DivX
2009-06-07 15:31:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-06-07 15:31:13 ----D---- C:\Program Files\Xvid
2009-06-07 15:31:13 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-06-07 15:30:55 ----D---- C:\Program Files\WMV9_VCM
2009-06-07 15:30:29 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-07 15:30:29 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-07 15:30:29 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-07 15:30:29 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-07 15:30:26 ----D---- C:\Program Files\Real Alternative
2009-06-07 15:30:26 ----D---- C:\Documents and Settings\B.György\Application Data\Real
2009-06-07 15:28:28 ----D---- C:\Program Files\illiminable
2009-06-07 15:27:16 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-06-07 15:27:16 ----A---- C:\WINDOWS\system32\iacenc.dll
2009-06-07 15:27:14 ----D---- C:\Program Files\Ligos
2009-06-07 15:23:57 ----D---- C:\Program Files\AC3Filter
2009-06-07 15:22:06 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-07 15:22:05 ----D---- C:\Program Files\DivX
2009-06-05 20:58:06 ----SHD---- C:\RECYCLER
2009-06-05 20:53:28 ----A---- C:\ComboFix.txt
2009-06-05 20:47:12 ----SD---- C:\ComboFix
2009-06-05 20:30:21 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-05 20:30:19 ----A---- C:\WINDOWS\SWREG.exe
2009-06-05 20:30:19 ----A---- C:\WINDOWS\PEV.exe
2009-06-05 20:30:18 ----A---- C:\WINDOWS\zip.exe
2009-06-05 20:30:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-05 20:30:18 ----A---- C:\WINDOWS\SWSC.exe
2009-06-05 20:30:18 ----A---- C:\WINDOWS\sed.exe
2009-06-05 20:30:18 ----A---- C:\WINDOWS\grep.exe
2009-06-05 20:30:08 ----D---- C:\WINDOWS\ERDNT
2009-06-05 20:29:38 ----AD---- C:\Qoobox
2009-06-05 17:10:56 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-05 17:06:59 ----D---- C:\Documents and Settings\B.György\Application Data\DAEMON Tools Lite
2009-06-05 16:17:47 ----D---- C:\Documents and Settings\B.György\Application Data\GlarySoft
2009-06-05 15:47:40 ----D---- C:\Program Files\Glary Utilities
2009-06-05 14:09:02 ----D---- C:\Documents and Settings\B.György\Application Data\Malwarebytes
2009-06-05 14:08:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-05 14:07:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-05 11:51:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-05 11:51:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-05 11:51:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-07-02 18:44:56 ----D---- C:\WINDOWS\Prefetch
2009-07-02 18:44:42 ----D---- C:\WINDOWS\Temp
2009-07-02 15:07:33 ----SD---- C:\Documents and Settings\B.György\Application Data\Microsoft
2009-07-02 15:06:45 ----D---- C:\Program Files\valve
2009-07-02 15:03:22 ----SHD---- C:\WINDOWS\Installer
2009-07-02 15:00:38 ----D---- C:\Program Files\Mozilla Firefox
2009-07-02 14:58:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-02 14:58:34 ----D---- C:\WINDOWS
2009-07-02 13:21:17 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-02 10:54:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-02 09:50:43 ----D---- C:\Program Files\WinClamAVShield
2009-07-02 08:17:36 ----D---- C:\Documents and Settings\B.György\Application Data\uTorrent
2009-07-01 22:43:07 ----D---- C:\Program Files\Disk Washer
2009-07-01 18:19:51 ----RD---- C:\Program Files
2009-06-28 23:14:14 ----D---- C:\Program Files\EPSON
2009-06-28 23:10:09 ----D---- C:\Documents and Settings\B.György\Application Data\Skype
2009-06-28 23:04:25 ----D---- C:\WINDOWS\Minidump
2009-06-28 23:04:25 ----D---- C:\WINDOWS\Debug
2009-06-28 19:42:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-06-28 19:42:27 ----D---- C:\Program Files\Spyware Terminator
2009-06-28 18:49:48 ----D---- C:\Documents and Settings\B.György\Application Data\Spyware Terminator
2009-06-28 16:52:55 ----D---- C:\WINDOWS\system32
2009-06-28 16:02:11 ----D---- C:\Documents and Settings\B.György\Application Data\skypePM
2009-06-27 12:38:31 ----A---- C:\WINDOWS\system.ini
2009-06-25 07:45:49 ----D---- C:\Documents and Settings\B.György\Application Data\OpenOffice.org2
2009-06-24 21:02:04 ----D---- C:\Documents and Settings\B.György\Application Data\Adobe
2009-06-24 21:01:57 ----D---- C:\Documents and Settings\B.György\Application Data\Macromedia
2009-06-24 21:01:45 ----D---- C:\WINDOWS\system32\Macromed
2009-06-20 03:25:00 ----D---- C:\WINDOWS\system32\drivers
2009-06-19 21:20:49 ----HD---- C:\WINDOWS\inf
2009-06-18 00:29:46 ----SHD---- C:\found.001
2009-06-18 00:29:46 ----D---- C:\Program Files\Windows Media Player
2009-06-18 00:29:46 ----D---- C:\Program Files\QuickTime
2009-06-18 00:29:46 ----D---- C:\Program Files\NetMeeting
2009-06-18 00:29:46 ----D---- C:\Program Files\Macromedia
2009-06-18 00:29:46 ----D---- C:\Documents and Settings
2009-06-15 13:35:20 ----AD---- C:\Program Files\Common Files
2009-06-13 11:22:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-12 06:48:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-12 06:47:59 ----D---- C:\Program Files\Internet Explorer
2009-06-12 06:47:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-09 09:08:10 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-07 16:38:28 ----D---- C:\Documents and Settings\B.György\Application Data\XnView
2009-06-07 15:27:16 ----D---- C:\WINDOWS\Help
2009-06-05 20:49:59 ----D---- C:\WINDOWS\AppPatch
2009-06-05 20:30:18 ----SHD---- C:\System Volume Information
2009-06-05 20:30:18 ----D---- C:\WINDOWS\system32\Restore
2009-06-05 17:15:07 ----D---- C:\Documents and Settings\B.György\Application Data\DAEMON Tools
2009-06-05 16:29:58 ----D---- C:\WINDOWS\system32\config
2009-06-05 15:47:53 ----SD---- C:\WINDOWS\Tasks
2009-06-05 11:50:52 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-28 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-28 94360]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-28 114472]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-15 1339392]
R3 hidusb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-01 12160]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-06-30 33664]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-06-30 12928]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB nyílt állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 avynknvy;avynknvy; C:\WINDOWS\system32\drivers\avynknvy.sys []
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EPPSCSIx;Agfa EPPSCSI Driver; C:\WINDOWS\System32\DRIVERS\EPPSCAN.sys []
S3 npkcrypt;npkcrypt; \??\E:\Program Files\Lineage II\system\npkcrypt.sys []
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-15 376832]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-12 570880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-07-28 68096]
S3 usnjsvc;Messenger megosztási mappák – USN-naplóolvasó szolgáltatás; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

ok
dorci
ezt a programot szed le,C:\Program Files\Prevx2
mast nemlatok,van e problem??

Hiába írod le ezerszer, aki nem olvassa a Fórumot, az csinál ilyen hülyeséget.
De hát az okos ember más kárán tanul. A másik (nem akarok durvábbat írni) még a sajátján sem.

Nem akarok beleugatni más dógába,de stell barátunk rongyosra tépi már az ujjait,mert nem győzi leírni,hogy NEM KELL TÖBB VÍRUSIRTÓ egy gépre mert csak egymást vágják nyakon.
Ha van fenn egy Comodo-abban van komplett védelem az ESET nem kell rá.
Ez egy mi:Windows Live\Family Safety\fsssvc.exe ?-attól is szabadulj meg,de hirtelen,hacsaknem dótkerítés a család egyéb tagjai ellen,nehogy a géphez férjenek.
A helyedben a messenger zónáktól is megszabadulnék,beleértve a Yahoo-t is.
Utána sokkal fürgébb lesz a masina,mintha RedBullal lenne nyakonöntve

Szia Stell! néznél egy logot hogy nincs e vírus vagy valami??

Logfile of HijackThis v1.99.1
Scan saved at 21:20, on 2009-06-29
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Prevx2\PXAgent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rendszergazda\Asztal\Új mappa\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (1. másolat)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P39 "EPSON Stylus DX3800 Series (1. másolat)" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Windows Live Messenger .lnk = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: Parancsikon - nod32kui .exe.lnk = C:\Program Files\ESET\nod32kui.exe
O4 - Global Startup: Windows asztali kereső.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Küldés blogba - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Küldés blogba a Windows Live Writer programmal - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: PREVXAgent - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)

Ez az !! Kösz a segítséget!

Mert az IE a Default (alapértelmezett) böngésző. Az FF-et kell azzá tenni.

Eszközök > Beállítások > Haladó > Általános fül > alul: Indításkor ellenőrzés... -hez pipa.

Megcsináltam mindent, eddig a jelek szerint minden rendben van.
Köszönöm a segítséget. Már csak egyetlen apró problémám van, igaz kicsit OFF de nem szeretnék ezért külön témát nyitni sehol és nem találmo ezt a beállítást sehol: Firefoxot használok, és ha Skype-on vagy msn-en kapok egy hivatkozást, akkor azt az IE-vel nyitja meg és nem a Firefox-al. Mit állítotam el és hol tudom visszaállítani?

Kösz előre is!

megis csak viszgald att es utana csereld le ugy ahogy irtam,tiszta geprol es jelszo valtoztatasal.

File-Zilla-t használok ftp kliensként

Az oldal tartalma megvan eredetiben a gépen,elvileg az tiszta átvizsgálás nélkül is.

weblap
,tegnap azonban újra jelentkezett a hiba
igen ez a legujabb hitt,ha az FTP-klieskent a TC-hasznalod akor lesz munkad,mivel feltortek a TC-sifrat,
FTP-klienst kell valtoztatnod,jelszo valtoztatas,
letolteni az oldalt egy tiszta gepre,vagy virtualis gepre,
a letoltot mapat at vizsgalni mindenel,WEBCUREIT,A te antivirusod,online skanner,AVAST,,,eventualisan,at vizsgalni a java scripteket s amit nemtetel oda mindent torolni,
ami fontos eztet tiszta gepen kell csinalnod mert ujra megfertozod az oldalt
Ha mar tiszta a letoltot oldal akor,leszedni a szerverol a fertozot oldalt ugy hogy ne mukodjon,,,es rogton feltoltod a tiszta atviszgald oldalt,,,jelszo valtosztatasal ,,


sok szerencset,

Ezen is túl vagyok, egyelőre semi gyanúsat nem tapasztaltam.

Ellenben mindjárt van egy másik problémám is:
Ismerősöm weblapját én szerkesztem és 3 nappal ezelőtt az oldal megnyitásakor trójai programot észlelt az Avast, konkrétan: *HTML:Iframe-inf* trójait észlelt.
A weblap átvizsgálásakor minden index nevű és és ilyen nevet tartalmazó html filet fertőzöttnek talált.
Egyelőre újra feltöltöttem az egész weblapot, minden oké is volt,tegnap azonban újra jelentkezett a hiba. Megismételtem a feltöltést, most is oké eddig minden.

Tudtok valami megoldást? Előre is köszönöm!

ok,leszedni a combofixet
start-futatas-masold be az ablakba combofix /u [ok]
kipucolni CCleaneral a gepet es ird le mi a helyzet a gepel,

Nem talált semmit.

a combofix logjaban van olyan hogy
------- Sigcheck -------
amej renszer fajlok it vanak teszteld le a virus totalon,ahol lesz talalat ted ide es pontosan azt is melyik fajlorol van szo,
VIRUSTOTALu

[quote=[/quote]

Megcsináltam amit irtál, itt az uj logfile, van még valami teendőm?

ComboFix 09-06-25.07 - Attila 009.06.26. 19:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1527.780 [GMT 2:00]
Running from: e:\documents and settings\Attila\Asztal\ComboFix.exe
Command switches used :: e:\documents and settings\Attila\Asztal\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 17:33 . 2009-06-26 17:33 -------- d-----w- e:\program files\Java
2009-06-26 17:28 . 2009-06-26 17:30 -------- d-----w- e:\documents and settings\Attila\.SunDownloadManager
2009-06-26 15:53 . 2009-06-26 15:53 -------- d-sh--w- e:\windows\system32\config\systemprofile\IETldCache
2009-06-26 15:52 . 2009-06-26 15:41 15688 ----a-w- e:\windows\system32\lsdelete.exe
2009-06-26 15:42 . 2009-06-26 15:41 64160 ----a-w- e:\windows\system32\drivers\Lbd.sys
2009-06-26 15:42 . 2009-06-26 15:42 314200 ----a-w- e:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-26 15:40 . 2009-06-26 15:40 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 15:40 . 2009-03-12 08:17 2902048 -c--a-w- e:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 14:29 . 2009-06-26 14:29 -------- dc----w- e:\windows\system32\dllcache\cache
2009-06-24 21:43 . 2009-06-24 21:43 -------- d-----w- e:\program files\Defraggler
2009-06-24 19:13 . 2009-06-24 19:14 -------- d-----w- e:\program files\CCleaner
2009-06-24 18:24 . 2009-06-24 18:24 -------- d-----w- e:\program files\Trend Micro
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\documents and settings\Attila\Local Settings\Application Data\WinAVI
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\program files\WinAVI Video Converter 9.0
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\windows\WinAVI Video Converter 9.0
2009-06-15 16:22 . 2009-06-15 16:22 -------- d-----w- e:\documents and settings\Attila\Application Data\AVS4YOU
2009-06-15 16:22 . 2009-06-15 16:22 -------- d-----w- e:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-15 16:20 . 2009-06-15 16:25 -------- d-----w- e:\program files\AVS4YOU
2009-06-15 16:13 . 2009-06-15 16:16 -------- d-----w- e:\program files\MPEGTOAVI
2009-06-15 15:52 . 2009-06-15 15:52 -------- d-----w- e:\documents and settings\Attila\.drdivx2
2009-06-15 15:41 . 2009-06-15 15:44 -------- d-----w- e:\program files\WinAVI VideoConverter
2009-06-14 21:47 . 2002-04-23 18:38 204848 ----a-w- e:\windows\system32\gswin32c.exe
2009-06-14 21:47 . 2006-08-22 16:18 196608 ----a-w- e:\windows\system32\Utility.dll
2009-06-14 21:47 . 1996-11-08 00:48 368912 ----a-w- e:\windows\system32\vbar332.dll
2009-06-11 12:07 . 2009-06-11 12:07 -------- d-----w- e:\program files\Poster Forge
2009-06-10 14:44 . 2009-04-30 21:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:44 . 2009-04-30 21:17 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2009-06-04 02:54 . 2008-12-03 23:25 120832 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-31 10:39 . 2009-06-03 13:33 -------- d-----w- E:\DevalVR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 17:52 . 2007-12-24 15:59 -------- d-----w- e:\documents and settings\Attila\Application Data\Skype
2009-06-26 17:33 . 2008-11-22 23:03 410984 ----a-w- e:\windows\system32\deploytk.dll
2009-06-26 15:48 . 2008-06-20 11:23 -------- d-----w- e:\program files\Mozilla Thunderbird
2009-06-26 15:40 . 2008-06-17 16:20 -------- d-----w- e:\program files\Lavasoft
2009-06-26 15:40 . 2008-06-17 16:20 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft
2009-06-26 15:28 . 2008-09-18 19:06 -------- d-----w- e:\documents and settings\Attila\Application Data\FileZilla
2009-06-26 14:13 . 2007-12-24 16:01 -------- d-----w- e:\documents and settings\Attila\Application Data\skypePM
2009-06-24 18:13 . 2001-10-26 10:00 4224 ----a-w- e:\windows\system32\drivers\beep.sys
2009-06-24 14:42 . 2007-12-26 12:45 -------- d-----w- e:\program files\FlashGet
2009-06-15 16:21 . 2008-03-05 17:58 -------- d-----w- e:\program files\Common Files\AVSMedia
2009-06-15 15:52 . 2007-12-24 23:36 -------- d-----w- e:\program files\DivX
2009-06-11 12:07 . 2007-12-24 20:18 62224 ----a-w- e:\documents and settings\Attila\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 12:06 . 2007-12-28 13:42 -------- d-----w- e:\program files\DC++
2009-05-24 18:51 . 2009-05-24 18:51 -------- d-----w- e:\program files\Microsoft Silverlight
2009-05-22 21:41 . 2009-03-07 10:50 -------- d-----w- e:\documents and settings\Attila\Application Data\Octoshape
2009-05-13 05:06 . 2004-08-17 14:47 915456 ----a-w- e:\windows\system32\wininet.dll
2009-05-07 15:34 . 2004-08-17 14:47 348160 ----a-w- e:\windows\system32\localspl.dll
2009-05-01 08:32 . 2009-05-01 08:32 256879 ----a-w- e:\windows\XHeader Uninstaller.exe
2009-05-01 08:31 . 2009-05-01 08:31 -------- d-----w- e:\program files\XHeader
2009-05-01 08:31 . 2009-05-01 08:31 -------- d-----w- e:\program files\Common Files\Thraex Software
2009-04-19 19:51 . 2004-08-17 14:30 1847168 ----a-w- e:\windows\system32\win32k.sys
2009-04-19 04:06 . 2001-10-26 10:00 95856 ----a-w- e:\windows\system32\perfc00E.dat
2009-04-19 04:06 . 2001-10-26 10:00 440090 ----a-w- e:\windows\system32\perfh00E.dat
2009-04-15 14:55 . 2004-08-17 14:47 585216 ----a-w- e:\windows\system32\rpcrt4.dll
2009-04-12 17:54 . 2009-04-24 12:07 954368 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 17:54 . 2009-04-24 12:07 103424 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 17:54 . 2009-04-24 12:07 71652 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 17:54 . 2009-04-24 12:07 4534272 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 17:54 . 2009-04-24 12:07 131868 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 17:54 . 2009-04-24 12:07 344064 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 17:54 . 2009-04-24 12:07 1161626 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 17:54 . 2009-04-24 12:07 65536 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_4ae13d6c.exe
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_294823.exe
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_18be6784.exe
2009-04-01 12:20 . 2009-04-01 12:20 152576 ----a-w- e:\documents and settings\Attila\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

------- Sigcheck -------

[7] 2004-08-17 14:48 504320 63E65D180BB0607B7240E700D2F73EAD e:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 07:02 549376 C8BA181365F1D816B769F11D456FF9EF e:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 07:02 549376 C8BA181365F1D816B769F11D456FF9EF e:\windows\system32\winlogon.exe
[7] 2008-04-14 07:02 509952 15D1D956D9F01E51E6623EDB31EA43B6 e:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-14 07:02 1554432 E37D9D2E6B027DCAF1F70E592B9995AF e:\windows\explorer.exe
[-] 2007-06-13 13:12 1035264 6CF1696892BE31A2EC25072A99E2E3FF e:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1035264 F8ECCBA428D0B2B53E4F2F824A13FA10 e:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 14:47 1034240 5BF20DA8E16049C4BE8E15EEE1F427C1 e:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 07:02 1554432 E37D9D2E6B027DCAF1F70E592B9995AF e:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 07:02 1035776 AD3A8A9E8914439852A98CE48015E237 e:\windows\VistaMizer\old\explorer.exe

[7] 2004-08-17 14:47 15360 3A847F86E66C60AFBB41C81B1AF0EEDB e:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 07:02 25088 BF99123A738EF46D296C61A9F7505AEA e:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 07:02 25088 BF99123A738EF46D296C61A9F7505AEA e:\windows\system32\ctfmon.exe
[7] 2008-04-14 07:02 15360 9A2CD21B28BC41E8CDF22083C277DD8F e:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-26_14.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 17:48 . 2009-06-26 17:48 16384 e:\windows\Temp\Perflib_Perfdata_604.dat
+ 2009-06-26 17:49 . 2009-06-26 17:49 16384 e:\windows\Temp\Perflib_Perfdata_268.dat
+ 2009-06-26 15:42 . 2009-06-26 15:41 64160 e:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-06-26 14:29 . 2008-10-16 13:09 51224 e:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-26 14:29 . 2008-04-14 07:02 82432 e:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-26 14:29 . 2008-04-14 07:02 26112 e:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-26 14:29 . 2008-04-14 07:02 14336 e:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-26 14:29 . 2008-04-14 07:02 57856 e:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-26 14:29 . 2008-04-14 07:02 17408 e:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-26 14:29 . 2008-04-14 07:02 13312 e:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-26 14:29 . 2008-04-14 06:40 24960 e:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-26 14:29 . 2008-04-13 09:53 36608 e:\windows\system32\dllcache\cache\ip6fw.sys
+ 2007-12-24 12:22 . 2009-06-26 15:52 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-24 12:22 . 2008-05-24 18:19 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-24 12:22 . 2008-05-24 18:19 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-24 12:22 . 2009-06-26 15:52 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-26 17:33 . 2009-06-26 17:33 148888 e:\windows\system32\javaws.exe
- 2009-04-01 12:21 . 2009-03-09 03:19 148888 e:\windows\system32\javaws.exe
+ 2009-06-26 17:33 . 2009-06-26 17:33 144792 e:\windows\system32\javaw.exe
- 2009-04-01 12:21 . 2009-03-09 03:19 144792 e:\windows\system32\javaw.exe
- 2009-04-01 12:21 . 2009-03-09 03:19 144792 e:\windows\system32\java.exe
+ 2009-06-26 17:33 . 2009-06-26 17:33 144792 e:\windows\system32\java.exe
+ 2009-06-26 14:29 . 2009-05-13 05:06 915456 e:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-26 14:29 . 2008-04-14 07:02 578560 e:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-26 14:29 . 2008-04-14 07:02 296960 e:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-26 14:29 . 2008-06-20 11:51 361600 e:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-26 14:29 . 2009-02-09 11:26 111104 e:\windows\system32\dllcache\cache\services.exe
+ 2009-06-26 14:29 . 2008-04-13 10:20 182656 e:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-26 14:29 . 2008-04-14 07:01 110080 e:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-26 14:29 . 2008-04-14 07:01 172544 e:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-26 15:53 . 2009-06-26 15:52 245760 e:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-06-26 14:29 . 2008-04-14 07:02 1571840 e:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-26 14:29 . 2009-02-09 11:27 2190464 e:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-26 14:29 . 2009-02-10 17:09 2067456 e:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-26 14:29 . 2009-03-21 14:09 1008128 e:\windows\system32\dllcache\cache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"MsnMsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1826816]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"REGSHAVE"="e:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"KMCONFIG"="e:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-26 518488]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 148888]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - e:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Exif Launcher 2.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Indítópult\Exif Launcher 2.lnk
backup=e:\windows\pss\Exif Launcher 2.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"g:\\mIRC\\mirc.exe"=
"e:\\Program Files\\DC++\\DCPlusPlus.exe"=
"e:\\WINDOWS\\system32\\rtcshare.exe"=
"e:\\Program Files\\NetMeeting\\conf.exe"=
"e:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009.06.26. 17:42 64160]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008.04.04. 18:53 114768]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2008.04.04. 18:53 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;e:\program files\Mouse Driver\KMWDSrv.exe [2007.04.05. 11:29 208896]
R3 PAC207;Trust WB-1400T Webcam;e:\windows\system32\drivers\PFC027.sys [2005.02.24. 13:29 162176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009.03.09. 21:06 1003344]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Letöltés a FlashGet-tel - e:\program files\FlashGet\jc_link.htm
IE: &Minden letöltése a FlashGet-tel - e:\program files\FlashGet\jc_all.htm
IE: Download Flash with Flash Capture - e:\program files\Flash Capture\dl.htm
IE: E&xportálás Microsoft Excel formátumba - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - e:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SZTAKI &angol-magyar - http://szotar.sztaki.hu/ie/iecontext.ph ... Dict&O=HUN
IE: SZTAKI &magyar-angol - http://szotar.sztaki.hu/ie/iecontext.ph ... Dict&O=HUN
TCP: {AECA5025-A5BD-4EE7-8E92-3BFC1C8DB2AC} = 84.2.46.1 84.2.44.1
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plug ... plugin.php
FF - ProfilePath - e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 19:49
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
e:\windows\system32\sfc_os.dll
e:\windows\system32\COMRes.dll
e:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3344)
e:\windows\system32\SHDOCVW.dll
e:\windows\system32\WININET.dll
e:\windows\system32\COMRes.dll
e:\windows\System32\cscui.dll
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\LINKINFO.dll
e:\windows\system32\ntshrui.dll
e:\windows\system32\NETSHELL.dll
e:\windows\system32\credui.dll
e:\windows\system32\MSVCP60.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\windows\system32\bgsvcgen.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\CyberLink\Shared Files\RichVideo.exe
e:\program files\Mouse Driver\KMCONFIG.exe
e:\windows\system32\PAStiSvc.exe
e:\program files\Mouse Driver\KMProcess.exe
e:\program files\Alwil Software\Avast4\ashMaiSv.exe
e:\program files\Alwil Software\Avast4\ashWebSv.exe
e:\windows\system32\wscntfy.exe
e:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-06-26 20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 18:01
ComboFix2.txt 2009-06-26 14:30

Pre-Run: 14 551 904 256 bájt szabad
Post-Run: 14 534 524 928 bájt szabad

284 --- E O F --- 2009-06-10 20:35

frisids fel a javat-mert regi
http://mesh.dl.sourceforge.net/sourcefo ... JavaRa.zip
Klik>> Remove Older Versions eltavolitodik a regi java Javy.
aztan tolds le a legujab verziot - Java SE Runtime Environment (JRE) 6 Update 14 - http://java.sun.com/javase/downloads/index.jsp
es telepitsd fell,
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide

Itt a log file:

ComboFix 09-06-25.06 - Attila 009.06.26. 16:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1527.1036 [GMT 2:00]
Running from: g:\temp\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf
e:\documents and settings\Attila\Application Data\wiaserva.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_glaide32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-24 21:43 . 2009-06-24 21:43 -------- d-----w- e:\program files\Defraggler
2009-06-24 19:13 . 2009-06-24 19:14 -------- d-----w- e:\program files\CCleaner
2009-06-24 18:24 . 2009-06-24 18:24 -------- d-----w- e:\program files\Trend Micro
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\documents and settings\Attila\Local Settings\Application Data\WinAVI
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\program files\WinAVI Video Converter 9.0
2009-06-15 16:49 . 2009-06-15 16:49 -------- d-----w- e:\windows\WinAVI Video Converter 9.0
2009-06-15 16:22 . 2009-06-15 16:22 -------- d-----w- e:\documents and settings\Attila\Application Data\AVS4YOU
2009-06-15 16:22 . 2009-06-15 16:22 -------- d-----w- e:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-15 16:20 . 2009-06-15 16:25 -------- d-----w- e:\program files\AVS4YOU
2009-06-15 16:13 . 2009-06-15 16:16 -------- d-----w- e:\program files\MPEGTOAVI
2009-06-15 15:52 . 2009-06-15 15:52 -------- d-----w- e:\documents and settings\Attila\.drdivx2
2009-06-15 15:41 . 2009-06-15 15:44 -------- d-----w- e:\program files\WinAVI VideoConverter
2009-06-14 21:47 . 2002-04-23 18:38 204848 ----a-w- e:\windows\system32\gswin32c.exe
2009-06-14 21:47 . 2006-08-22 16:18 196608 ----a-w- e:\windows\system32\Utility.dll
2009-06-14 21:47 . 1996-11-08 00:48 368912 ----a-w- e:\windows\system32\vbar332.dll
2009-06-11 12:07 . 2009-06-11 12:07 -------- d-----w- e:\program files\Poster Forge
2009-06-10 14:44 . 2009-04-30 21:17 12800 -c----w- e:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:44 . 2009-04-30 21:17 246272 -c----w- e:\windows\system32\dllcache\ieproxy.dll
2009-06-04 02:54 . 2008-12-03 23:25 120832 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-31 10:39 . 2009-06-03 13:33 -------- d-----w- E:\DevalVR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 14:22 . 2007-12-24 15:59 -------- d-----w- e:\documents and settings\Attila\Application Data\Skype
2009-06-26 14:13 . 2007-12-24 16:01 -------- d-----w- e:\documents and settings\Attila\Application Data\skypePM
2009-06-26 14:04 . 2008-09-18 19:06 -------- d-----w- e:\documents and settings\Attila\Application Data\FileZilla
2009-06-26 12:48 . 2008-06-20 11:23 -------- d-----w- e:\program files\Mozilla Thunderbird
2009-06-24 18:13 . 2001-10-26 10:00 4224 ----a-w- e:\windows\system32\drivers\beep.sys
2009-06-24 18:04 . 2008-06-17 16:20 -------- d-----w- e:\program files\Lavasoft
2009-06-24 18:04 . 2008-06-17 16:20 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft
2009-06-24 14:42 . 2007-12-26 12:45 -------- d-----w- e:\program files\FlashGet
2009-06-15 16:21 . 2008-03-05 17:58 -------- d-----w- e:\program files\Common Files\AVSMedia
2009-06-15 15:52 . 2007-12-24 23:36 -------- d-----w- e:\program files\DivX
2009-06-11 12:07 . 2007-12-24 20:18 62224 ----a-w- e:\documents and settings\Attila\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 12:06 . 2007-12-28 13:42 -------- d-----w- e:\program files\DC++
2009-05-24 18:51 . 2009-05-24 18:51 -------- d-----w- e:\program files\Microsoft Silverlight
2009-05-22 21:41 . 2009-03-07 10:50 -------- d-----w- e:\documents and settings\Attila\Application Data\Octoshape
2009-05-13 05:06 . 2004-08-17 14:47 915456 ----a-w- e:\windows\system32\wininet.dll
2009-05-07 15:34 . 2004-08-17 14:47 348160 ----a-w- e:\windows\system32\localspl.dll
2009-05-01 08:32 . 2009-05-01 08:32 256879 ----a-w- e:\windows\XHeader Uninstaller.exe
2009-05-01 08:31 . 2009-05-01 08:31 -------- d-----w- e:\program files\XHeader
2009-05-01 08:31 . 2009-05-01 08:31 -------- d-----w- e:\program files\Common Files\Thraex Software
2009-04-19 19:51 . 2004-08-17 14:30 1847168 ----a-w- e:\windows\system32\win32k.sys
2009-04-19 04:06 . 2001-10-26 10:00 95856 ----a-w- e:\windows\system32\perfc00E.dat
2009-04-19 04:06 . 2001-10-26 10:00 440090 ----a-w- e:\windows\system32\perfh00E.dat
2009-04-15 14:55 . 2004-08-17 14:47 585216 ----a-w- e:\windows\system32\rpcrt4.dll
2009-04-12 17:54 . 2009-04-24 12:07 954368 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 17:54 . 2009-04-24 12:07 103424 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 17:54 . 2009-04-24 12:07 71652 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 17:54 . 2009-04-24 12:07 4534272 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 17:54 . 2009-04-24 12:07 131868 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 17:54 . 2009-04-24 12:07 344064 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 17:54 . 2009-04-24 12:07 1161626 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 17:54 . 2009-04-24 12:07 65536 ----a-w- e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_4ae13d6c.exe
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_294823.exe
2009-04-11 21:48 . 2009-04-11 21:48 36742 ----a-r- e:\documents and settings\Attila\Application Data\Microsoft\Installer\{E52382DC-2E7A-439D-8ECE-A27D8B816645}\_18be6784.exe
2009-04-01 12:20 . 2009-04-01 12:20 152576 ----a-w- e:\documents and settings\Attila\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

------- Sigcheck -------

[7] 2004-08-17 14:48 504320 63E65D180BB0607B7240E700D2F73EAD e:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 07:02 549376 C8BA181365F1D816B769F11D456FF9EF e:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 07:02 549376 C8BA181365F1D816B769F11D456FF9EF e:\windows\system32\winlogon.exe
[7] 2008-04-14 07:02 509952 15D1D956D9F01E51E6623EDB31EA43B6 e:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-14 07:02 1554432 E37D9D2E6B027DCAF1F70E592B9995AF e:\windows\explorer.exe
[-] 2007-06-13 13:12 1035264 6CF1696892BE31A2EC25072A99E2E3FF e:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1035264 F8ECCBA428D0B2B53E4F2F824A13FA10 e:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 14:47 1034240 5BF20DA8E16049C4BE8E15EEE1F427C1 e:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 07:02 1554432 E37D9D2E6B027DCAF1F70E592B9995AF e:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 07:02 1035776 AD3A8A9E8914439852A98CE48015E237 e:\windows\VistaMizer\old\explorer.exe

[7] 2004-08-17 14:47 15360 3A847F86E66C60AFBB41C81B1AF0EEDB e:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 07:02 25088 BF99123A738EF46D296C61A9F7505AEA e:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 07:02 25088 BF99123A738EF46D296C61A9F7505AEA e:\windows\system32\ctfmon.exe
[7] 2008-04-14 07:02 15360 9A2CD21B28BC41E8CDF22083C277DD8F e:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"MsnMsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1826816]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"REGSHAVE"="e:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"KMCONFIG"="e:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - e:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Exif Launcher 2.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Indítópult\Exif Launcher 2.lnk
backup=e:\windows\pss\Exif Launcher 2.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"g:\\mIRC\\mirc.exe"=
"e:\\Program Files\\DC++\\DCPlusPlus.exe"=
"e:\\WINDOWS\\system32\\rtcshare.exe"=
"e:\\Program Files\\NetMeeting\\conf.exe"=
"e:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"e:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008.04.04. 18:53 114768]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2008.04.04. 18:53 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;e:\program files\Mouse Driver\KMWDSrv.exe [2007.04.05. 11:29 208896]
R3 PAC207;Trust WB-1400T Webcam;e:\windows\system32\drivers\PFC027.sys [2005.02.24. 13:29 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Letöltés a FlashGet-tel - e:\program files\FlashGet\jc_link.htm
IE: &Minden letöltése a FlashGet-tel - e:\program files\FlashGet\jc_all.htm
IE: Download Flash with Flash Capture - e:\program files\Flash Capture\dl.htm
IE: E&xportálás Microsoft Excel formátumba - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - e:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Sothink SWF Catcher - e:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SZTAKI &angol-magyar - http://szotar.sztaki.hu/ie/iecontext.ph ... Dict&O=HUN
IE: SZTAKI &magyar-angol - http://szotar.sztaki.hu/ie/iecontext.ph ... Dict&O=HUN
TCP: {AECA5025-A5BD-4EE7-8E92-3BFC1C8DB2AC} = 84.2.44.1 84.2.46.1
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plug ... plugin.php
FF - ProfilePath - e:\documents and settings\Attila\Application Data\Mozilla\Firefox\Profiles\mz19hp75.default\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 16:20
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c1,af,78,0c,de,
44,d9,3a,e2,63,26,f1,3f,c8,ff,68,44,c6,6a,d2,a2,56,01,42,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,e9,20,01,22,62,
a3,6b,a8,6a,9c,d6,61,af,45,84,18,d5,78,b5,53,92,cf,8c,f1,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,76,2b,5b,5f,ee,
f0,b8,ff,ff,7c,85,e0,43,d4,0e,fe,dc,26,0a,42,38,47,4d,dd,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5e,2a,8d,4c,f4,
77,77,54,86,8c,21,01,be,91,eb,e7,0c,4e,46,29,62,ac,50,10,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,24,83,66,89,cc,
7b,f1,25,f5,1d,4d,73,a8,13,5c,05,f8,d1,d5,9b,42,db,07,a5,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,7c,ed,ae,36,d3,
f5,e2,78,df,20,58,62,78,6b,cf,c8,40,15,f1,f0,74,10,46,85,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,52,22,f5,d3,7a,
85,51,0e,fb,a7,78,e6,12,2f,9a,ea,fe,e7,bf,6e,d0,55,22,a0,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8f,51,d2,12,0a,
7f,ce,30,01,3a,48,fc,e8,04,4a,f1,35,64,ef,b8,2d,d7,2a,29,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,60,f7,a8,5f,42,
f3,30,07,f6,0f,4e,58,98,5b,89,c9,0f,82,6c,d2,e1,25,d9,24,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,fd,e4,7f,f5,d7,
de,6e,e9,3d,ce,ea,26,2d,45,aa,78,18,3b,1d,39,b1,0d,64,37,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,04,f1,3e,89,4c,
13,fb,d2,2a,b7,cc,b5,b9,7f,41,e7,fa,9c,d9,b4,49,e1,7f,c2,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="e:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,eb,f8,86,af,da,
f9,1b,5e,6c,43,2d,1e,aa,22,2f,9c,31,06,97,5e,27,74,91,80,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
e:\windows\system32\sfc_os.dll
e:\windows\system32\COMRes.dll
e:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2744)
e:\windows\system32\SHDOCVW.dll
e:\windows\system32\WININET.dll
e:\windows\system32\COMRes.dll
e:\windows\System32\cscui.dll
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\LINKINFO.dll
e:\windows\system32\ntshrui.dll
e:\windows\system32\NETSHELL.dll
e:\windows\system32\credui.dll
e:\windows\system32\MSVCP60.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\windows\system32\bgsvcgen.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\CyberLink\Shared Files\RichVideo.exe
e:\windows\system32\PAStiSvc.exe
e:\program files\Mouse Driver\KMCONFIG.exe
e:\program files\Mouse Driver\KMProcess.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-26 16:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 14:30

Pre-Run: 14 626 201 600 bájt szabad
Post-Run: 14 614 777 856 bájt szabad

295 --- E O F --- 2009-06-10 20:35

nincsen mitt
szia,,

köszi szépen!!! nem, nincs semmi, csak biztos akartam lenni benne, hogy minden oké! még ilyen hosszú ideig nem voltam vírusmentes a tűzfallal nem boldogultam, ezért leszedtem már régen. mégyegyszer köszi!!!!

szia
hajni19840203
azon kivul hogy nem latok tuzfalat ,mindent renben latok,van e valami problem??