Jó reggelt! Stell, rákukkantanál majd ha ráérsz feljebb az üzenetemre? köszi!

egal
kiprobalni mas egeret,,
ha meg mindig nem jo,akor a rendszerbol eltavolitani az egeret-restart-az eger feltelepitodik-de vigyaz mert mikor eltavolitod az egeret,nemlesz eger-es igy a bilentyukel kell bezarni a windowst,,es leirni mi a helyzet,

Szia !
leteszteltem. Tiszta! Combofixet leszedtem.

a géppel a helyzet ugyanaz. Laptop bekapcs nincs egér, billentyű. lecsuk, felnyit jóóó.

Szia Stell!
Teszek ide neked egy kis olvasni valót, ha ráérsz valamikor légyszi kukkantsd át kösziiiiiiii!

Először futtattam a HijackThis-t, azután a ComboFix-et

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:42, on 2009.06.25.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Voipwise] "C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: Az összes letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Kijelölés letöltése Free Download Managerrel - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Letöltés Free Download Managerrel - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Video letöltése a Free Download Manager-rel - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{53AEABE0-850D-4B47-8EF2-FA5CD3AF1F72}: NameServer = 193.110.57.4 193.110.56.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 4578 bytes






ComboFix 09-06-25.01 - Dávid 009.06.25. 21:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1023.747 [GMT 2:00]
Running from: c:\documents and settings\Dávid\Asztal\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 18:21 . 2009-06-25 18:21 1598 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-23 13:50 . 2009-06-23 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-23 13:49 . 2009-06-23 13:49 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-23 13:49 . 2009-06-23 13:49 -------- d-----w- c:\windows\system32\AGEIA
2009-06-23 13:49 . 2009-06-23 13:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-23 13:47 . 2009-06-23 13:48 -------- d-----w- c:\program files\Switchball
2009-06-10 17:53 . 2009-06-10 17:53 -------- d-----w- c:\program files\Voipwise.com
2009-06-05 08:39 . 2009-06-05 08:48 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-05 08:39 . 2009-06-05 09:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-05 08:39 . 2009-06-05 09:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-05 08:36 . 2009-06-05 08:36 -------- d-----w- c:\windows\system32\LogFiles
2009-06-05 08:25 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 18:11 . 2009-02-15 13:56 -------- d-----w- c:\program files\Electronic Arts
2009-06-09 11:54 . 2009-02-09 15:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-27 18:28 . 2009-02-15 19:37 -------- d-----w- c:\program files\VCW VicMan's Photo Editor
2009-05-13 22:05 . 2009-02-09 12:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-29 08:25 . 2001-10-26 12:00 57936 ----a-w- c:\windows\system32\perfc00E.dat
2009-03-29 08:25 . 2001-10-26 12:00 303696 ----a-w- c:\windows\system32\perfh00E.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"Voipwise"="c:\program files\Voipwise.com\Voipwise\Voipwise.exe" [2007-09-06 7394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2008-09-24 4918936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\D vid\Start Menu\Programs\Indˇt˘pult\
uTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2009-2-10 270128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009.02.08. 18:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009.02.08. 18:45 20560]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2009.02.09. 14:49 52888]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm
IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 21:15
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?s_V-RAID_V

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-1060284298-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5c,8a,d8,76,8a,26,7a,69,79,3a,20,04,7b,53,71,7a,7d,f9,49,71,15,
a1,2e,6c,22,00,87,f1,49,84,a6,92,cb,3f,72,81,91,dc,5a,a3,60,4b,08,1e,45,59,\
"rkeysecu"=hex:f7,08,c8,5e,0a,ee,f4,80,f4,80,97,d2,8f,38,0f,c9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\shdoclc.dll
.
Completion time: 2009-06-25 21:16
ComboFix-quarantined-files.txt 2009-06-25 19:16

Pre-Run: 8 496 885 760 bájt szabad
Post-Run: 8 860 413 952 bájt szabad

101

Szvsz nincs ilyen. Annál komolyabb programok ezek.
Fizetősből több is van, én a Norton Ghost-ot használom, más pl. a True Image-t.

Keress rá, sokat írtunk ezekről, én pl itt:
http://forum.terminal.hu/viewtopic.php?p=909866#909866

Melyik ingyenes programmal lehet partíciót menteni?

kataiandi és a többiek (bocs, hogy beleszólok):

Nézem, hogy mennyit kínlódtok, hogy helyreálljon a gép. Ha csak egy kicsit olvasnátok a Fórumot, látnátok (sokan írtunk róla, én is), hogy létezik particiómentés, amivel néhány perc alatt visszaállítható egy korábbi, hibátlan állapot.

De nem, ti az órákig tartó, esetleg eredménytelen javítgatást választjátok.

Hát, ti tudjátok. Én csak jeleztem, hogy vannak más megoldások mint ami ebben, és a hasonló témáju topikokban történik.

Értettem, köszi!

kataiandi
hm,it aza problem hogy nemtudlyuk lekontrolalni a rendszer fajlokat,mivel nincsen telepito lemezed,mert gyanusak,
De tolds le a WebCureit programot es csinalj-expres-es komplet skant-csokentet modban,amit talal gyogyitani,
http://www.viry.cz/forum/viewtopic.php?t=47721/

És én tudok még valamit tenni? Nem igazából lett sokkal gyorsabb

matrix70
nyis uj temat es futasd a combofixet,

ok
egal
meg teszteld le eztet
c:\program files\RSL\RSL.exe
ha tiszta akor leszedni a geprol a combofixet-start -futatas-masold be az ablakba
combofix /u ok
kipucolni a gepet CCleaneral es leirni mia helyzet a gepel,

Szia !

lefuttattam a teszteket itt vannak linkek. Bocs eddig dolgoztam !

http://www.virustotal.com/hu/analisis/2 ... 1245876017
http://www.virustotal.com/hu/analisis/0 ... 1245876799
http://www.virustotal.com/hu/analisis/a ... 1245877223
http://www.virustotal.com/hu/analisis/4 ... 1245877469

Sziasztok!

Avast antivirus az alábbi vírusokat találta, egyelőre karanténba helyeztettem.
Van-e valami további teendőm, vagy ennyi elég volt neki.

ccleanert végigfuttattam

bemásoltam ctrl+c vel a combofix /u és újból lefutott a combofix.

akor semijet,,,mert nemmene,
job klik a szemet kupara-futatni a ccleanert es kipucolni a gepet,

telepítő lemezem nincs milyent kellene beszerezni?

leszedni a combofixet-start-futatas -masold be az ablakba combofix /u ok
kipucolni a gepet ccleaneral,,,,
ted be a telepito lemezet a meghajtoba-ha kinyilana zard be-start futatas-ird be cmd ok
a fekete ablakba ird be SFC /scannow enter
es hagyad hogy a rendszer kontrolaja at a rendszerfajlokat,aztan kiprobalni a gepet,

Na ezt túl akartam komplikálni...azt hittem valami bonyolult valamit kell tennem

ComboFix 09-06-23.01 - Kátai 009.06.24. 19:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1038.18.247.109 [GMT 2:00]
Running from: c:\documents and settings\Kátai\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Kátai\Asztal\CFScript.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus System 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\windows\Tasks\Optimalizálás.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\Optimalizálás.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPR_FREADER
-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_mpr_freader
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 14:51 . 2009-06-24 14:51 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-24 11:45 . 2009-06-24 11:45 -------- dc----w- C:\_OTM
2009-06-24 10:02 . 2009-06-24 10:23 -------- dc----w- c:\program files\trend micro
2009-06-24 10:02 . 2009-06-24 10:23 -------- dc----w- C:\rsit
2009-06-22 14:11 . 2009-06-22 14:11 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-22 13:13 . 2009-06-22 14:33 -------- dc----w- C:\Games
2009-06-22 12:33 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-22 12:33 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-22 12:32 . 2009-06-22 12:32 -------- dc----w- c:\program files\Ashampoo
2009-06-22 11:01 . 2009-02-09 11:26 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-22 11:01 . 2009-02-09 10:54 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-22 11:01 . 2009-02-09 10:54 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-22 11:01 . 2009-02-09 10:54 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-22 11:01 . 2009-02-09 10:54 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-22 11:01 . 2009-02-09 10:54 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-22 11:01 . 2009-02-09 10:54 721408 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-22 10:07 . 2009-06-22 10:07 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-22 09:21 . 2005-11-08 22:26 38400 ----a-w- c:\windows\system32\moveex.exe
2009-06-20 18:05 . 2009-06-20 18:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Grey Alien Games
2009-06-17 10:03 . 2009-06-17 10:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 10:02 . 2009-06-17 10:02 -------- dc----w- c:\program files\Java
2009-06-16 15:17 . 2009-06-16 15:34 -------- dc----w- c:\program files\MSN Messenger
2009-06-13 12:26 . 2003-10-22 05:24 200704 ----a-r- c:\windows\sel3110.exe
2009-06-13 12:26 . 2003-10-22 05:24 40960 ----a-r- c:\windows\CleanDev.exe
2009-06-13 12:26 . 2003-10-22 05:23 307200 ----a-r- c:\windows\vidcap32.exe
2009-06-13 12:26 . 2003-10-22 05:24 174530 ----a-r- c:\windows\system32\drivers\ov519vid.sys
2009-06-13 12:26 . 2003-10-22 05:24 25211 ----a-r- c:\windows\system32\drivers\ov519cmd.sys
2009-06-13 12:26 . 2003-10-22 05:24 40960 ----a-r- c:\windows\system32\ov519ext.dll
2009-06-13 12:26 . 2003-10-22 05:24 16426 ----a-r- c:\windows\system32\ov519usd.dll
2009-06-13 12:15 . 2009-06-13 12:15 -------- dc----w- c:\program files\uTorrent
2009-06-12 09:56 . 2009-06-12 09:55 300352 ----a-w- c:\windows\system32\imon.dll
2009-06-12 09:56 . 2009-06-12 09:55 511832 ----a-w- c:\windows\system32\drivers\amon.sys
2009-06-12 09:56 . 2009-06-12 09:55 15160 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-06-12 09:55 . 2009-06-24 11:40 -------- dc----w- c:\program files\ESET
2009-06-12 09:31 . 2009-06-12 09:31 -------- dc----w- c:\program files\D-Link AirPlus
2009-06-12 09:29 . 2003-09-02 06:33 40636 ----a-r- c:\windows\system\WLANGEN.bin
2009-06-12 09:29 . 2003-07-27 02:02 964 ----a-r- c:\windows\system32\drivers\RADIO11.bin
2009-06-12 09:29 . 2003-07-27 02:02 964 ----a-r- c:\windows\system\RADIO11.bin
2009-06-12 09:29 . 2003-07-25 02:24 936 ----a-r- c:\windows\system\RADIO0d.bin
2009-06-12 09:29 . 2003-05-18 11:04 912 ----a-r- c:\windows\system32\drivers\RADIO15.bin
2009-06-12 09:29 . 2003-05-18 11:04 912 ----a-r- c:\windows\system\RADIO15.bin
2009-06-12 09:29 . 2003-09-08 08:06 255360 ----a-r- c:\windows\system32\drivers\AIRPLUS.sys
2009-06-12 09:29 . 2003-09-02 06:33 40636 ----a-r- c:\windows\system32\drivers\WLANGEN.bin
2009-06-12 09:29 . 2003-07-25 02:24 936 ----a-r- c:\windows\system32\drivers\RADIO0d.bin
2009-06-11 17:35 . 2009-06-11 17:35 -------- dc----w- c:\program files\Microsoft
2009-06-11 17:34 . 2009-06-13 13:06 -------- dc----w- c:\program files\Windows Live
2009-06-11 17:28 . 2009-06-11 17:28 -------- dc----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:45 . 2001-10-26 12:00 86566 ----a-w- c:\windows\system32\perfc00E.dat
2009-06-24 11:45 . 2001-10-26 12:00 401438 ----a-w- c:\windows\system32\perfh00E.dat
2009-06-22 13:51 . 2007-12-06 18:18 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-22 12:45 . 2008-12-31 11:47 -------- dc----w- c:\program files\RSL
2009-06-22 09:57 . 2008-12-15 11:46 -------- dcsh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-15 09:11 . 2008-04-05 07:19 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-15 08:53 . 2008-04-14 08:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-12 09:31 . 2007-12-06 14:20 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:34 . 2004-08-17 14:47 348160 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-08-17 14:47 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-17 14:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:51 . 2004-08-17 14:30 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:55 . 2004-08-17 14:47 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2004-08-17 14:48 14336 22D8D9F0F5EBE312A1747D6172205F1B c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 16:02 14336 05194D8A92CF7E559C1A38FC134C966A c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 16:02 14336 05194D8A92CF7E559C1A38FC134C966A c:\windows\system32\svchost.exe
[7] 2008-04-14 16:02 14336 05194D8A92CF7E559C1A38FC134C966A c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:21 577024 D97DB73C4785AE062CAC7EADD20CA9B4 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 8D463C9104A380963A73FB636C8786FD c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:39 577536 95A36030580EBD96DC77C1A39FE243ED c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2008-04-14 16:02 578560 D6CAE3824EA12A356065C9EF10FC0EB3 c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 16:02 578560 D6CAE3824EA12A356065C9EF10FC0EB3 c:\windows\system32\user32.dll
[7] 2008-04-14 16:02 578560 D6CAE3824EA12A356065C9EF10FC0EB3 c:\windows\system32\dllcache\cache\user32.dll

[7] 2004-08-17 14:47 82944 AF3CC3CB92FB06A47CE979FB9D2CA127 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 16:02 82432 EA551E1AB5BA99DA3397517BDD278E94 c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 16:02 82432 EA551E1AB5BA99DA3397517BDD278E94 c:\windows\system32\ws2_32.dll
[7] 2008-04-14 16:02 82432 EA551E1AB5BA99DA3397517BDD278E94 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2007-08-22 12:58 666112 A50FD57FCCFA5A70E0F65569296B8405 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-10-11 06:10 666624 3C8082846900395620930042832DBB5C c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-10-10 23:41 825344 430DF3A8DAF01D058D19D8E5469AEFA7 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 01:43 825344 6ED71B26A9B3EC6B2358E7C61D5F5CC2 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:35 827392 9DB0E3373105943B3C1BD9646D338EB1 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:21 827392 79C678B102664EDE58903F4A2AAF9470 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:42 827904 CA2D1B954229C8A095B7FF2A77D05C93 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:12 827904 4B5C8499E73963C02FA07BB08424A717 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:49 827904 28B845FC45F8DA085B529F10DE817503 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-04-29 04:40 828928 D7C8F74B3A09675B4BEFED608BD1859A c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2007-10-11 06:14 659968 85D2F63FF27DFE387BF15FBC02F5A93A c:\windows\ie7\wininet.dll
[7] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:53 824832 0D191B0C9D0CF3B6151E1D4984B52045 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:14 824832 E6AD19E93908F77872D7CD87420A346D c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:02 826368 74449EAE913A6D10056532D0906435F5 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 EECC1E25C89A5B06891CCEE323527EA5 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:42 826368 1352F9F8FF9C5FB60BEE1996EFB7DB2D c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 08:27 826368 1E2BA5ADC79E4C132FA0C098786AB290 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:47 826368 ADDC791ED0E035D6D4FB212B3760DEFD c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-04-14 16:02 666624 2B5C0D3A4DBC1F8F98DC9DF8246AD476 c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:47 827392 1CE5AB0C6CA990B13EDAC0DC78E2D26D c:\windows\SoftwareDistribution\Download\08e3c909df3fd4fe40d4be4036dc2978\sp3gdr\wininet.dll
[7] 2009-04-29 04:40 828928 D7C8F74B3A09675B4BEFED608BD1859A c:\windows\SoftwareDistribution\Download\08e3c909df3fd4fe40d4be4036dc2978\sp3qfe\wininet.dll
[7] 2009-04-29 04:47 827392 1CE5AB0C6CA990B13EDAC0DC78E2D26D c:\windows\system32\wininet.dll
[7] 2009-04-29 04:47 827392 1CE5AB0C6CA990B13EDAC0DC78E2D26D c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:47 827392 1CE5AB0C6CA990B13EDAC0DC78E2D26D c:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-17 14:48 504320 63E65D180BB0607B7240E700D2F73EAD c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 16:02 509952 15D1D956D9F01E51E6623EDB31EA43B6 c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 16:02 509952 15D1D956D9F01E51E6623EDB31EA43B6 c:\windows\system32\winlogon.exe
[7] 2008-04-14 16:02 509952 15D1D956D9F01E51E6623EDB31EA43B6 c:\windows\system32\dllcache\cache\winlogon.exe

[7] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:14 2058368 EDE111C26CE3B2A99D390004500647C1 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:09 2060800 E7E968C41118C96F654C7BC6E8D0E910 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-09 11:19 2067584 5BF3E11C6796AA240953368366824FA4 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:41 2064384 52E5912A62C59A9CE33683BFE5379794 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 13:26 2067456 57383435A3A23F5B37A87FD03847CFA8 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 18:27 2067456 A20C3C07C83DF69EA6E38BD91A957BE4 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:46 2059136 336535F64CA633A208D4D75FC89AD8FF c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 13:26 2067456 57383435A3A23F5B37A87FD03847CFA8 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-10 17:09 2067456 CD0AD7D894B7205F7283A05CA9286896 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-14 15:43 2067328 7B1F0CDD45F11441264F2609C77CEF44 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-09 11:52 2059136 93F9B4B3CDE0033EC07FE31A4D9190B4 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2GDR\ntkrnlpa.exe
[7] 2009-02-09 11:45 2064384 F0D44895150996E583B09BFCDC368B30 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2QFE\ntkrnlpa.exe
[7] 2009-02-10 17:09 2067456 CD0AD7D894B7205F7283A05CA9286896 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3GDR\ntkrnlpa.exe
[7] 2009-02-09 11:19 2067584 5BF3E11C6796AA240953368366824FA4 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3QFE\ntkrnlpa.exe
[7] 2009-02-10 17:09 2067456 CD0AD7D894B7205F7283A05CA9286896 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-10 17:09 2067456 CD0AD7D894B7205F7283A05CA9286896 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 17:09 2067456 CD0AD7D894B7205F7283A05CA9286896 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 18:14 2180992 CF797AA33783F74FDE0417D35B8BD0C0 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:09 2183552 BF63A4405538286C178CCA6A59CBCAB9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-10 17:19 2190592 2A59B6CF2D95B02B93779B54DFEAFAF8 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:41 2187392 F7F41884745C7092A4B9A1AAF1A20348 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 13:26 2190592 835D2A6C4636D4C5E5F9500116DB6E89 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 18:27 2190592 17E742C7E0990F75DA8DBB3071231DCA c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:46 2181760 9034856C9008949D6BAC2851D6727E15 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 13:26 2190592 835D2A6C4636D4C5E5F9500116DB6E89 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-09 11:27 2190464 30CDD12197D6FED5206F95CD98B4454C c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-14 15:43 2190464 2BD366A121B5599C5C67A472A42FD06D c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-09 11:52 2181888 DA4CC9B4184F09276CA5B6A1402877E1 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2GDR\ntoskrnl.exe
[7] 2009-02-09 11:45 2187520 02C1C733BCFD12CA4AACA1D3591FE803 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2QFE\ntoskrnl.exe
[7] 2009-02-09 11:27 2190464 30CDD12197D6FED5206F95CD98B4454C c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3GDR\ntoskrnl.exe
[7] 2009-02-10 17:19 2190592 2A59B6CF2D95B02B93779B54DFEAFAF8 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 11:27 2190464 30CDD12197D6FED5206F95CD98B4454C c:\windows\system32\ntoskrnl.exe
[7] 2009-02-09 11:27 2190464 30CDD12197D6FED5206F95CD98B4454C c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 11:27 2190464 30CDD12197D6FED5206F95CD98B4454C c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-04-14 16:02 1035776 AD3A8A9E8914439852A98CE48015E237 c:\windows\explorer.exe
[-] 2007-06-13 13:12 1035264 6CF1696892BE31A2EC25072A99E2E3FF c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1035264 F8ECCBA428D0B2B53E4F2F824A13FA10 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 16:02 1035776 AD3A8A9E8914439852A98CE48015E237 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 16:02 1035776 AD3A8A9E8914439852A98CE48015E237 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-09 11:19 111104 BDEB2B3B235C8488BC7BAE94143415EF c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-17 14:48 108544 9D12ECDFA545DD69B13081906C5862B1 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 16:02 109056 A4F2504691E6B273EB901EACA253C05F c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 16:02 109056 A4F2504691E6B273EB901EACA253C05F c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-09 10:10 111104 C921C31EA3F3CBF5D72D6B18FC4B5D46 c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2GDR\services.exe
[7] 2009-02-09 09:55 111104 E3E05ADEDAA28D265CF97E0980C3E14B c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP2QFE\services.exe
[7] 2009-02-09 11:26 111104 9CEDBFBE08BC1C4F35F74B8F96E0289A c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3GDR\services.exe
[7] 2009-02-09 11:19 111104 BDEB2B3B235C8488BC7BAE94143415EF c:\windows\SoftwareDistribution\Download\a993fd5527ea7331bb50cf97656f4d60\SP3QFE\services.exe
[7] 2009-02-09 11:26 111104 9CEDBFBE08BC1C4F35F74B8F96E0289A c:\windows\system32\services.exe
[7] 2009-02-09 11:26 111104 9CEDBFBE08BC1C4F35F74B8F96E0289A c:\windows\system32\dllcache\services.exe
[7] 2009-02-09 11:26 111104 9CEDBFBE08BC1C4F35F74B8F96E0289A c:\windows\system32\dllcache\cache\services.exe

[7] 2004-08-17 14:48 13312 13C29FBA0388BEF38F06600994FAA2BA c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 16:02 13312 21844F6DA13ECE4737D0B7524EDEB6EC c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 16:02 13312 21844F6DA13ECE4737D0B7524EDEB6EC c:\windows\system32\lsass.exe
[7] 2008-04-14 16:02 13312 21844F6DA13ECE4737D0B7524EDEB6EC c:\windows\system32\dllcache\cache\lsass.exe

[7] 2004-08-17 14:47 15360 3A847F86E66C60AFBB41C81B1AF0EEDB c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 16:02 15360 9A2CD21B28BC41E8CDF22083C277DD8F c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 16:02 15360 9A2CD21B28BC41E8CDF22083C277DD8F c:\windows\system32\ctfmon.exe
[7] 2008-04-14 16:02 15360 9A2CD21B28BC41E8CDF22083C277DD8F c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 16:02 57856 75090D3AC252ED03C85B20BF9663F8DE c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 16:02 57856 75090D3AC252ED03C85B20BF9663F8DE c:\windows\system32\spoolsv.exe
[7] 2008-04-14 16:02 57856 75090D3AC252ED03C85B20BF9663F8DE c:\windows\system32\dllcache\cache\spoolsv.exe

[7] 2008-04-14 16:02 112128 7259723BF631E199EC0AD9082DCFDFC4 c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-17 14:48 24576 B722651FB16A7777E885711DB94571DA c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 16:02 26112 B0DDDFC8361952B956EF9475244F40BD c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 16:02 26112 B0DDDFC8361952B956EF9475244F40BD c:\windows\system32\userinit.exe
[7] 2008-04-14 16:02 26112 B0DDDFC8361952B956EF9475244F40BD c:\windows\system32\dllcache\userinit.exe
[7] 2008-04-14 16:02 26112 B0DDDFC8361952B956EF9475244F40BD c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-17 14:47 296960 31C19AA96A1DB7EEC02394FFF8FFE3AD c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 16:02 296960 9BA79E5A12285E988FE65D26643B2930 c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 16:02 296960 9BA79E5A12285E988FE65D26643B2930 c:\windows\system32\termsrv.dll
[7] 2008-04-14 16:02 296960 9BA79E5A12285E988FE65D26643B2930 c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2007-04-16 16:11 1004544 E9CFDFFA051781A68FDFC6E17035FC31 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 14:04 1010176 FCC98887C7CFD48C43E828A9BED4E21B c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:54 1003008 97AEC3F62D0FAAA3B823DC7721F5E610 c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2008-04-14 16:01 1008128 E69866C842513B6979A6A17B7E6F3C3F c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 16:01 1008128 E69866C842513B6979A6A17B7E6F3C3F c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:09 1008128 983315357F8B18C81D4DC0180229CD29 c:\windows\SoftwareDistribution\Download\8ce4cf5353d55563610ae49e8013d95b\sp3gdr\kernel32.dll
[7] 2009-03-21 14:04 1010176 FCC98887C7CFD48C43E828A9BED4E21B c:\windows\SoftwareDistribution\Download\8ce4cf5353d55563610ae49e8013d95b\sp3qfe\kernel32.dll
[7] 2009-03-21 14:09 1008128 983315357F8B18C81D4DC0180229CD29 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:09 1008128 983315357F8B18C81D4DC0180229CD29 c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:09 1008128 983315357F8B18C81D4DC0180229CD29 c:\windows\system32\dllcache\cache\kernel32.dll

[7] 2004-08-17 14:47 17408 940A0DDC89B0A22225B185AB5B05C1AE c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 16:01 17408 735FEC1C87F99D4B6EBDAED6462A011B c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 16:01 17408 735FEC1C87F99D4B6EBDAED6462A011B c:\windows\system32\powrprof.dll
[7] 2008-04-14 16:01 17408 735FEC1C87F99D4B6EBDAED6462A011B c:\windows\system32\dllcache\cache\powrprof.dll

[7] 2004-08-17 14:47 110080 35F7E50DB7BDD9AA2A5D28A9DFD1D962 c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 16:01 110080 6E5A3201108373030B83DDE829F6E53B c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 16:01 110080 6E5A3201108373030B83DDE829F6E53B c:\windows\system32\imm32.dll
[7] 2008-04-14 16:01 110080 6E5A3201108373030B83DDE829F6E53B c:\windows\system32\dllcache\cache\imm32.dll

[7] 2004-08-17 14:47 1548288 D8846BDADD422E8BA89561C1530CB4BC c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 16:01 1571840 B3F79A7FEA348313717DCB795C3DD205 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 16:01 1571840 B3F79A7FEA348313717DCB795C3DD205 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 16:01 1571840 B3F79A7FEA348313717DCB795C3DD205 c:\windows\system32\dllcache\sfcfiles.dll
[7] 2008-04-14 16:01 1571840 B3F79A7FEA348313717DCB795C3DD205 c:\windows\system32\dllcache\cache\sfcfiles.dll

[7] 2004-08-17 14:46 172544 B39106BB9AEDBCAE26DE8950A09B8A78 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 16:01 172544 0326A8C356DD42048F61CA6128D0B32F c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 16:01 172544 0326A8C356DD42048F61CA6128D0B32F c:\windows\system32\appmgmts.dll
[7] 2008-04-14 16:01 172544 0326A8C356DD42048F61CA6128D0B32F c:\windows\system32\dllcache\appmgmts.dll
[7] 2008-04-14 16:01 172544 0326A8C356DD42048F61CA6128D0B32F c:\windows\system32\dllcache\cache\appmgmts.dll

[7] 2004-08-17 14:30 24960 059B59B694DBB143A5B627187C9D8860 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-14 15:40 24960 51D3342D1A0C19605095405352BB009B c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 15:40 24960 51D3342D1A0C19605095405352BB009B c:\windows\system32\dllcache\kbdclass.sys
[7] 2008-04-14 15:40 24960 51D3342D1A0C19605095405352BB009B c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-14 15:40 24960 51D3342D1A0C19605095405352BB009B c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_14.50.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 17:12 . 2009-06-24 17:12 16384 c:\windows\temp\Perflib_Perfdata_7c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-12 951624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Ind¡t¢pult\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-6-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2008.06.13. 10:02 12856]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.06.12. 11:56 15160]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2007.12.05. 19:26 222336]
S2 Poweroff;Poweroff;"c:\windows\system32\poweroff.exe" -service --> c:\windows\system32\poweroff.exe [?]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 188IR;WORLD ADS-188IR IrDA Adapter;c:\windows\system32\drivers\188IR.sys [2007.12.08. 11:24 29076]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2007.12.07. 21:12 23936]
S3 MouseCmn;Mouse Driver;c:\windows\system32\DRIVERS\Ms2KFlt.sys --> c:\windows\system32\DRIVERS\Ms2KFlt.sys [?]
S3 scsiscan;SCSI-képolvasó illesztoprogramja;c:\windows\system32\drivers\scsiscan.sys [2008.06.27. 7:56 11520]
S3 SDTHelper;Helper driver for SDT-Tool;\??\c:\documents and settings\Kátai\Asztal\radix_installer_trial\sdthlpr.sys --> c:\documents and settings\Kátai\Asztal\radix_installer_trial\sdthlpr.sys [?]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008.05.16. 12:48 61536]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007.12.08. 19:21 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007.12.08. 19:18 85696]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool...
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hivatkozási cél konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Hivatkozási cél konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Kijelölt hivatkozások konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Kijelölt hivatkozások konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Kijelölés konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Kijelölés konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konvertálás Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konvertálás létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: MediaManager tool grab multimedia file
LSP: c:\windows\system32\imon.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:12
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="086FB50891E57CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A9C6AECB7A5D14077AD623E293DCB30D539631FAAC8143886CFEC5FA654E0CD3F02092434B943FF703F01C81137526F7D4861C9ADE246D9190DCACA3C9B232EE14A94170CAEEE9867448F62965D298795B2B307829055301AA630143036113F7F93B6AF7DE9C5CEC5BD5E7DF14F2B1BCF6EB4D95AAE15A4FEE8F70F3E7FA71D29C8127AA32C1539219989551C0184A570E3BC69497BF16D8E9E01BF2606440C2CEAC070103C13F48E0901C4C9CC7EF405B88653F38E3D25EF9D9181FE9C5A47332F10B132445443F3CC40844EE4DE2526A4BE480E9DA0E84D083ED7E168A7C703F892A1FF9BABA0E093FDE4E15B61CCE9F00F4689B73FA5277E89B3A09E3D6AB41B0CC870053B02E778B97A67DD441562FA1B92A53C080B54699909F7DC477FAD8A75252468364008BBC9BAC2A3E32F12336CB9F271A387E6DA8B21E4166D417F8338B28EA84CBC49EE8CA61B3CEFE0E5943B642C31AF0E0EF2FDB4C34C41B9D699C40D728538E24DC28776E45226E7804D37A33EA20ADF523485761CB9FA910C72F29D2C6B18A26489A699B9D1DF86428F50C366FCFA4B9B313E63C11F994D301BCF330A425CEBA355EDBDA8FE34D6AA0BB52B3BB10400B9EB2405BA21EA233D91944283475A1B34C1D7E3D84604D8599BC2936498C9F3138518BE53097CF59EB9D2F9AFB3079C78A7DF179F4C10C941614E16FA9B213D22617662400B5CB59A0A6BD07962804123FADCF6B727955DBEA5FBFB201B725FCE33760026B0EF929B8947095B16FA28F116021121EBFA50243C1F97688918C1FBF6301915FF7F0A0484D370F8F626724F74BE68FB18BAF929B61BE580BFA3A0F5D523F07DC0FFD7EB6B77860861B1D9441A6122B771DD7FC47E92C9769754F8332C10ABBF8B39F6240C10F9D81FD400D0CB10BCFCD76B7156A88561818C0239A8970C0ABDE8A0954F2DA487B7EAD7F1BCFACAB0C295E9C917E71C6619F663F53032238F8C9FBA2BBB479E5541014C031535EC41410DC090E535B77209BB163148F1D3AE70B338766BC141EA5DADE1CA4341018BC9DC0328B0A7F5B243DB002A27830846289A1070516291C119AFEDE31E20FDD02821D80EA179DD2E1C737402D56A747F2BC7925AEA1B77C5D9EA8097523AC3E04004893754577B86F93DA7A4398D9A64D333518DB1346D273C556CEF290C05B036F5B3BD43254D70A0EF8BE5A031DBD448D0F4E6A70DCA2E20A44189015A1C768BA357D1A507EEF11B5AFCDC82A4C18D18188E31C178769DB74748398F230883DE1F6943763453689A06220CDFBC83712D865AE14B6579134A1ABDF3ABE4C9AB1F608EC8507"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-06-24 19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 17:22
ComboFix2.txt 2009-06-24 14:55

Pre-Run: 13 550 731 264 bájt szabad
Post-Run: 13 505 564 672 bájt szabad

372 --- E O F --- 2009-06-24 14:31

eztet felejds ell hogy irtam,hoszu sornak hagy beket,csak azer irtam mert szet huzta a forum ablakat hogy torold ki a combofixed logjabolll
Azt a hosszú sort töröljem amit elöbb írtam? és a többit tegyem a piros txt mögé??




tehat lemented a notepadot a piros textel az asztalra mint minden fajlo
a neve CFScript.txt es megfogod az egerel es beledobod a combofixbe ugy ahogy van es varod a logot,ha kelesz bele egyezel,,

Addig értem, hogy kinyitom a notepadot és bemásolom a piros txt. meg majd a mentést és a többit értem de a lényeget még mindig nem. Ne haragudj.
Azt a hosszú sort töröljem amit elöbb írtam? és a többit tegyem a piros txt mögé?? Vagy a törölt rész helyére???????????


Légyszi fogalmazz másképp, mert nem fogom fel és nem szeretnék hülyeséget csinálni....ezért is kérdezek 55* vissza

Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a notepadba piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide-maskep nemtudom leirni,

Hú de hülyének érzem magam
Ezt töröljem?
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="086FB50891E57CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A9C6AECB7A5D14077AD623E293DCB30D539631FAAC8143886CFEC5FA654E0CD3F02092434B943FF703F01C81137526F7D4861C9ADE246D9190DCACA3C9B232EE14A94170CAEEE9867448F62965D298795B2B307829055301AA630143036113F7F93B6AF7DE9C5CEC5BD5E7DF14F2B1BCF6EB4D95AAE15A4FEE8F70F3E7FA71D29C8127AA32C1539219989551C0184A570E3BC69497BF16D8E9E01BF2606440C2CEAC070103C13F48E0901C4C9CC7EF405B88653F38E3D25EF9D9181FE9C5A47332F10B132445443F3CC40844EE4DE2526A4BE480E9DA0E84D083ED7E168A7C703F892A1FF9BABA0E093FDE4E15B61CCE9F00F4689B73FA5277E89B3A09E3D6AB41B0CC870053B02E778B97A67DD441562FA1B92A53C080B54699909F7DC477FAD8A75252468364008BBC9BAC2A3E32F12336CB9F271A387E6DA8B21E4166D417F8338B28EA84CBC49EE8CA61B3CEFE0E5943B642C31AF0E0EF2FDB4C34C41B9D699C40D728538E24DC28776E45226E7804D37A33EA20ADF523485761CB9FA910C72F29D2C6B18A26489A699B9D1DF86428F50C366FCFA4B9B313E63C11F994D301BCF330A425CEBA355EDBDA8FE34D6AA0BB52B3BB10400B9EB2405BA21EA233D91944283475A1B34C1D7E3D84604D8599BC2936498C9F3138518BE53097CF59EB9D2F9AFB3079C78A7DF179F4C10C941614E16FA9B213D22617662400B5CB59A0A6BD07962804123FADCF6B727955DBEA5FBFB201B725FCE33760026B0EF929B8947095B16FA28F116021121EBFA50243C1F97688918C1FBF6301915FF7F0A0484D370F8F626724F74BE68FB18BAF929B61BE580BFA3A0F5D523F07DC0FFD7EB6B77860861B1D9441A6122B771DD7FC47E92C9769754F8332C10ABBF8B39F6240C10F9D81FD400D0CB10BCFCD76B7156A88561818C0239A8970C0ABDE8A0954F2DA487B7EAD7F1BCFACAB0C295E9C917E71C6619F663F53032238F8C9FBA2BBB479E5541014C031535EC41410DC090E535B77209BB163148F1D3AE70B338766BC141EA5DADE1CA4341018BC9DC0328B0A7F5B243DB002A27830846289A1070516291C119AFEDE31E20FDD02821D80EA179DD2E1C737402D56A747F2BC7925AEA1B77C5D9EA8097523AC3E04004893754577B86F93DA7A4398D9A64D333518DB1346D273C556CEF290C05B036F5B3BD43254D70A0EF8BE5A031DBD448D0F4E6A70DCA2E20A44189015A1C768BA357D1A507EEF11B5AFCDC82A4C18D18188E31C178769DB74748398F230883DE1F6943763453689A06220CDFBC83712D865AE14B6579134A1ABDF3ABE4C9AB1F608EC8507"

A system* sor is kell?
Amit te leírtál piros texet tegyem ennek a helyére?

torold ki a combofix logjabol ezt a hoszu sort
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="086FB50891E57CFEBC9E127BECC74C
mert elvite job oldalra a piros textet,akor majd meglatod mitt kel bemasolnod a notepadba

Na ezt nem értem...bocsi
Kinyitottam a notepadot, másoljam be az első 4 sort és azt mentsem el CFScript.txt névvel?
bocsi

ha mar cserelsz akor az avirat rakd fell
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet


Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide es ird le hogy viselkedik a gep,

leszedem ezt a nod32, amúgy sem szeretem, de a netbeállítók ezt tették fel...visszateszem ide is az avastot. Vagy először várjam meg míg helyrepofozzuk a gépet?

Nem értem eddig ezt a nagy szürkeséges lefagyással még nem találkoztam, ennél is ezt csinálta, de szerencsére csak a végén amikor kidobta a txt. Miért csinálja ezt?

ComboFix 09-06-23.01 - Kátai 009.06.24. 16:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1038.18.247.106 [GMT 2:00]
Running from: c:\documents and settings\Kátai\Asztal\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 11:45 . 2009-06-24 11:45 -------- dc----w- C:\_OTM
2009-06-24 10:02 . 2009-06-24 10:23 -------- dc----w- c:\program files\trend micro
2009-06-24 10:02 . 2009-06-24 10:23 -------- dc----w- C:\rsit
2009-06-22 14:11 . 2009-06-22 14:11 -------- dc----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-22 13:13 . 2009-06-22 14:33 -------- dc----w- C:\Games
2009-06-22 12:33 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-22 12:33 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-22 12:32 . 2009-06-22 12:32 -------- dc----w- c:\program files\Ashampoo
2009-06-22 11:01 . 2009-02-09 11:26 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-22 11:01 . 2009-02-09 10:54 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-22 11:01 . 2009-02-09 10:54 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-22 11:01 . 2009-02-09 10:54 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-22 11:01 . 2009-02-09 10:54 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-22 11:01 . 2009-02-09 10:54 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-22 11:01 . 2009-02-09 10:54 721408 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-22 10:07 . 2009-06-22 10:07 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-22 09:21 . 2005-11-08 22:26 38400 ----a-w- c:\windows\system32\moveex.exe
2009-06-20 18:05 . 2009-06-20 18:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Grey Alien Games
2009-06-17 10:03 . 2009-06-17 10:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 10:02 . 2009-06-17 10:02 -------- dc----w- c:\program files\Java
2009-06-16 15:17 . 2009-06-16 15:34 -------- dc----w- c:\program files\MSN Messenger
2009-06-13 12:26 . 2003-10-22 05:24 200704 ----a-r- c:\windows\sel3110.exe
2009-06-13 12:26 . 2003-10-22 05:24 40960 ----a-r- c:\windows\CleanDev.exe
2009-06-13 12:26 . 2003-10-22 05:23 307200 ----a-r- c:\windows\vidcap32.exe
2009-06-13 12:26 . 2003-10-22 05:24 174530 ----a-r- c:\windows\system32\drivers\ov519vid.sys
2009-06-13 12:26 . 2003-10-22 05:24 25211 ----a-r- c:\windows\system32\drivers\ov519cmd.sys
2009-06-13 12:26 . 2003-10-22 05:24 40960 ----a-r- c:\windows\system32\ov519ext.dll
2009-06-13 12:26 . 2003-10-22 05:24 16426 ----a-r- c:\windows\system32\ov519usd.dll
2009-06-13 12:15 . 2009-06-13 12:15 -------- dc----w- c:\program files\uTorrent
2009-06-12 09:56 . 2009-06-12 09:55 300352 ----a-w- c:\windows\system32\imon.dll
2009-06-12 09:56 . 2009-06-12 09:55 511832 ----a-w- c:\windows\system32\drivers\amon.sys
2009-06-12 09:56 . 2009-06-12 09:55 15160 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-06-12 09:55 . 2009-06-24 11:40 -------- dc----w- c:\program files\ESET
2009-06-12 09:31 . 2009-06-12 09:31 -------- dc----w- c:\program files\D-Link AirPlus
2009-06-12 09:29 . 2003-09-02 06:33 40636 ----a-r- c:\windows\system\WLANGEN.bin
2009-06-12 09:29 . 2003-07-27 02:02 964 ----a-r- c:\windows\system32\drivers\RADIO11.bin
2009-06-12 09:29 . 2003-07-27 02:02 964 ----a-r- c:\windows\system\RADIO11.bin
2009-06-12 09:29 . 2003-07-25 02:24 936 ----a-r- c:\windows\system\RADIO0d.bin
2009-06-12 09:29 . 2003-05-18 11:04 912 ----a-r- c:\windows\system32\drivers\RADIO15.bin
2009-06-12 09:29 . 2003-05-18 11:04 912 ----a-r- c:\windows\system\RADIO15.bin
2009-06-12 09:29 . 2003-09-08 08:06 255360 ----a-r- c:\windows\system32\drivers\AIRPLUS.sys
2009-06-12 09:29 . 2003-09-02 06:33 40636 ----a-r- c:\windows\system32\drivers\WLANGEN.bin
2009-06-12 09:29 . 2003-07-25 02:24 936 ----a-r- c:\windows\system32\drivers\RADIO0d.bin
2009-06-11 17:35 . 2009-06-11 17:35 -------- dc----w- c:\program files\Microsoft
2009-06-11 17:34 . 2009-06-13 13:06 -------- dc----w- c:\program files\Windows Live
2009-06-11 17:28 . 2009-06-11 17:28 -------- dc----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:45 . 2001-10-26 12:00 86566 ----a-w- c:\windows\system32\perfc00E.dat
2009-06-24 11:45 . 2001-10-26 12:00 401438 ----a-w- c:\windows\system32\perfh00E.dat
2009-06-22 13:51 . 2007-12-06 18:18 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-22 12:45 . 2008-12-31 11:47 -------- dc----w- c:\program files\RSL
2009-06-22 09:57 . 2008-12-15 11:46 -------- dcsh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-15 09:11 . 2008-04-05 07:19 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-15 08:53 . 2008-04-14 08:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-12 09:31 . 2007-12-06 14:20 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:34 . 2004-08-17 14:47 348160 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-08-17 14:47 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-17 14:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:51 . 2004-08-17 14:30 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:55 . 2004-08-17 14:47 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-12 951624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Ind¡t¢pult\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-6-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2008.06.13. 10:02 12856]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.06.12. 11:56 15160]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2007.12.05. 19:26 222336]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 188IR;WORLD ADS-188IR IrDA Adapter;c:\windows\system32\drivers\188IR.sys [2007.12.08. 11:24 29076]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2007.12.07. 21:12 23936]
S3 MouseCmn;Mouse Driver;c:\windows\system32\DRIVERS\Ms2KFlt.sys --> c:\windows\system32\DRIVERS\Ms2KFlt.sys [?]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\Multi Password Recovery\mpr_freader.sys --> c:\program files\Multi Password Recovery\mpr_freader.sys [?]
S3 scsiscan;SCSI-képolvasó illesztoprogramja;c:\windows\system32\drivers\scsiscan.sys [2008.06.27. 7:56 11520]
S3 SDTHelper;Helper driver for SDT-Tool;\??\c:\documents and settings\Kátai\Asztal\radix_installer_trial\sdthlpr.sys --> c:\documents and settings\Kátai\Asztal\radix_installer_trial\sdthlpr.sys [?]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008.05.16. 12:48 61536]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007.12.08. 19:21 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007.12.08. 19:18 85696]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Optimalizálás.job
- c:\program files\Ashampoo\Ashampoo WinOptimizer 6\WO6.exe [2009-06-22 12:24]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool...
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Hivatkozási cél konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Hivatkozási cél konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Kijelölt hivatkozások konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Kijelölt hivatkozások konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Kijelölés konvertálása Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Kijelölés konvertálása létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Konvertálás Adobe PDF formátumúra - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Konvertálás létezo PDF fájlba - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: MediaManager tool grab multimedia file
LSP: c:\windows\system32\imon.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 16:50
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="086FB50891E57CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A9C6AECB7A5D14077AD623E293DCB30D539631FAAC8143886CFEC5FA654E0CD3F02092434B943FF703F01C81137526F7D4861C9ADE246D9190DCACA3C9B232EE14A94170CAEEE9867448F62965D298795B2B307829055301AA630143036113F7F93B6AF7DE9C5CEC5BD5E7DF14F2B1BCF6EB4D95AAE15A4FEE8F70F3E7FA71D29C8127AA32C1539219989551C0184A570E3BC69497BF16D8E9E01BF2606440C2CEAC070103C13F48E0901C4C9CC7EF405B88653F38E3D25EF9D9181FE9C5A47332F10B132445443F3CC40844EE4DE2526A4BE480E9DA0E84D083ED7E168A7C703F892A1FF9BABA0E093FDE4E15B61CCE9F00F4689B73FA5277E89B3A09E3D6AB41B0CC870053B02E778B97A67DD441562FA1B92A53C080B54699909F7DC477FAD8A75252468364008BBC9BAC2A3E32F12336CB9F271A387E6DA8B21E4166D417F8338B28EA84CBC49EE8CA61B3CEFE0E5943B642C31AF0E0EF2FDB4C34C41B9D699C40D728538E24DC28776E45226E7804D37A33EA20ADF523485761CB9FA910C72F29D2C6B18A26489A699B9D1DF86428F50C366FCFA4B9B313E63C11F994D301BCF330A425CEBA355EDBDA8FE34D6AA0BB52B3BB10400B9EB2405BA21EA233D91944283475A1B34C1D7E3D84604D8599BC2936498C9F3138518BE53097CF59EB9D2F9AFB3079C78A7DF179F4C10C941614E16FA9B213D22617662400B5CB59A0A6BD07962804123FADCF6B727955DBEA5FBFB201B725FCE33760026B0EF929B8947095B16FA28F116021121EBFA50243C1F97688918C1FBF6301915FF7F0A0484D370F8F626724F74BE68FB18BAF929B61BE580BFA3A0F5D523F07DC0FFD7EB6B77860861B1D9441A6122B771DD7FC47E92C9769754F8332C10ABBF8B39F6240C10F9D81FD400D0CB10BCFCD76B7156A88561818C0239A8970C0ABDE8A0954F2DA487B7EAD7F1BCFACAB0C295E9C917E71C6619F663F53032238F8C9FBA2BBB479E5541014C031535EC41410DC090E535B77209BB163148F1D3AE70B338766BC141EA5DADE1CA4341018BC9DC0328B0A7F5B243DB002A27830846289A1070516291C119AFEDE31E20FDD02821D80EA179DD2E1C737402D56A747F2BC7925AEA1B77C5D9EA8097523AC3E04004893754577B86F93DA7A4398D9A64D333518DB1346D273C556CEF290C05B036F5B3BD43254D70A0EF8BE5A031DBD448D0F4E6A70DCA2E20A44189015A1C768BA357D1A507EEF11B5AFCDC82A4C18D18188E31C178769DB74748398F230883DE1F6943763453689A06220CDFBC83712D865AE14B6579134A1ABDF3ABE4C9AB1F608EC8507"
.
Completion time: 2009-06-24 16:55
ComboFix-quarantined-files.txt 2009-06-24 14:55

Pre-Run: 13 533 401 088 bájt szabad
Post-Run: 13 521 395 712 bájt szabad

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /FASTDETECT
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=JOCDG3-BAK

183 --- E O F --- 2009-06-24 14:31

Ok átmegyek egy másik témához.

bernard
nyis uj temat,mert it mar sokan lesztek es futasd le a malwarebytes programot a logot ted oda,
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229/

Sziasztok!
Látom nagy munkában vagytok, de ismét a segítségedet kérném Stell. Ma felraktam a gépemre a superantispyware nevű progit. Elindítottam a keresőjét, de a keresés közben megfagyott a gép. Újra kellet indítani, de ezután nem akart normálisan indulni, csak akkor, ha az utolsó helyes működési állapotra állítottam vissza. Ezután leszedtem a programot. Megjegyzem a keresés közben voltak találatai kb. 4 db fertőzést írt ki. Pár percig használtam és ismét lefagyott, és csak nagy nehezen ismét a rendszer vissza állítással sikerült csak elindítani a windowst? Ha lesz időd légyszíves válaszolj, mert tanácstalan vagyok.

kapcsold ki es ujra kapcsold be ,es futasd le a combofixet,

El kellett közben mennem, de már itt vagyok. Igen a bal oldalra írtam be, de megismételtem. Kiírta a jobb oldalra hogy "All processed killed" aztán elszürkült az egész gép és innentől semmi......ctrl+Alt+Delt sem reagált (most).

a baloldali ablakba masoltad e be-??masold be megegyszer es klik moveit,,amit ad ted ide,

Szia!
Amikor leszedtem a nod vírusért sikított, de kikapcsoltam a nodot és leszedtem, futtattam és bemásoltam és klikk moveit.... elszürkült minden csak az ujraindítás segített... Most mi van?? Én bakiztam?

egal
ezeket a fajlokt lekel tesztelni a virustotalon-klik-prochazet-kuldes-teszteles es az eredmenyt-linkeket ide tenni,ha mar volt tesztelve-kiirja akor ujbol tesztelni
c:\windows\system32\wininet.dll
c:\windows\is-6S6NJ.exe
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\sfcfiles.dll
VIRUSTOTALu

egal
igen at nezem,,es majd ide irom hogy mi a teendo, egy kicsit keveredni foftok a kataiandi val -de valahogy megoldjuk,,
kataiandi
http://oldtimer.geekstogo.com/OTM.exe
most csinald eztet,leszedjuk a defendert meg egypar dogot,,
tolds le az otmovet programot,ted az asztalra-futasd-masold be az ablakba a zold[piros]textet es klik-moveit-amit majd add ted ide,

ComboFix 09-06-23.01 - Rendszergazda 009.06.24. 12:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.958.652 [GMT 2:00]
Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\kl1.sys
.
---- Previous Run -------
.
c:\windows\regedit.com
c:\windows\system32\drivers\bqgwjjil.sys
c:\windows\system32\setting.ini
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_czduyxa


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 09:37 . 2009-06-24 09:37 -------- d-----w- c:\windows\system32\dllcache\cache
2009-06-24 09:34 . 2009-06-24 09:34 -------- d-----w- c:\windows\system32\wbem\snmp
2009-06-24 09:33 . 2009-06-24 09:33 -------- d-----w- c:\windows\system32\xircom
2009-06-24 09:33 . 2009-06-24 09:37 -------- d-sh--w- c:\windows\system32\dllcache
2009-06-24 09:33 . 2009-06-24 09:33 -------- d-----w- c:\program files\microsoft frontpage
2009-06-24 08:06 . 2009-06-24 08:06 -------- d-----w- c:\program files\Xvid
2009-06-24 08:06 . 2009-06-24 08:06 -------- d-----w- c:\program files\AC3Filter
2009-06-24 08:05 . 2009-06-24 08:05 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\Thinstall
2009-06-24 08:05 . 2009-06-24 08:05 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Thinstall
2009-06-23 21:10 . 2009-06-23 21:10 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-23 21:07 . 2009-06-23 21:07 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-23 21:07 . 2009-06-23 21:07 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-23 21:07 . 2009-06-23 21:07 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-23 21:07 . 2008-04-14 09:02 140288 ----a-w- c:\windows\system32\T.COM
2009-06-23 21:07 . 2008-04-14 09:02 152576 ----a-w- c:\windows\R.COM
2009-06-23 21:07 . 2009-06-23 21:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-23 21:07 . 2009-06-23 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-06-23 09:30 . 2001-10-26 15:01 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-23 09:30 . 2008-04-13 07:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-20 17:26 . 2009-06-20 17:26 -------- d-----w- c:\program files\TeamViewer
2009-06-20 17:26 . 2009-06-20 17:26 -------- d-----w- c:\documents and settings\Rendszergazda\temp
2009-06-20 16:17 . 2009-06-20 16:17 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 14:48 . 2009-06-19 14:48 -------- d-----w- c:\program files\4shared Desktop
2009-06-19 14:44 . 2009-06-23 10:22 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\4shared Desktop
2009-06-19 14:25 . 2009-06-19 14:25 -------- d-----w- c:\program files\MOJOSOFT
2009-06-19 14:25 . 2009-06-19 14:25 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\mojosoft
2009-06-11 08:27 . 2009-06-11 08:27 673792 ----a-w- c:\windows\is-6S6NJ.exe
2009-06-11 08:27 . 2009-06-06 10:00 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-10 09:59 . 2009-06-10 09:59 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\vlc
2009-06-10 09:16 . 2009-06-10 09:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-10 08:36 . 2009-06-10 08:36 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-08 09:05 . 2009-06-08 09:07 -------- d-----w- c:\documents and settings\Rendszergazda\.smplayer
2009-06-06 13:29 . 2009-06-06 13:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-06 13:28 . 2009-06-06 13:28 152576 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-06 13:16 . 2009-06-06 13:16 -------- d-----w- c:\windows\Sun
2009-06-06 11:54 . 2008-04-14 09:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-05 14:21 . 2009-06-05 14:02 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 14:17 . 2009-06-05 14:17 -------- d-----w- c:\documents and settings\LocalService\Asztal
2009-06-05 14:02 . 2009-06-05 14:02 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 14:02 . 2009-06-05 14:02 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 14:01 . 2009-06-05 14:01 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 14:01 . 2009-06-05 14:01 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-05 14:01 . 2009-06-05 14:01 1865064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe
2009-06-05 13:59 . 2009-06-05 13:59 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-05 13:42 . 2009-06-05 14:03 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-05 13:42 . 2009-06-05 13:59 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-05 13:42 . 2009-06-05 13:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-05 13:42 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-05 13:42 . 2009-06-05 13:42 -------- d-----w- c:\program files\Lavasoft
2009-06-04 19:28 . 2009-06-04 19:28 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Nero
2009-06-04 19:27 . 2009-06-04 19:27 -------- d-----w- c:\windows\QuickLaunch
2009-06-03 17:20 . 2008-04-13 07:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-03 17:20 . 2008-04-13 07:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-03 17:20 . 2008-04-13 07:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-03 17:20 . 2008-04-13 07:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-03 17:20 . 2008-04-13 07:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-03 17:20 . 2008-04-13 07:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-03 17:20 . 2008-04-13 07:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-03 17:20 . 2008-04-14 05:02 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-03 17:20 . 2008-04-13 07:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-06-03 17:20 . 2008-04-13 07:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-03 13:07 . 2009-06-24 07:58 -------- d-----w- C:\Downloads
2009-06-03 13:07 . 2009-06-22 11:31 -------- d-----w- c:\program files\RSL
2009-06-03 03:18 . 2009-06-17 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 20:00 . 2009-06-02 20:03 -------- d-----w- c:\program files\uTorrent
2009-06-02 20:00 . 2009-06-23 09:07 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\uTorrent
2009-06-02 14:03 . 2009-06-02 14:03 118272 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\ppp.dll
2009-06-02 14:03 . 2009-06-02 14:03 92672 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\dhcp.dll
2009-06-02 13:58 . 2009-06-02 13:58 210432 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\wlan2.dll
2009-06-02 13:58 . 2009-06-02 13:58 10752 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\system.dll
2009-06-02 13:58 . 2009-06-02 13:58 719360 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\secure.dll
2009-06-02 13:58 . 2009-06-02 13:58 73728 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\advtool.dll
2009-06-02 13:58 . 2009-06-02 13:58 1262080 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik\Winbox\ns2.9.38\roteros.dll
2009-06-02 13:57 . 2009-06-02 13:57 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Mikrotik
2009-06-02 13:34 . 2009-06-20 17:26 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\TeamViewer
2009-06-01 17:54 . 2009-06-01 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-01 17:52 . 2009-06-01 17:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-01 13:55 . 2009-06-01 13:55 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Malwarebytes
2009-06-01 13:55 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 13:55 . 2009-06-20 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 13:55 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-01 13:55 . 2009-06-01 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 13:16 . 2009-06-10 09:15 -------- d-----w- C:\tk
2009-06-01 13:08 . 2009-06-24 10:43 -------- d-----w- c:\documents and settings\Rendszergazda\Tracing
2009-06-01 13:07 . 2009-06-01 13:07 -------- d-----w- c:\program files\Microsoft
2009-06-01 13:07 . 2009-06-01 13:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-01 13:06 . 2009-06-01 13:07 -------- d-----w- c:\program files\Windows Live
2009-06-01 12:54 . 2009-06-01 12:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-01 12:53 . 2009-06-01 12:53 65376 ----a-w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 12:51 . 2009-06-01 12:51 -------- d-----w- c:\program files\Classic Menu for Office
2009-06-01 12:51 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2009-06-01 12:49 . 2009-06-01 12:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-01 12:48 . 2009-06-01 12:48 -------- d-----w- c:\program files\Microsoft.NET
2009-06-01 12:42 . 2009-06-01 12:42 -------- d-----w- c:\program files\Microsoft Games
2009-06-01 12:42 . 2007-02-18 16:23 61440 ----a-w- c:\windows\system32\Vista.Emulation.dll
2009-06-01 12:02 . 2009-06-01 12:02 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\Microsoft Help
2009-06-01 12:02 . 2009-06-01 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-01 12:00 . 2009-06-01 12:00 -------- d--h--r- C:\MSOCache
2009-06-01 11:56 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2009-06-01 11:56 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2009-06-01 11:56 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2009-06-01 11:56 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2009-06-01 11:56 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2009-06-01 11:56 . 2009-06-04 19:27 -------- d-----w- c:\program files\Nero
2009-06-01 11:56 . 2009-06-01 11:57 -------- d-----w- c:\program files\Common Files\Nero
2009-06-01 11:56 . 2009-06-01 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-01 11:52 . 2009-06-03 13:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Media Player Classic
2009-06-01 11:49 . 2009-06-01 11:51 -------- d-----w- c:\program files\QuickTime
2009-06-01 11:47 . 2009-06-01 11:47 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\Apple Computer
2009-06-01 11:45 . 2009-06-01 11:51 -------- d-----w- c:\program files\VistaCodecPack
2009-06-01 11:43 . 2009-06-07 07:54 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\Adobe
2009-06-01 11:41 . 2009-06-01 11:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 11:39 . 2009-06-01 11:43 -------- d-----w- c:\windows\regs
2009-06-01 11:32 . 2009-06-01 11:32 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 11:32 . 2009-06-01 11:32 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\Mozilla
2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\program files\VideoLAN
2009-06-01 11:28 . 2009-06-01 11:29 -------- d-----w- c:\program files\SMPlayer
2009-06-01 11:25 . 2009-06-01 11:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-01 11:25 . 2009-06-24 09:37 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\skypePM
2009-06-01 11:23 . 2009-06-24 10:34 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Skype
2009-06-01 11:23 . 2009-06-01 11:23 -------- d-----w- c:\program files\Common Files\Skype
2009-06-01 11:23 . 2009-06-01 11:23 -------- d-----r- c:\program files\Skype
2009-06-01 11:23 . 2009-06-01 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-01 11:22 . 2008-04-13 09:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-06-01 11:22 . 2008-04-13 07:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 10:43 . 2009-06-01 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-24 10:41 . 2009-06-01 10:27 507936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-24 10:41 . 2009-06-01 10:27 4912 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-24 10:41 . 2009-06-01 10:27 2440736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-24 10:41 . 2009-06-01 10:27 22244 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-20 16:29 . 2009-06-20 16:29 1022 ----a-w- c:\program files\wndqrfk.txt
2009-06-14 16:06 . 2008-05-07 01:18 91182 ----a-w- c:\windows\system32\perfc00E.dat
2009-06-14 16:06 . 2008-05-07 01:18 409494 ----a-w- c:\windows\system32\perfh00E.dat
2009-06-06 13:28 . 2009-06-01 09:33 -------- d-----w- c:\program files\Java
2009-06-06 10:00 . 2008-06-12 18:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-02 09:40 . 2009-06-01 09:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 03:31 . 2009-06-01 09:36 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Desktopicon
2009-06-02 03:29 . 2009-06-01 09:33 -------- d-----w- c:\documents and settings\Default User\Application Data\Desktopicon
2009-06-02 03:28 . 2009-06-01 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-01 11:44 . 2009-06-01 11:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\VistaCodecs
2009-06-01 10:55 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-01 10:55 . 2009-06-01 10:27 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-01 10:55 . 2009-06-01 10:27 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-01 10:55 . 2009-06-01 10:55 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-01 10:55 . 2009-06-01 10:55 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-01 10:55 . 2009-06-01 10:55 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-01 10:34 . 2005-06-01 21:41 65536 ----a-w- c:\windows\TransBar.exe
2009-06-01 10:27 . 2009-06-01 10:27 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-01 10:25 . 2009-06-01 09:40 -------- d-----w- c:\program files\Alwil Software
2009-06-01 09:38 . 2009-06-01 09:38 136 ----a-w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\fusioncache.dat
2009-06-01 09:33 . 2009-06-01 09:33 -------- d-----w- c:\program files\TinyPDF
2009-06-01 09:33 . 2009-06-01 09:33 -------- d-----w- c:\program files\Unlocker
2009-06-01 09:33 . 2009-06-01 09:33 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-01 09:33 . 2009-06-01 09:33 -------- d-----w- c:\program files\Common Files\Java
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-01 09:32 . 2009-06-01 09:36 10134 ----a-r- c:\documents and settings\Rendszergazda\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
2009-06-01 09:32 . 2009-06-01 09:32 10134 ----a-r- c:\documents and settings\Default User\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-01 09:29 . 2009-06-01 09:29 -------- d-----w- c:\program files\AutoIt3
2009-06-01 09:25 . 2009-06-01 09:25 21948 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-01 09:24 . 2009-06-01 09:24 -------- d-----w- c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

[-] 2008-05-07 01:35 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\system32\wininet.dll

[-] 2008-05-07 02:16 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-07 01:36 1571840 2993C2DF98A2D6D9896E0AB24946F972 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-24_09.35.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 10:25 . 2009-06-24 10:25 16384 c:\windows\Temp\Perflib_Perfdata_3cc.dat
+ 2009-06-24 10:42 . 2009-06-24 10:42 16384 c:\windows\Temp\Perflib_Perfdata_3c4.dat
+ 2009-06-24 09:37 . 2008-04-14 09:02 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-24 09:37 . 2008-04-14 09:02 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-24 09:37 . 2008-04-14 09:02 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-24 09:37 . 2008-04-14 08:40 24960 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-24 09:37 . 2008-04-13 11:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-24 09:37 . 2008-04-14 09:02 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 112128 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 509952 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-24 09:37 . 2008-04-14 09:02 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-24 09:37 . 2008-04-14 09:02 296960 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-24 09:37 . 2008-04-14 09:02 109056 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-24 09:37 . 2008-04-13 12:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-24 09:37 . 2008-04-14 09:01 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-24 09:37 . 2008-04-14 09:01 172544 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-24 09:37 . 2008-04-14 08:43 2190464 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-24 09:37 . 2008-05-07 02:21 2067328 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-24 09:37 . 2008-04-14 09:01 1008128 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-24 09:37 . 2008-04-14 09:02 1035776 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RapidShareLetolto"="c:\program files\RSL\RSL.exe" [2009-02-03 4416512]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Activecaptions"="c:\windows\activecaptions.exe" [2005-11-14 337408]
"AllSnap"="c:\windows\allsnap.exe" [2006-11-14 81920]
"Transbar"="c:\windows\transbar.exe" [2009-06-01 65536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-01 206088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-19 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-06-10 1337344]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-05-15 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"AfterPost"="c:\windows\afterpost.cmd" [2008-07-22 2553]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-07 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Rendszergazda\\Asztal\\winbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008.01.29. 17:29 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009.06.05. 15:42 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009.01.18. 23:34 1003344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008.04.30. 17:06 24592]
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportálás a Microsoft Excel programba - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\9xeondmk.default\
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 12:43
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(640)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-06-24 12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 10:46

Pre-Run: 3 253 780 480 bájt szabad
Post-Run: 3 241 218 048 bájt szabad

326

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:55, on 2009.06.24.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\activecaptions.exe
C:\WINDOWS\allsnap.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RSL\RSL.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rendszergazda\Asztal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Activecaptions] "C:\WINDOWS\activecaptions.exe"
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe"
O4 - HKLM\..\Run: [Transbar] "C:\WINDOWS\transbar.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RapidShareLetolto] C:\Program Files\RSL\RSL.exe tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6369 bytes

hello

ismerősőm is Szlovákiai egy idősebb úr nem nagyon ért a szgéphez ezért próbálok neki segíteni. A baj csak az, hogy 300 km re van tőlem igy távsegitségen keresztül próbálok neki segiteni. Amint meg van a text file felrakom.
Amugy nem régen nekem is virusos volt a laptopom sikerült nagyjából rendbe rakni de sztem most sem teljesen tiszta.(ha ujra inditom nincs egér meg billenytyűzet, csak akkor ha lecsukom a laptopot meg kinyitom) Bár most Kaspersky van fenn meg antimalware. Megcsinaltam a Combofixet meg Hijackthis-t felrakom megnézed?

Köszi

Oké

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kátai at 2009-06-24 12:02:23
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 13 GB (67%) free of 20 GB
Total RAM: 247 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:31, on 2009.06.24.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kátai\Asztal\RSIT.exe
C:\Program Files\trend micro\Kátai.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hivatkozási cél konvertálása Adobe PDF formátumúra - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Kijelölt hivatkozások konvertálása Adobe PDF formátumúra - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Kijelölés konvertálása Adobe PDF formátumúra - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertálás Adobe PDF formátumúra - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe (file missing)
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 5430 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Optimalizálás.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-17 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-12 951624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-17 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-06-13 274224]

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=1
"NoSMHelp"=1
"NoDrives"=00000000
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoResolveSearch"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf5f2d1-ae83-11dd-a32b-000e2e360761}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-06-24 12:02:56 ----DC---- C:\Program Files\trend micro
2009-06-24 12:02:23 ----DC---- C:\rsit
2009-06-22 22:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-22 22:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-22 22:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-22 22:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-22 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-22 22:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-22 22:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-22 22:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-22 22:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-22 22:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-22 16:11:11 ----DC---- C:\Documents and Settings\Kátai\Application Data\PlayFirst
2009-06-22 16:11:11 ----DC---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-06-22 15:13:35 ----DC---- C:\Games
2009-06-22 14:33:13 ----A---- C:\WINDOWS\system32\DfSdkBt64.exe
2009-06-22 14:33:12 ----A---- C:\WINDOWS\system32\DfSdkBt.exe
2009-06-22 14:32:36 ----DC---- C:\Program Files\Ashampoo
2009-06-22 12:07:18 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-06-22 12:00:32 ----DC---- C:\Documents and Settings\Kátai\Application Data\TuneUp Software
2009-06-22 11:21:18 ----A---- C:\WINDOWS\system32\swreg.exe
2009-06-22 11:21:16 ----A---- C:\WINDOWS\catchme.exe
2009-06-22 11:21:15 ----A---- C:\WINDOWS\system32\vfind.exe
2009-06-22 11:21:14 ----A---- C:\WINDOWS\system32\moveex.exe
2009-06-22 11:21:13 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-06-22 11:21:13 ----A---- C:\WINDOWS\system32\swsc.exe
2009-06-20 20:05:45 ----DC---- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2009-06-17 12:03:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-17 12:03:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-17 12:03:24 ----A---- C:\WINDOWS\system32\java.exe
2009-06-17 12:03:24 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-17 12:02:34 ----DC---- C:\Program Files\Java
2009-06-17 11:31:44 ----DC---- C:\Documents and Settings\Kátai\Application Data\Super-Cow
2009-06-16 17:17:36 ----DC---- C:\Program Files\MSN Messenger
2009-06-15 10:53:23 ----DC---- C:\Documents and Settings\Kátai\Application Data\DAEMON Tools Lite
2009-06-13 14:26:22 ----RA---- C:\WINDOWS\sel3110.exe
2009-06-13 14:26:22 ----RA---- C:\WINDOWS\CleanDev.exe
2009-06-13 14:26:21 ----RA---- C:\WINDOWS\OV519.txt
2009-06-13 14:26:20 ----RA---- C:\WINDOWS\vidcap32.exe
2009-06-13 14:26:16 ----RA---- C:\WINDOWS\system32\ov519usd.dll
2009-06-13 14:26:16 ----RA---- C:\WINDOWS\system32\ov519ext.dll
2009-06-13 14:15:04 ----DC---- C:\Program Files\uTorrent
2009-06-13 14:14:28 ----DC---- C:\Documents and Settings\Kátai\Application Data\uTorrent
2009-06-12 11:56:06 ----A---- C:\WINDOWS\system32\imon.dll
2009-06-12 11:55:26 ----DC---- C:\Program Files\ESET
2009-06-12 11:49:31 ----DC---- C:\Documents and Settings\Kátai\Application Data\Mozilla
2009-06-12 11:48:39 ----DC---- C:\Program Files\Mozilla Firefox
2009-06-12 11:31:09 ----DC---- C:\Program Files\D-Link AirPlus
2009-06-11 19:35:56 ----DC---- C:\Program Files\Microsoft
2009-06-11 19:34:54 ----DC---- C:\Program Files\Windows Live
2009-06-11 19:28:03 ----DC---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 1 months======

2009-06-24 12:02:56 ----RDC---- C:\Program Files
2009-06-24 12:02:14 ----D---- C:\WINDOWS\Prefetch
2009-06-24 11:52:21 ----D---- C:\WINDOWS\TEMP
2009-06-24 11:45:57 ----D---- C:\WINDOWS
2009-06-23 17:13:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-23 12:42:21 ----AC---- C:\WINDOWS\wincmd.ini
2009-06-23 12:41:38 ----D---- C:\WINDOWS\Debug
2009-06-23 12:36:08 ----AD---- C:\WINDOWS\system32
2009-06-23 12:35:15 ----D---- C:\WINDOWS\system32\wbem
2009-06-23 12:35:14 ----D---- C:\WINDOWS\AppPatch
2009-06-22 22:24:41 ----D---- C:\WINDOWS\inf
2009-06-22 22:24:36 ----DC---- C:\WINDOWS\system32\dllcache
2009-06-22 22:23:44 ----HDC---- C:\Config.Msi
2009-06-22 22:23:40 ----SHD---- C:\WINDOWS\Installer
2009-06-22 22:17:52 ----D---- C:\WINDOWS\$hf_mig$
2009-06-22 22:08:17 ----DC---- C:\Program Files\Internet Explorer
2009-06-22 22:08:17 ----D---- C:\WINDOWS\system32\hu-hu
2009-06-22 22:07:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-22 15:03:57 ----AC---- C:\WINDOWS\system.ini
2009-06-22 14:59:09 ----SD---- C:\WINDOWS\Tasks
2009-06-22 14:45:58 ----D---- C:\WINDOWS\system
2009-06-22 14:45:56 ----D---- C:\WINDOWS\system32\config
2009-06-22 14:45:56 ----D---- C:\WINDOWS\SHELLNEW
2009-06-22 14:45:49 ----DC---- C:\Program Files\RSL
2009-06-22 14:45:44 ----D---- C:\WINDOWS\system32\drivers
2009-06-22 11:57:40 ----SHDC---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-22 11:31:42 ----DC---- C:\Game
2009-06-22 11:29:35 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2009-06-22 11:14:32 ----D---- C:\WINDOWS\erdnt
2009-06-16 17:17:53 ----D---- C:\WINDOWS\WinSxS
2009-06-13 14:54:12 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-06-13 14:26:17 ----D---- C:\WINDOWS\OvtCam
2009-06-13 14:26:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-12 11:31:06 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-06-11 19:28:03 ----DC---- C:\Program Files\Common Files
2009-06-11 19:27:48 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-01 09:51:14 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-05-25 12:40:42 ----DC---- C:\Zene

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12856]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-06-12 15160]
R1 P3;Intel PentiumIII processzor-illesztoprogram; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46976]
R1 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-26 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-06-12 511832]
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1997-12-23 23936]
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-09-08 255360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-11-13 10368]
R3 StillCam;Still Serial digitális fényképezogép illesztoprogramja; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-26 6912]
R3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB univerzális állomásvezérlo miniport illesztoprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 hangvezérlo(WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 188IR;WORLD ADS-188IR IrDA Adapter; C:\WINDOWS\system32\DRIVERS\188IR.sys [2003-08-21 29076]
S3 achite4f;achite4f; C:\WINDOWS\system32\drivers\achite4f.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FreshIO;FreshIO; C:\WINDOWS\system32\drivers\FreshIO.sys []
S3 HidUsb;Microsoft HID osztályú illesztoprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Egér HID-illesztoprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MouseCmn;Mouse Driver; C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys []
S3 mpr_freader;MPR FileReader Driver; \??\C:\Program Files\Multi Password Recovery\mpr_freader.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSCIRDA;NSC infravörös eszközilleszto; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-22 174530]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-10 47360]
S3 Profos;Profos; C:\WINDOWS\system32\drivers\Profos.sys []
S3 Rasirda;WAN miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztoprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\WNt500x86\Sandra.sys []
S3 scsiscan;SCSI-képolvasó illesztoprogramja; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 SDTHelper;Helper driver for SDT-Tool; \??\C:\Documents and Settings\Kátai\Asztal\radix_installer_trial\sdthlpr.sys []
S3 se46bus;Sony Ericsson Device 070 driver (WDM); C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 Trufos;Trufos; C:\WINDOWS\system32\drivers\Trufos.sys []
S3 usbaudio;USB audio-illesztoprogram (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB általános szülo-illesztoprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-képolvasó illesztoprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB háttértár illesztoprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB videoeszköz (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-17 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-06-12 554312]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 bdss;BitDefender Scan Server; C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe /service []
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe /service []
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe []
S2 Poweroff;Poweroff; C:\WINDOWS\system32\poweroff.exe -service []
S2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe service []
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe /service []
S2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe /service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-17 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger megosztási mappák – USN-naplóolvasó szolgáltatás; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

igen a log.txt kell,,ted ide,

Sziasztok!
Stell itt van a info.txt:

info.txt logfile of random's system information tool 1.06 2009-06-24 12:23:46

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ashampoo WinOptimizer 6.23-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
D-Link AirPlus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
Fab Fashion 1.00-->C:\Games\Fab Fashion\Uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040E-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
VGA USB Camera-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB938127-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB942615-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB944533-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB950759-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB953838-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 gyorsjavítás - KB947864-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6E07FF7A-878C-486C-BB85-516F61A8E2C7}
Windows Live Messenger-->MsiExec.exe /I{01EE13C7-04FC-4A46-B4C9-AFD43C0DDB5F}
Windows Media Player Biztonsági frissítés (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923561-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923789-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Windows XP biztonsági frissítés - KB938464-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-v2-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952004-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954459-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954600-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956572-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956802-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958687-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958690-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB959426-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960225-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960715-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960803-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961373-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961501-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB968537-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB969898-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB970238-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Windows XP frissítés - KB951978-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP frissítés - KB955839-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP frissítés - KB967715-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Bitdefender Antivirus (outdated)
AV: ESET NOD32 Antivirus System 2.70
AV: Ashampoo AntiVirus (disabled) (outdated)

======System event log======

Computer Name: K-7DD3B80F43A44
Event Code: 7001
Message: A(z) BitDefender Desktop Update Service szolgáltatás függ a(z) BitDefender Communicator szolgáltatástól, amely a következo hiba miatt nem tudott elindulni:
A rendszer nem találja a megadott elérési utat.


Record Number: 7
Source Name: Service Control Manager
Time Written: 20090611171221.000000+120
Event Type: error
User:

Computer Name: K-7DD3B80F43A44
Event Code: 7001
Message: A(z) BitDefender Scan Server szolgáltatás függ a(z) BitDefender Communicator szolgáltatástól, amely a következo hiba miatt nem tudott elindulni:
A rendszer nem találja a megadott elérési utat.


Record Number: 6
Source Name: Service Control Manager
Time Written: 20090611171221.000000+120
Event Type: error
User:

Computer Name: K-7DD3B80F43A44
Event Code: 7000
Message: A szolgáltatás (BitDefender Communicator) a következo hiba következtében leállt:
A rendszer nem találja a megadott elérési utat.


Record Number: 5
Source Name: Service Control Manager
Time Written: 20090611171221.000000+120
Event Type: error
User:

Computer Name: K-7DD3B80F43A44
Event Code: 7000
Message: A szolgáltatás (ThreatFire) a következo hiba következtében leállt:
A rendszer nem találja a megadott fájlt.


Record Number: 4
Source Name: Service Control Manager
Time Written: 20090611171221.000000+120
Event Type: error
User:

Computer Name: K-7DD3B80F43A44
Event Code: 7000
Message: A szolgáltatás (Poweroff) a következo hiba következtében leállt:
A rendszer nem találja a megadott fájlt.


Record Number: 3
Source Name: Service Control Manager
Time Written: 20090611171221.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: K-7DD3B80F43A44
Event Code: 1517
Message: A Windows mentette K-7DD3B80F43A44\Kátai felhasználó rendszerleíró adatbázisát, mert azt a kijelentkezés közben egy másik alkalmazás vagy szolgáltatás is használta. A felhasználó rendszerleíró adatbázisa által használt memória nem lett felszabadítva. A rendszerleíró adatbázis akkor lesz eltávolítva, amikor már nincs használatban.


Ezt a problémát általában felhasználói fiókként futó szolgáltatások okozzák. Próbálja a szolgáltatásokat úgy konfigurálni, hogy a helyi vagy a hálózati szolgáltatásfiókban fussanak.

Record Number: 2853
Source Name: Userenv
Time Written: 20081120214437.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: K-7DD3B80F43A44
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 2842
Source Name: usnjsvc
Time Written: 20081120104657.000000+060
Event Type:
User:

Computer Name: K-7DD3B80F43A44
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 2837
Source Name: usnjsvc
Time Written: 20081119203148.000000+060
Event Type:
User:

Computer Name: K-7DD3B80F43A44
Event Code: 1517
Message: A Windows mentette K-7DD3B80F43A44\Kátai felhasználó rendszerleíró adatbázisát, mert azt a kijelentkezés közben egy másik alkalmazás vagy szolgáltatás is használta. A felhasználó rendszerleíró adatbázisa által használt memória nem lett felszabadítva. A rendszerleíró adatbázis akkor lesz eltávolítva, amikor már nincs használatban.


Ezt a problémát általában felhasználói fiókként futó szolgáltatások okozzák. Próbálja a szolgáltatásokat úgy konfigurálni, hogy a helyi vagy a hálózati szolgáltatásfiókban fussanak.

Record Number: 2828
Source Name: Userenv
Time Written: 20081118210020.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: K-7DD3B80F43A44
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 2822
Source Name: usnjsvc
Time Written: 20081118173741.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\COMMON FILES\TELECA SHARED;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

A kidobott log.txt nem kell? A gépen elméletileg nincs más vírusírtó csak a nod32 (Bitdefender sem és Ashampoo AntiVirus sem)

Jönnek a gyerekek holnaptó felváltva egész nyáron és rendbe kellene rázni ezt a Pc-t a laptopot nem szívesen adom nekik, hogy azon játszanak.
Előre is köszi a segítségedet!

Andi

udv

Sziasztok !

ismerősöm Skypon "photo love you.scr " filet küldözget a tudta nélkül.
Avast felismeri annál aki megkapja, de magán a gépen nem. Antimalware nem segített. Mi lehet?

Ha valaki tud segíteni előre is köszönöm

nincsen mit,,
udv.

Köszön szépen , maradok tisztelettel őszinte híved


Szia

ok,kitorolni mindent amit talalt,
start-futatas beirod combofix /u ok
kipucolni CCleaneral
es keszek vagyunk,

16 órán keresztül dolgozott , ahogy megtalálta az Avast írtotta is....volt rootkit is még.............de örvendetes , hogy most nincs svchost hiba és fagyás

Malwarebytes' Anti-Malware 1.38
Adatbázis verzió: 2314
Windows 5.1.2600 Szervizcsomag 2

2009.06.21. 14:44:11
mbam-log-2009-06-21 (14-44-04).txt

Vizsgálat típusa: Teljes vizsgálat (C:\|D:\|E:\|F:\|G:\|H:\|P:\|)
Átvizsgált objektumok: 517342
Eltelt idő: 16 hour(s), 12 minute(s), 44 second(s)

Fertőzött memóriafolyamatok: 0
Fertőzött memória modulok: 0
Fertőzött rendszerleíró kulcsok: 0
Fertőzött rendszerleíró értékek: 0
Fertőzött rednszerleíró elemek: 0
Fertőzött mappák: 0
Fertőzött fájlok: 12

Fertőzött memóriafolyamatok:
(Nem észleltem rosszindulatú elemeket)

Fertőzött memória modulok:
(Nem észleltem rosszindulatú elemeket)

Fertőzött rendszerleíró kulcsok:
(Nem észleltem rosszindulatú elemeket)

Fertőzött rendszerleíró értékek:
(Nem észleltem rosszindulatú elemeket)

Fertőzött rednszerleíró elemek:
(Nem észleltem rosszindulatú elemeket)

Fertőzött mappák:
(Nem észleltem rosszindulatú elemeket)

Fertőzött fájlok:
c:\program files\WinRAR\patch-icu.exe (Malware.Tool) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\1alg2kbi\fascmmlp[1].png (Trojan.Dropper) -> No action taken.
c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\eakd7ha4\csko[1].jpg (Worm.Downadup) -> No action taken.
c:\downloads\vso.convertxtodvd.v3.5.3.139\vso.convertxtodvd.v3.5.3.139\keygen-paradox\keygen.exe (Trojan.Agent) -> No action taken.
f:\játékmaygarítások\battlefield 2\battlefield 2 egyebek\key generator.exe (Trojan.Agent) -> No action taken.
f:\programok,egyebek\képnézők ,képszerkesztők\ashampo photo commander\ashampoo.photo.commander.v5.20.multilingual.winall.incl.keygen-virility\keygen.exe (Trojan.Downloader) -> No action taken.
f:\programok,egyebek\legújjabbak mentés előtt\techsmith snagit v9.1.0 incl keygen\Keygen.exe (Malware.Tool) -> No action taken.
f:\programok,egyebek\microsoft office\microsoftofficexpprof hun\xpkey.exe (Trojan.Downloader) -> No action taken.
f:\programok,egyebek\MÁSOLÁS\keygen_xilisoft\Keygen_Xilisoft.exe (Malware.Tool) -> No action taken.
f:\programok,egyebek\NERO\nero plugins\nero mp3pro kodek\Keygen.exe (Trojan.Agent) -> No action taken.
f:\programok,egyebek\segéd és rendszer programok\file & folder properties changer v1.5.2\Patch.exe (Spyware.OnlineGames) -> No action taken.
f:\programok,egyebek\tömörítők\WinRar\winrar.v3.80.final.incl.key\patch-icu.exe (Malware.Tool) -> No action taken.