Az előbb elszállt, amit írtam...
Nem vagyok egy menekülős fajta, de aki vak, és nem látja, hogy honnan írsz, annak csak gratulálni tudok!
Na, most jönnek a standard kérdések. Akkoris letöröljem a spybotot vagyterminátort, ha csak hetente egyzsr futtatom, háttérben csa a tűzfal, meg a nod megy. És ha igen, melyiket szedjem le?

Szőkenős kérdés: mi az, hogy fixeld le, azt hogy kell? Gondolom, mindenki ezt kérdezi

A combo..izét csinálom.

Az előbb elszállt, amit írtam...
Nem vagyok egy menekülős fajta, de aki vak, és nem látja, hogy honnan írsz, annak csak gratulálni tudok!
Na, most jönnek a standard kérdések. Akkoris letöröljem a spybotot vagyterminátort, ha csak hetente egyzsr futtatom, háttérben csa a tűzfal, meg a nod megy. És ha igen, melyiket szedjem le?

Szőkenős kérdés: mi az, hogy fixeld le, azt hogy kell? Gondolom, mindenki ezt kérdezi

A combo..izét csinálom.

Az előbb elszállt, amit írtam...
Nem vagyok egy menekülős fajta, de aki vak, és nem látja, hogy honnan írsz, annak csak gratulálni tudok!
Na, most jönnek a standard kérdések. Akkoris letöröljem a spybotot vagyterminátort, ha csak hetente egyzsr futtatom, háttérben csa a tűzfal, meg a nod megy. És ha igen, melyiket szedjem le?

Szőkenős kérdés: mi az, hogy fixeld le, azt hogy kell? Gondolom, mindenki ezt kérdezi

A combo..izét csinálom.

Szia
igen jol csinaltad azt hittem hogy te is elrohantal,mert mar tobben kertek a segitseget es amikor oda irtam hogy mikell megijedtek a helyes irasomtoll,hogy mitt akar ez a analfabeta gyerek a gepemell
Tehat mos csinald eztet a geped eleg jol nez ki de ez meg nemjelent semit mert a Hijack csak igen keveset mutatt de kell.
Futt neked a spybot meg a Terminator az egyiket szed le a geproll
Fixeld le ezekett
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\WINDOWS\system32\shdocvw.dll

Stell, szia, bocsánat, tegnap el kellett mennem. Remélem, jól csináltam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:35, on 2009.04.01.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\IEPro\MiniDM.exe
C:\DOCUME~1\HERCEG~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.index.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.157.108.227/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10256 bytes

hm te amugy igen bator no vagy

Oké, megpróbálom

szia
1-lepes>Itt olvasd el hogy kel HiJackThis logot csinalnod es ted ide

http://forum.terminal.hu/viewtopic.php?t=35889

Szia stell /és mindenki! Tegnap olvasgattam ezt a fórumot, és láttam, hogy sok mindenkinek segítettél, nem tudom, esetleg tudsz-e nekem is...
Egy hete kaptam egy vírust, egy exe file ál- videóról, mire észrevettem, hogy exe, már fent volt. A nod beriasztott, karantén, én se értem, de valahogy mégis becsúszott.Nem tudtam belépni, és ugráltak fel ezek a fake alert trójaira jellemző risztások, meg csatlakozni próbált a netre folyamatosan.(még csökkentett módban is!)
Mivel teljesen hülye vagyok a gépekhez, plusz nő, ellenben nagyon kitartó, kb 40 óráig a neten kutattam és olvasgattam plusz lefuttattam vagy 8 vírusirtó,és kémprogramot. Egyetlen vírusirtó sem talált semmit, csak az Malware antibytes, nem tudom, legalább 4 trójait. ( egyetlen viedóból???) Oda jutottam,hogy egyedül kibogarásztam a netről a fajtáját, és kézzel kitörölgettem a fájlokat ( task file, kicseréltem a registryben az userinit filet, azelőtt szt sem tudtam, mi az a registry:)) stb. azóta a gép rendesen működik. Viszont nem bízom benne, hogy ugyan egyik progi sem mutat fertőzést, nem maradt semmi nyoma, és nem merek internetbankolni, stb. Mit kéne tennem? Előre is ksözi!

ok,meg elmegy ide es leteszteled a gepet,majd a FireFoxba kiirja hogy hianyzik modul telepitsd es aztan alol klik accept-az tan majd klik scan,majd csinalj logot es ted ide es ird le mi a hejzet

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\docume~1\alluse~1\applic~1\A879945699.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

tolds le az AVANGERT
http://swandog46.geekstogo.com/avenger.exe
az ablakba Input script here
ted a piros textet

klik na Execute-yes-yes a gep restartol es ad logot ted ide

a másikat nem tudom ellenőrizni mert rejtett fájl és nem lehet láthatóvá tenni

A(z) explorer.exe állomány feltöltve: 2009.03.07 16:00:43 (CET)
Pillanatnyi állapot: Feltöltés ... sorbanállás várakozás vizsgálat befejeződött NEM TALÁLHATÓ LEÁLLT
Eredmény: 0/39 (0%)

Antivírus Verzió Utolsó frissítés Eredmény
a-squared 4.0.0.101 2009.03.07 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.07 -
Authentium 5.1.0.4 2009.03.06 -
Avast 4.8.1335.0 2009.03.06 -
AVG 8.0.0.237 2009.03.06 -
BitDefender 7.2 2009.03.07 -
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1030 2009.03.06 -
DrWeb 4.44.0.09170 2009.03.07 -
eSafe 7.0.17.0 2009.03.05 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.06 -
F-Secure 8.0.14470.0 2009.03.07 -
Fortinet 3.117.0.0 2009.03.07 -
GData 19 2009.03.07 -
Ikarus T3.1.1.45.0 2009.03.07 -
K7AntiVirus 7.10.660 2009.03.06 -
Kaspersky 7.0.0.125 2009.03.07 -
McAfee 5545 2009.03.06 -
McAfee+Artemis 5545 2009.03.06 -
Microsoft 1.4405 2009.03.07 -
NOD32 3917 2009.03.07 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.07 -
Panda 10.0.0.10 2009.03.07 -
PCTools 4.4.2.0 2009.03.07 -
Prevx1 V2 2009.03.07 -
Rising 21.19.42.00 2009.03.06 -
SecureWeb-Gateway 6.7.6 2009.03.07 -
Sophos 4.39.0 2009.03.07 -
Sunbelt 3.2.1858.2 2009.03.07 -
Symantec 1.4.4.12 2009.03.07 -
TheHacker 6.3.2.7.274 2009.03.07 -
TrendMicro 8.700.0.1004 2009.03.06 -
VBA32 3.12.10.1 2009.03.07 -
ViRobot 2009.3.7.1639 2009.03.07 -
VirusBuster 4.5.11.0 2009.03.07 -

teszteld le a virustotalon
c:\docume~1\alluse~1\applic~1\A879945699.sys
c:\windows\explorer.exe
VIRUSTOTALu

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 15:38:10
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 26

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008.08.25. 22:55:39
System Uptime: 2009.03.07. 15:17:30 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7V8X-X
Processor: AMD Sempron(TM) 2400+ | SOCKET A | 1656/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 55 GiB total, 12,678 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 17,757 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP164: 2009.03.06. 8:54:35 - Rendszerellenőrzési pont
RP165: 2009.03.06. 19:21:29 - Installed Kerio Personal Firewall
RP166: 2009.03.06. 23:31:23 - Software Distribution Service 3.0
RP167: 2009.03.07. 10:32:02 - Removed Kerio Personal Firewall
RP168: 2009.03.07. 10:38:42 - A Kerio WinRoute Firewall telepítve.
RP169: 2009.03.07. 10:47:30 - A Kerio WinRoute Firewall eltávolítva.
RP170: 2009.03.07. 10:55:14 - Installed Kerio Personal Firewall
RP171: 2009.03.07. 11:19:42 - Removed Kerio Personal Firewall
RP172: 2009.03.07. 11:23:50 - Installed Sunbelt Kerio Personal Firewall
RP173: 2009.03.07. 14:12:22 - Removed Sunbelt Kerio Personal Firewall

==== Installed Programs ======================

..:: 08 MONKEYDRAGON SERIES ::..
08 Popups Manager 3.0
1. Bundesliga Flagpack
AAC Decoder
AC-3 ACM Decompressor
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Premiere Elements 1.0
Adobe Reader 8 - Hungarian
Adobe Shockwave Player
ATI Control Panel
ATI Display Driver
ATI HydraVision
AutoUpdate
avast! Antivirus
Avidemux 2.4
Belkin Wireless USB Utility
BitLord 1.1
CCleaner (remove only)
Cinema Craft Encoder SP
CloneDVD2
Color LaserJet 2600n
CorelDRAW Graphics Suite 12
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang MA
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
Creation Master 07 Ultimate Version
Creation Master 08 Release 1.03
Creation Master 09 Rel 1.00
DC++ 0.707
Dirrect X11Beta
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Decrypter (Remove Only)
FIFA 07
FIFA 08
FIFA 08 FATBH Builder Version 0.9
FIFA 09
File Master 08 Release 3.02
Free YouTube Download 2.2
H.264 Decoder
HSP 09 vol 1. Patch
Hungarian Super Patch '09
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 4.3.4
Kerio Visual C++ 2005 redistributable permanent package
KRyLack Password Recovery
Labtec WebCam
LightScribe 1.4.124.1
Ligue 1 Flagpack
Manager Master 08 Release 1.00
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MKV Splitter
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 6 Ultra Edition
Nero Digital
PDFCreator
PowerDVD
SAS Ligaen Flagpack
Security Update a következő termékhez: Microsoft .NET Framework 2.0 (KB928365)
Sony Ericsson PC Suite 1.20.173
Sound Master 08 Release 1.02
Srt2Sup a4.03
Subtitle Workshop 2.51
TMPGEnc 4.0 XPress
TMPGEnc DVD Author 1.6
TMPGEnc DVD Author 3 with DivX Authoring
TMPGEnc Sound Player
Tony Hawk's Pro Skater 2
Total Commander (Remove or Repair)
UEFA Euro 2008 Face Pack v2.0 by Yanush
UltraISO Premium V9.33
Uninstall 1.0.0.1
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6c
VideoReDo TVSuite Version 3.1.4.549
Virtual DJ - Atomix Productions
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VobSub v2.23 (Remove Only)
VP6 Decoder
VP6 VFW Codec
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7 biztonsági frissítés - KB938127-v2
Windows Internet Explorer 7 biztonsági frissítés - KB953838
Windows Internet Explorer 7 biztonsági frissítés - KB956390
Windows Internet Explorer 7 biztonsági frissítés - KB961260
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP biztonsági frissítés - KB923789
WinRAR archiver

==== End Of File ===========================

DDS (Ver_09-02-01.01) - NTFSx86
Run by Krusi at 15:34:59,70 on 2009.03.07.
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1024.726 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090306-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Krusi\Asztal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uLocal Page =
mLocal Page =
BHO: Adobe PDF Reader hivatkozássúgó: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\indtpu~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\krusi\applic~1\mozilla\firefox\profiles\aj2hfdlo.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("editor.use_css", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-5 114768]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-3-16 72496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-5 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-5 352920]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-6-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\drivers\kwflower.sys --> c:\windows\system32\drivers\kwflower.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-10-9 152576]

=============== Created Last 30 ================

2009-03-07 13:45 <DIR> --d----- c:\program files\common files\Protexis
2009-03-07 11:48 <DIR> --d----- c:\program files\WinRAR-ÚJ
2009-03-07 10:41 <DIR> --d----- c:\docume~1\krusi\applic~1\Kerio
2009-03-06 19:50 250 a------- c:\windows\gmer.ini
2009-03-06 19:12 504 a------- C:\cc_20090306_191203.reg
2009-03-06 19:11 5,164 a------- C:\cc_20090306_191132.reg
2009-03-06 19:11 37,956 a------- C:\cc_20090306_191049.reg
2009-03-06 08:51 <DIR> --d----- c:\program files\CCleaner
2009-03-05 17:32 634,024 -c------ c:\windows\system32\dllcache\iexplore.exe
2009-03-05 10:49 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-05 10:49 208,744 a------- c:\windows\system32\muweb.dll
2009-03-05 10:49 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-04 22:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-04 22:43 <DIR> --d----- c:\windows\Internet Logs
2009-03-04 16:28 <DIR> --d----- c:\docume~1\krusi\applic~1\IObit
2009-03-02 20:55 <DIR> --d----- c:\program files\EA Sports
2009-02-26 12:26 <DIR> --d----- c:\program files\VideoLAN
2009-02-26 09:37 <DIR> --d----- c:\windows\Hungarian Super Patch '09
2009-02-25 16:26 <DIR> --d----- c:\program files\common files\EZB Systems
2009-02-25 16:26 <DIR> --d----- c:\program files\UltraISO
2009-02-20 15:46 <DIR> --d----- c:\docume~1\krusi\applic~1\XnView
2009-02-16 21:45 <DIR> --d----- c:\docume~1\krusi\applic~1\KRyLack Password Recovery
2009-02-16 21:45 <DIR> --d----- c:\program files\KRyLack Password Recovery
2009-02-16 21:38 299,520 a------- c:\windows\uninst.exe
2009-02-13 16:45 123 a------- c:\windows\wininit.ini
2009-02-13 15:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-12 15:53 3,287 a------- c:\windows\Ascd_tmp.ini
2009-02-12 15:53 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-12 08:04 15 a------- c:\windows\WinPatchService
2009-02-12 07:59 <DIR> --d----- c:\docume~1\krusi\applic~1\Codemonster
2009-02-08 18:51 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-08 18:51 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-08 18:51 129,784 -------- c:\windows\system32\pxafs.dll

==================== Find3M ====================

2009-03-07 15:25 2,139 a------- c:\windows\system32\unins000.dat
2009-03-07 15:25 728,858 a------- c:\windows\system32\unins000.exe
2009-03-07 14:08 2,828 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-04 22:17 395,348 a------- c:\windows\system32\perfh00E.dat
2009-03-04 22:17 84,198 a------- c:\windows\system32\perfc00E.dat
2009-01-26 09:44 119,568 a------- c:\windows\system32\VB6FR.DLL
2008-12-20 23:47 826,368 a------- c:\windows\system32\wininet.dll
2008-12-18 22:38 65,536 a------- c:\windows\IFinst27.exe
2008-12-11 01:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 01:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 03:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 03:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 03:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 03:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-05 07:11 8 ---shr-- c:\docume~1\alluse~1\applic~1\A879945699.sys
2008-08-25 21:56 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-08-25 21:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-25 21:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat
2008-08-25 21:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 15:36:11,84 ===============

http://download.bleepingcomputer.com/sUBs/dds.scr
ad 2 logot ted ide
http://files.thespykiller.co.uk/catchme.exe
klik scan a logot ted ide

Svchost.exe-re hivatkozva kidob egy ablakot piros x-el
és ugyanúgy nem jó a gép ! :S:S:S

mert nemjol csinalod -nemvarod meg a vegett-ez igy megy mikor bevegzi kiirja scan kompletes kiugrik egy ablak- te klik ok varni kel,aztan van ot 2 kartya amit bekel zarnod,ha igyse megy vardki a veget es restart,,

Nem jó :S:S:S egyszerűen végez a program és semmire nem reagál a gépem nem tudom megnyitnis e a total comamndert se a böngészőt :S:S:S

hm ez ures,kapcsold ki a virus irtot es a tuzfalat is es csinald megegyszer de most csak a 2-lehetoseget pipazd be,ok

ami van a log mapaban ted fel es a linket ted ide,,

a Virusinfo-s rar fájl megvan de a html-s az nicns! és 2szer befagyott a gépem ettől a programtól.....:S:S:S:S

no meg megnezuk evel a programal
letoltod az AVZ4-programot,
Download AVZ4
nyisd ki es csomagold ki mele az aztalra
nyisd ki az j mapat avz4-es futasd-fekete pajz
klik-gomb -
frisites
klik File-klik-standarts script-bepipazod a
3-"Healing/Quarantine and Advanced System
klikni “Execute selected scripts-ok
megvarod a skan veget-scan complet-klik-ok
az
(avz_sysinfo.htm) ess a [virusinfo_syscure.zip.]AVZ4 -mapaban - LOG
ted fel ide

http://leteckaposta.cz/
es a linket tedide

leszedtem de így se valami frankó

en azt irtam hogy szed le a geprol a keriot mert akaszkodot az avastal-es probald ki a gepet,tehat most szed le a geprol a vezerlo pulton at,,kiprobalni irni,

Feltelepítettem a Keriot és most mi a teendőm vele ?

ok,rootkitet nemlatok,probald leszedni a Kerio tuzfalat es probald ki,

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-06 22:24:47
Windows 5.1.2600 Szervizcsomag 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAD5B6B8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateFile [0xAAF25C5C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAD5B574]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcess [0xAAF25031]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcessEx [0xAAF24EAE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateThread [0xAAF25693]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteFile [0xAAF264B5]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteKey [0xAAF224E1]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAD5BA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAD5B14C]
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xAAD9C8B0]
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xAAD9CA20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenFile [0xAAF25F27]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAD5B64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAD5B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAD5B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAD5B76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAD5B72E]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwResumeThread [0xAAF2571F]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwSetInformationFile [0xAAF26229]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAD5B8AE]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwWriteFile [0xAAF26186]

---- Kernel code sections - GMER 1.0.14 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F76519EF 6 Bytes JMP AAF1A1EC \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] WS2_32.dll!socket 71A54211 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] WS2_32.dll!bind 71A54480 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[228] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!VirtualAllocEx 7C809B02 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateRemoteThread 7C8104BC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateProcessInternalW 7C81979C 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!CreateProcessInternalA 7C81D536 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[248] kernel32.dll!SetThreadContext 7C863AA9 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetConnectA 4360499A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetConnectW 43605B88 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetOpenA 4360C865 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetOpenW 4360CE99 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetOpenUrlA 43610BCA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[248] WININET.dll!InternetOpenUrlW 4365AEB9 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!StrStrW + FFE255A3 7C9C217D 272 Bytes [ C0, F1, 77, DB, A8, F1, 77, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!StrStrW + FFE256B4 7C9C228E 1 Byte [ 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!StrStrW + FFE256B6 7C9C2290 89 Bytes [ FF, 30, 83, 7C, 17, F8, 82, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!StrStrW + FFE25710 7C9C22EA 121 Bytes [ 91, 7C, F9, BC, 80, 7C, 0D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!StrStrW + FFE2578A 7C9C2364 3 Bytes [ 18, AD, 80 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFree + DA 7C9EAC66 571 Bytes [ 69, 73, 6B, 46, 72, 65, 65, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHLoadOLE + 1C1 7C9EAEA2 21 Bytes [ 53, 48, 47, 65, 74, 55, 6E, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHLoadOLE + 1D7 7C9EAEB8 48 Bytes [ 53, 48, 48, 61, 6E, 64, 6C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHLoadOLE + 208 7C9EAEE9 150 Bytes [ 53, 68, 6F, 72, 74, 63, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHLoadOLE + 29F 7C9EAF80 106 Bytes [ 53, 48, 4C, 6F, 61, 64, 49, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHLoadOLE + 30A 7C9EAFEB 364 Bytes [ 53, 48, 4D, 61, 70, 50, 49, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCoCreateInstance + 106 7C9EB158 40 Bytes [ 53, 48, 53, 65, 74, 4C, 6F, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCoCreateInstance + 12F 7C9EB181 143 Bytes [ 53, 48, 53, 68, 65, 6C, 6C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderPathW + 29 7C9EB211 153 Bytes [ 53, 48, 55, 70, 64, 61, 74, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILGetSize + 5B 7C9EB2AB 234 Bytes [ 53, 68, 65, 47, 65, 74, 44, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILClone + E1 7C9EB396 2 Bytes [ 74, 65 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILClone + E4 7C9EB399 22 Bytes [ 78, 00, 53, 68, 65, 6C, 6C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILClone + FB 7C9EB3B0 72 Bytes [ 45, 78, 65, 63, 75, 74, 65, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILClone + 144 7C9EB3F9 147 Bytes [ 53, 68, 65, 6C, 6C, 5F, 47, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILClone + 1D8 7C9EB48D 110 Bytes [ 53, 74, 72, 43, 68, 72, 49, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCloneFirst + 10 7C9EB534 346 Bytes [ 53, 74, 72, 52, 53, 74, 72, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCombine + BD 7C9EB692 33 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCombine + DF 7C9EB6B4 18 Bytes [ 00, 50, FF, 15, 60, 15, 9C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCombine + F2 7C9EB6C7 19 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCombine + 106 7C9EB6DB 27 Bytes [ 39, 5D, 08, 7C, 50, 83, 7D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCombine + 122 7C9EB6F7 84 Bytes [ F5, BC, 7C, 74, 07, 56, FF, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDesktopFolder + 19 7C9EBC41 22 Bytes [ 8B, FF, 56, 8B, F1, 8B, 46, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDesktopFolder + 30 7C9EBC58 11 Bytes [ 8B, 46, 40, 85, C0, 0F, 85, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDesktopFolder + 3C 7C9EBC64 30 Bytes [ 46, 44, 85, C0, 8B, 3D, 34, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDesktopFolder + 5B 7C9EBC83 111 Bytes [ 83, 4E, 6C, FF, 83, 4E, 70, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDesktopFolder + CB 7C9EBCF3 81 Bytes [ CE, FF, 50, 14, 85, C0, 0F, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHRestricted + 73 7C9EC5D0 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHRestricted + 89 7C9EC5E6 3 Bytes [ 83, 7D, 0C ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHRestricted + 8D 7C9EC5EA 5 Bytes [ 0F, 84, 9D, FA, 05 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHRestricted + 93 7C9EC5F0 6 Bytes [ 53, 56, E8, 59, FC, FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHRestricted + 9A 7C9EC5F7 3 Bytes [ FF, 75, 0C ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILRemoveLastID + 26 7C9EC6E1 5 Bytes [ 8B, FF, 55, 8B, EC ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILRemoveLastID + 2C 7C9EC6E7 5 Bytes [ 75, 08, E8, D8, FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILRemoveLastID + 32 7C9EC6ED 109 Bytes [ FF, 8B, 4D, 0C, 89, 01, F7, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILRemoveLastID + A0 7C9EC75B 23 Bytes [ 3B, C7, C7, 45, FC, 05, 40, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILRemoveLastID + B8 7C9EC773 12 Bytes [ 04, 00, 50, FF, 75, 0C, FF, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSetSettings + 5B 7C9EC90F 87 Bytes [ 45, D8, 33, F6, 39, 33, 0F, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSetSettings + B3 7C9EC967 4 Bytes [ 8C, E4, 01, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSetSettings + B8 7C9EC96C 4 Bytes [ 56, 8B, 75, 14 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSetSettings + BD 7C9EC971 11 Bytes [ F6, 0F, 84, DD, 6D, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSetSettings + C9 7C9EC97D 80 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCLSIDFromString + 5E 7C9ECD15 52 Bytes [ 33, FF, 47, 85, C0, 74, 49, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCLSIDFromString + 93 7C9ECD4A 6 Bytes [ 85, F6, 0F, 85, 77, 2E ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCLSIDFromString + 9A 7C9ECD51 7 Bytes [ 00, 8B, 45, 08, 8B, 08, 50 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCLSIDFromString + A2 7C9ECD59 32 Bytes [ 51, 08, 5E, 8B, 45, FC, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCLSIDFromString + C3 7C9ECD7A 23 Bytes [ 75, 0C, 6A, 00, FF, 75, 10, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindLastID 7C9ECE80 62 Bytes [ 90, 8B, FF, 55, 8B, EC, 53, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindLastID + 41 7C9ECEC1 5 Bytes [ 53, E8, 3C, 29, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindLastID + 47 7C9ECEC7 33 Bytes [ 46, 46, 33, DB, 66, 39, 1E, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindLastID + 6A 7C9ECEEA 1 Byte [ 10 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindLastID + 6C 7C9ECEEC 163 Bytes [ FF, 75, 10, 53, FF, 37, FF, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHParseDisplayName + 3E 7C9EE0B2 133 Bytes [ 0F, 84, CC, A0, 00, 00, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHParseDisplayName + C4 7C9EE138 57 Bytes [ EC, 51, 51, 53, 56, 57, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHParseDisplayName + FF 7C9EE173 51 Bytes CALL 7C9EE017 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHParseDisplayName + 133 7C9EE1A7 11 Bytes [ 55, 8B, EC, 83, EC, 18, A1, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHParseDisplayName + 13F 7C9EE1B3 14 Bytes [ 56, 8B, F1, 89, 45, FC, 8B, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHILCreateFromPath + 8C 7C9EE6D0 27 Bytes CALL 7C9EE675 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHILCreateFromPath + A8 7C9EE6EC 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHILCreateFromPath + D8 7C9EE71C 33 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHILCreateFromPath + FA 7C9EE73E 57 Bytes [ 8D, BD, E4, FB, FF, FF, F3, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHILCreateFromPath + 134 7C9EE778 31 Bytes [ 50, 56, 53, 6A, 00, C7, 45, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCreateFromPath 7C9EE7DF 33 Bytes [ 90, 8B, FF, 55, 8B, EC, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCreateFromPath + 24 7C9EE803 86 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCreateFromPath + 7B 7C9EE85A 179 Bytes CALL 7C9EE133 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCreateFromPath + 12F 7C9EE90E 21 Bytes [ 53, FF, B5, D0, FD, FF, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILCreateFromPath + 145 7C9EE924 11 Bytes [ 8B, 8D, DC, FD, FF, FF, 53, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathW + 94 7C9EF30A 83 Bytes [ 55, 1C, 53, 33, C0, 3B, D0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathW + E8 7C9EF35E 96 Bytes [ 8B, 45, 18, 85, C0, 0F, 85, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathW + 149 7C9EF3BF 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathW + 15A 7C9EF3D0 2 Bytes [ 75, 24 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathW + 15D 7C9EF3D3 3 Bytes [ 55, 08, 52 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderLocation + 19 7C9EF77A 16 Bytes [ 8D, 43, 03, 50, FF, 15, 24, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderLocation + 2A 7C9EF78B 33 Bytes [ FF, 85, C0, 0F, 85, 53, 12, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderLocation + 4C 7C9EF7AD 49 Bytes [ 00, 00, 85, C0, 0F, 8D, F8, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderLocation + 7E 7C9EF7DF 16 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderLocation + E 7C9EF7F1 73 Bytes CALL 7C9EF643 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderLocation + 58 7C9EF83B 1 Byte [ FB ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderLocation + 5B 7C9EF83E 3 Bytes [ 84, 62, 4C ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderLocation + 60 7C9EF843 3 Bytes [ 66, 83, 22 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetSpecialFolderLocation + 64 7C9EF847 14 Bytes [ 5F, 5E, 5B, 5D, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsNetDrive + A 7C9F0672 10 Bytes [ 8B, 07, FF, 75, 14, 8D, 04, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsNetDrive + 15 7C9F067D 63 Bytes CALL 7C9EC6DD C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsNetDrive + 55 7C9F06BD 3 Bytes [ 00, 00, 01 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsNetDrive + 5A 7C9F06C2 3 Bytes [ 5E, 17, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsNetDrive + 5E 7C9F06C6 15 Bytes [ 09, B5, B8, FB, FF, FF, E9, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!RealDriveType + 27 7C9F0EE9 8 Bytes [ 89, 08, 8B, 45, F8, 5F, 5E, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!RealDriveType + 31 7C9F0EF3 1 Byte [ 1C ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!RealDriveType + 33 7C9F0EF5 17 Bytes [ 81, 7D, F8, 7A, 00, 07, 80, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DriveType + D 7C9F0F07 33 Bytes [ 55, 8B, EC, 8D, 45, 0C, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DriveType + 2F 7C9F0F29 28 Bytes [ 8B, 45, 0C, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DriveType + 4C 7C9F0F46 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DriveType + 68 7C9F0F62 28 Bytes [ 75, 0C, FF, 75, 08, FF, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DriveType + 85 7C9F0F7F 50 Bytes CALL 7C9F0D3B C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetPathFromIDListW + 3B 7C9F108B 17 Bytes JMP 7C9EB813 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetPathFromIDListW + 4D 7C9F109D 18 Bytes [ 56, 8B, 75, 08, 57, FF, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetPathFromIDListW + 60 7C9F10B0 25 Bytes [ 75, 14, 8B, D8, 8B, CF, 89, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetPathFromIDListW + 7A 7C9F10CA 47 Bytes [ 00, 49, 0F, 85, 9D, B9, 01, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetPathFromIDListW + AA 7C9F10FA 10 Bytes [ 85, DB, 8B, C3, 0F, 85, 13, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsEqual + 20 7C9F125B 7 Bytes [ C3, 5B, 5D, C2, 10, 00, FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsEqual + 28 7C9F1263 26 Bytes [ 14, 8B, 76, 18, FF, 75, 10, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsEqual + 43 7C9F127E 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsEqual + 46 7C9F1281 48 Bytes [ EC, 81, EC, 54, 04, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsEqual + 77 7C9F12B2 85 Bytes [ FF, 8D, 8D, D4, FD, FF, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsSlowW + 27 7C9F1308 23 Bytes [ 3B, F3, 0F, 9F, C0, 8B, 4D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsSlowW + 41 7C9F1322 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsSlowW + 47 7C9F1328 144 Bytes [ EC, 51, 51, 53, 56, 57, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsSlowW + D8 7C9F13B9 73 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsSlowW + 122 7C9F1403 7 Bytes [ C0, 75, AD, B8, FF, FF, 00 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsParent + 14 7C9F146C 77 Bytes [ 00, B9, FF, FF, 00, 00, 85, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsParent + 62 7C9F14BA 79 Bytes [ FF, 50, FF, B5, 98, FE, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILIsParent + B2 7C9F150A 90 Bytes [ FF, 8D, 48, F0, FF, B5, 90, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindChild + 4D 7C9F1565 4 Bytes [ 57, 56, E8, A0 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindChild + 52 7C9F156A 90 Bytes [ 03, 00, 85, C0, 0F, 85, 22, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindChild + AD 7C9F15C5 37 Bytes [ DB, 7C, 41, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindChild + D3 7C9F15EB 42 Bytes [ 45, 14, 8B, 4D, 0C, 8B, 11, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILFindChild + FE 7C9F1616 133 Bytes [ 1B, C0, 83, D8, FF, E9, C5, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetClassObject + A6 7C9F298F 83 Bytes [ A1, AC, FA, BC, 7C, 85, C0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetClassObject + FA 7C9F29E3 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetClassObject + FC 7C9F29E5 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetClassObject + 102 7C9F29EB 15 Bytes [ FF, 55, 8B, EC, 53, 56, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetClassObject + 112 7C9F29FB 9 Bytes [ 85, FF, BB, 02, 40, 00, 80, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetImageLists + 23 7C9F3C01 40 Bytes CALL 7C9EDE29 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetImageLists + 4C 7C9F3C2A 53 Bytes [ 89, 5D, F8, 33, C0, 8B, 7D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetImageLists + 82 7C9F3C60 4 Bytes [ 20, 8B, 4D, 08 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetImageLists + 87 7C9F3C65 104 Bytes [ 75, 18, 83, C1, F0, 53, 53, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetImageLists + F0 7C9F3CCE 107 Bytes [ FF, 7F, 0F, 87, 98, FD, 04, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHBindToParent + 1B 7C9F3D83 49 Bytes [ 8D, 04, 85, C0, FA, BC, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHBindToParent + 4D 7C9F3DB5 10 Bytes [ 8D, 7D, F4, AB, AB, 8D, 55, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHBindToParent + 58 7C9F3DC0 23 Bytes [ 01, 51, FF, 50, 1C, 85, C0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHBindToParent + 70 7C9F3DD8 74 Bytes [ FF, 15, D4, 15, 9C, 7C, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHBindToParent + BC 7C9F3E24 9 Bytes JMP 7C9F3A67 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetCachedImageIndex + 9 7C9F3EC1 12 Bytes [ 00, 0F, 87, CC, 05, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetCachedImageIndex + 16 7C9F3ECE 13 Bytes [ B9, 11, 03, 00, 00, 3B, C1, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetCachedImageIndex + 25 7C9F3EDD 3 Bytes [ 75, F3, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetCachedImageIndex + 29 7C9F3EE1 56 Bytes [ 83, F8, 34, 0F, 86, F2, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_GetCachedImageIndex + 62 7C9F3F1A 58 Bytes [ 50, 08, 8B, C7, 8B, 4D, FC, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyDeregister + 3F 7C9F4A59 63 Bytes [ 66, 83, 78, 04, 00, 0F, 85, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyDeregister + 7F 7C9F4A99 40 Bytes [ 8D, 86, 24, 02, 00, 00, 50, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyDeregister + A8 7C9F4AC2 26 Bytes CALL 7C9F4A70 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyDeregister + C3 7C9F4ADD 12 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyDeregister + D2 7C9F4AEC 61 Bytes [ 57, 74, 7A, 53, 83, BE, 20, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ExtractIconExW + 4D 7C9F6D5C 78 Bytes [ CF, FF, 75, 08, 56, E8, 80, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ExtractIconExW + 9C 7C9F6DAB 31 Bytes [ 00, 68, C0, 5D, 9F, 7C, 8D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ExtractIconExW + BC 7C9F6DCB 5 Bytes [ 00, A1, 51, 9F, 7C ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ExtractIconExW + C2 7C9F6DD1 34 Bytes [ 00, 00, 00, 7A, DF, 66, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ExtractIconExW + E9 7C9F6DF8 35 Bytes CALL 7C9E8427 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCloneSpecialIDList + 3A 7C9F70DD 34 Bytes [ 89, 45, DC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCloneSpecialIDList + 5D 7C9F7100 2 Bytes [ D9, A5 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCloneSpecialIDList + 60 7C9F7103 16 Bytes [ 15, 94, 1A, 9C, 7C, 8B, F8, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCloneSpecialIDList + 71 7C9F7114 20 Bytes [ FF, 85, C0, 0F, 85, 18, 05, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCloneSpecialIDList + 86 7C9F7129 20 Bytes [ 03, 00, 00, 8B, 45, E8, 8B, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsExe + 17 7C9F75C5 58 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsExe + 52 7C9F7600 63 Bytes [ F9, FF, FF, 57, 8D, 85, F4, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsExe + 92 7C9F7640 131 Bytes [ FF, 83, F8, FF, 89, 06, 0F, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsExe + 116 7C9F76C4 11 Bytes [ FF, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathIsExe + 122 7C9F76D0 36 Bytes CALL 7C9F4D76 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsLFNDrive + 2B 7C9F78CC 41 Bytes [ F6, 45, 08, 01, 74, 07, 56, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsLFNDrive + 55 7C9F78F6 57 Bytes [ FF, 51, 08, C7, 06, D4, 61, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsLFNDrive + 8F 7C9F7930 66 Bytes [ F7, D8, 1B, C0, 25, F2, FF, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsLFNDrive + D2 7C9F7973 5 Bytes [ 08, 50, FF, 51, 04 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsLFNDrive + D8 7C9F7979 5 Bytes [ C6, 5E, 5D, C2, 08 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotification_Unlock + 2A 7C9F7F4A 26 Bytes CALL 7C9E83FF C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotification_Unlock + 46 7C9F7F66 8 Bytes [ 00, A1, 48, F5, BC, 7C, 56, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotification_Unlock + 4F 7C9F7F6F 13 Bytes [ 45, FC, 8B, 45, 08, 6A, 04, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotification_Unlock + 5D 7C9F7F7D 19 Bytes [ F0, 33, D2, F3, A7, 0F, 84, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotification_Unlock + 71 7C9F7F91 43 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotify + 2 7C9F841B 70 Bytes [ 50, 1C, 8B, D8, 85, DB, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotify + 49 7C9F8462 51 Bytes [ 55, 8B, EC, 56, 8B, F1, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotify + 7D 7C9F8496 196 Bytes [ 85, C0, 0F, 84, 7B, 47, 12, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotify + 142 7C9F855B 20 Bytes [ 47, 33, F6, 89, 33, 3B, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotify + 157 7C9F8570 2 Bytes [ 70, 04 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDiskFreeSpaceExW + 12 7C9F9BE3 46 Bytes [ 3D, 10, AF, 9E, 7C, 6A, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDiskFreeSpaceExW + 41 7C9F9C12 63 Bytes [ C7, 46, 3C, 24, 84, 9C, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDiskFreeSpaceExW + 81 7C9F9C52 40 Bytes [ F6, 45, 08, 01, 74, 07, 56, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDiskFreeSpaceExW + AA 7C9F9C7B 26 Bytes [ 0E, 8D, 46, 0C, 50, FF, 15, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetDiskFreeSpaceExW + C5 7C9F9C96 30 Bytes [ FF, 83, 66, 2C, 00, 59, 8B, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyRegister + CA 7C9FEC25 158 Bytes [ 90, 90, 90, C7, 05, F0, 07, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyRegister + 16A 7C9FECC5 34 Bytes [ 90, 90, 90, C7, 05, 48, 08, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyRegister + 18D 7C9FECE8 99 Bytes [ C7, 05, 5C, 08, BD, 7C, A0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyRegister + 1F1 7C9FED4C 23 Bytes [ BD, 7C, A0, E1, 9F, 7C, C3, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHChangeNotifyRegister + 20B 7C9FED66 27 Bytes [ 90, 90, C7, 05, A4, 08, BD, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_MergeMenus + 2 7C9FF256 8 Bytes [ FF, 85, DB, 5F, 74, 09, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_MergeMenus + B 7C9FF25F 152 Bytes [ 0F, 85, E3, 8E, 00, 00, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_MergeMenus + A4 7C9FF2F8 57 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_MergeMenus + DE 7C9FF332 4 Bytes [ C9, C2, 10, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!Shell_MergeMenus + E4 7C9FF338 95 Bytes [ 21, D1, AB, 7C, C6, B4, A2, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateShellFolderView + 2 7CA008BC 88 Bytes [ 75, 08, 8D, 8E, 40, 02, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateShellFolderView + 5B 7CA00915 62 Bytes [ 00, 00, 85, C0, 0F, 84, 02, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateShellFolderView + 9A 7CA00954 130 Bytes [ 00, FF, 75, 08, 8B, 00, 8B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateShellFolderView + 11D 7CA009D7 5 Bytes [ 80, A6, 12, 02, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateShellFolderView + 123 7CA009DD 129 Bytes [ FE, F6, 86, 14, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapIDListToImageListIndexAsync + 38 7CA02DFC 27 Bytes [ 8D, 88, 00, 8E, FF, FF, 81, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapIDListToImageListIndexAsync + 54 7CA02E18 6 Bytes [ 00, 6A, 0A, EB, 3F, 6A ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapIDListToImageListIndexAsync + 5B 7CA02E1F 83 Bytes [ 8D, 8D, F0, FE, FF, FF, 51, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapIDListToImageListIndexAsync + AF 7CA02E73 7 Bytes [ FF, 51, 57, FF, B5, F8, FE ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapIDListToImageListIndexAsync + B7 7CA02E7B 61 Bytes [ FF, 6A, 2B, 83, A5, F0, FE, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 3E 7CA03AE2 91 Bytes [ 5E, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 9C 7CA03B40 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapPIDLToSystemImageListIndex + A3 7CA03B47 24 Bytes [ 54, 06, 00, 00, A1, 48, F5, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapPIDLToSystemImageListIndex + BC 7CA03B60 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHMapPIDLToSystemImageListIndex + BE 7CA03B62 9 Bytes CALL 7C9EDE29 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHDefExtractIconW + 73 7CA05774 114 Bytes [ 85, C0, 7C, 13, FF, 75, 08, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHExtractIconsW + 35 7CA057E7 186 Bytes [ 55, 8B, EC, 56, FF, 75, 10, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHExtractIconsW + F0 7CA058A2 11 Bytes [ FF, 8B, F0, 85, F6, 0F, 84, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHExtractIconsW + FC 7CA058AE 53 Bytes CALL 7CA058DD C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHExtractIconsW + 132 7CA058E4 115 Bytes [ EC, 28, 04, 00, 00, A1, 48, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHExtractIconsW + 1A6 7CA05958 57 Bytes [ F3, AB, 83, C3, 20, 53, 33, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetVersion + 5 7CA06470 59 Bytes [ 81, EC, 28, 02, 00, 00, A1, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetVersion + 41 7CA064AC 14 Bytes [ 4C, 02, 00, 33, F6, 39, B5, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetVersion + 51 7CA064BC 51 Bytes [ 00, 57, 68, 70, F5, BC, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetVersion + 85 7CA064F0 6 Bytes [ 00, 00, 75, 15, 56, 53 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DllGetVersion + 8C 7CA064F7 88 Bytes [ B5, EC, FD, FF, FF, E8, D5, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetImageList + C 7CA0699D 39 Bytes [ F0, FF, FF, 75, 03, 09, 46, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetImageList + 34 7CA069C5 13 Bytes JMP 7C9F3B2F C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetImageList + 43 7CA069D4 26 Bytes [ F0, 5B, A0, 7C, D4, 5B, A0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetImageList + 5F 7CA069F0 15 Bytes [ 44, 5B, A0, 7C, 20, 5B, A0, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetImageList + 6F 7CA06A00 11 Bytes [ BC, 5A, A0, 7C, 98, 5A, A0, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathResolve + 5B 7CA0955D 97 Bytes [ B9, A1, 80, AD, 7C, 89, 15, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathResolve + BD 7CA095BF 240 Bytes [ BD, 7C, C7, 05, 38, 03, BD, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathResolve + 1AE 7CA096B0 3 Bytes [ FD, 61, FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathResolve + 1B2 7CA096B4 17 Bytes [ 34, 4B, 17, 9B, FF, 40, D2, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!PathResolve + 1C4 7CA096C6 20 Bytes [ 00, 00, 80, 54, 27, F2, 82, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ShellExecuteExW + 96 7CA09A01 95 Bytes [ 83, FF, 08, 0F, 8E, 71, 1B, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ShellExecuteExW + F6 7CA09A61 92 Bytes [ 10, 89, 91, B4, 00, BD, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ShellExecuteExW + 153 7CA09ABE 62 Bytes [ 00, 56, FF, 35, 8C, 05, BD, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ShellExecuteExW + 192 7CA09AFD 30 Bytes [ 1D, 9C, 7C, 99, 2B, C2, D1, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ShellExecuteExW + 1B1 7CA09B1C 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHTestTokenMembership + 4D 7CA0C020 6 Bytes [ F1, 8B, 86, 30, 60, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHTestTokenMembership + 54 7CA0C027 18 Bytes [ 8B, 08, 68, 48, 10, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHTestTokenMembership + 68 7CA0C03B 15 Bytes [ 6A, 01, 6A, 00, 50, FF, 51, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHTestTokenMembership + 78 7CA0C04B 28 Bytes [ 5F, 5E, 8B, C3, 5B, 5D, C2, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHTestTokenMembership + 95 7CA0C068 110 Bytes [ C0, 0F, 85, 64, 29, 04, 00, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!OpenRegStream + 3D 7CA0C56F 71 Bytes [ 00, 00, 56, 8D, 70, 04, 56, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!OpenRegStream + 85 7CA0C5B7 3 Bytes [ 00, 00, 8D ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!OpenRegStream + 89 7CA0C5BB 5 Bytes [ A4, FD, FF, FF, 50 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!OpenRegStream + 8F 7CA0C5C1 3 Bytes [ 85, AC, FD ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!OpenRegStream + 93 7CA0C5C5 16 Bytes CALL 7C9EFAE1 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILLoadFromStream + 2 7CA0D3BD 60 Bytes [ FF, 00, 0F, 85, 35, 23, 04, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILLoadFromStream + 3F 7CA0D3FA 30 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILLoadFromStream + 5E 7CA0D419 66 Bytes CALL 7CA0D428 C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILLoadFromStream + A1 7CA0D45C 85 Bytes [ 83, 3E, 00, 74, 20, 57, 8D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!ILLoadFromStream + F7 7CA0D4B2 54 Bytes [ 45, 08, 85, C0, 75, 07, E8, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DAD_ShowDragImage + 1 7CA0F725 114 Bytes [ 47, 30, 85, C0, 0F, 85, 7A, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DAD_ShowDragImage + 74 7CA0F798 2 Bytes [ 50, 53 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DAD_ShowDragImage + 77 7CA0F79B 3 Bytes [ CE, F9, FF ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DAD_ShowDragImage + 7B 7CA0F79F 43 Bytes [ 8B, 06, F7, D8, 1B, C0, 25, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!DAD_ShowDragImage + A7 7CA0F7CB 190 Bytes [ FF, 15, EC, 14, 9C, 7C, 85, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathAndSubDirW + F 7CA11C5F 5 Bytes [ FF, 01, 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHGetFolderPathAndSubDirW + 15 7CA11C65 131 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateDirectoryExW + 17 7CA11CE9 99 Bytes [ 16, 9C, 7C, 5F, 5E, 5B, C3, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateDirectoryExW + 7B 7CA11D4D 23 Bytes [ 85, C0, 7C, 23, 8B, 46, 10, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateDirectoryExW + 93 7CA11D65 84 Bytes [ 46, 30, 68, 55, 04, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateDirectoryExW + E8 7CA11DBA 4 Bytes [ 84, 57, 7E, 04 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHCreateDirectoryExW + ED 7CA11DBF 3 Bytes [ 6A, 43, FF ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA1276D 39 Bytes [ 8B, C6, 5E, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHUpdateRecycleBinIcon + 2D 7CA12795 49 Bytes [ BD, 7C, 3B, 18, 75, E0, 33, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHUpdateRecycleBinIcon + 5F 7CA127C7 93 Bytes JMP 7C9FF3CD C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHUpdateRecycleBinIcon + BD 7CA12825 49 Bytes [ FF, 8B, F0, 3B, F7, 0F, 8D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!SHUpdateRecycleBinIcon + EF 7CA12857 69 Bytes [ FF, 75, FC, FF, 56, 18, E9, ... ]
.text ...
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsUserAnAdmin + 35 7CA14618 16 Bytes [ 07, 77, 03, 8B, 45, 08, 5D, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsUserAnAdmin + 46 7CA14629 19 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsUserAnAdmin + 5A 7CA1463D 5 Bytes [ 0F, 85, EA, 57, 03 ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.dll!IsUserAnAdmin + 60 7CA14643 59 Bytes [ 53, 8B, 5D, 14, 56, 8B, 75, ... ]
.text C:\WINDOWS\Explorer.EXE[248] SHELL32.d

na letöltöttem az újat ott már jelzi a savet

de lehet a verzió nem stimmel 1.0.12 az enyém

Basszus nekem csak stop és copy van !!! de komoylan

mar dehogy nincsen nezed

Rottkitnél a Scanre mentem és végzett de nincsen save gomb enm találom :S:S:S:S

hogy akad,lefagy??ha igen akor futasd a G-mert,de elote ha gojos eger csavard ki az aljat a gojonal es pucold ki a tengelyeket,,

Kösz stell !!! már azért egy fokkal jobb de még mindig akad az egér :S:S:S

Fixeld le a hijackal
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

letelepiteni a combofixet a geprol-start-futatas-masold be az ablakba
combofix /u ok
Pucold ki a gepet CCleaneral

ATF-Cleaneral,
http://majorgeeks.com/downloadget.php?id=4949&file=15&evp=72ef5a5e927b2276e6a5bc34c89d005a
rakjal fel tuzfalat es jo nak kene lenie,

Királyság Stell (h) akkor hnap oan este 6 körül leszek :D
KÖSSSZZ!:D

mar csak kipucoljuk a gepet valamit lefixelunk es jo lesz de csak holnap,ma mar vegzek
udv

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20, on 2009.03.05.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3792 bytes

Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide Es az uj HijackThis logjat

aha már nincs fent

ComboFix 09-03-04.01 - Krusi 2009-03-05 19:14:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1038.18.1024.704 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090305-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\autoscan.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-05 18:20 . 2009-03-05 18:20 <DIR> d-------- c:\program files\Alwil Software
2009-03-05 17:52 . 2009-03-05 17:52 <DIR> d-------- c:\program files\AVG
2009-03-05 10:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-05 10:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-05 10:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-05 10:40 . 2009-03-05 10:40 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-05 10:35 . 2009-03-05 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-04 22:46 . 2009-03-04 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-03-04 22:46 . 2009-03-04 23:08 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-03-04 22:43 . 2009-03-05 09:22 <DIR> d-------- c:\windows\Internet Logs
2009-03-04 16:28 . 2009-03-04 17:02 <DIR> d-------- c:\documents and settings\Krusi\Application Data\IObit
2009-03-04 09:47 . 2009-03-04 09:47 <DIR> d-------- c:\program files\Common Files\Protexis
2009-03-02 20:55 . 2009-03-02 20:55 <DIR> d-------- c:\program files\EA Sports
2009-02-26 12:31 . 2009-02-26 12:31 <DIR> d-------- c:\documents and settings\Krusi\Application Data\vlc
2009-02-26 12:26 . 2009-02-26 12:26 <DIR> d-------- c:\program files\VideoLAN
2009-02-26 09:37 . 2009-03-02 22:33 <DIR> d-------- c:\windows\Hungarian Super Patch '09
2009-02-25 16:26 . 2009-02-25 16:26 <DIR> d-------- c:\program files\UltraISO
2009-02-25 16:26 . 2009-02-25 16:26 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-02-20 15:46 . 2009-03-03 22:32 <DIR> d-------- c:\documents and settings\Krusi\Application Data\XnView
2009-02-16 21:45 . 2009-02-16 21:45 <DIR> d-------- c:\program files\KRyLack Password Recovery
2009-02-16 21:45 . 2009-02-16 21:45 <DIR> d-------- c:\documents and settings\Krusi\Application Data\KRyLack Password Recovery
2009-02-16 21:38 . 1998-02-06 21:37 299,520 --a------ c:\windows\uninst.exe
2009-02-13 16:45 . 2009-02-14 13:28 123 --a------ c:\windows\wininit.ini
2009-02-13 15:23 . 2009-03-04 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 15:53 . 2003-04-15 09:59 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-12 15:53 . 2009-02-12 15:53 3,287 --a------ c:\windows\Ascd_tmp.ini
2009-02-12 08:04 . 2009-02-12 08:04 15 --a------ c:\windows\WinPatchService
2009-02-12 07:59 . 2009-02-12 07:59 <DIR> d-------- c:\documents and settings\Krusi\Application Data\Codemonster
2009-02-09 13:14 . 2009-02-09 13:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-08 18:51 . 2008-11-06 17:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-08 18:51 . 2008-11-06 17:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-08 18:51 . 2008-11-06 17:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 09:46 --------- d-----w c:\program files\ESET
2009-03-04 21:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-04 21:16 --------- d-----w c:\documents and settings\Krusi\Application Data\PC Tools
2009-03-04 08:51 2,828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-04 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-03-04 08:31 --------- d-----w c:\program files\Corel
2009-03-01 19:10 --------- d-----w c:\program files\DC++
2009-02-17 17:14 --------- d-----w c:\documents and settings\Krusi\Application Data\Corel
2009-02-13 15:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-13 15:24 --------- d-----w c:\documents and settings\Krusi\Application Data\Ulead Systems
2009-02-13 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-13 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Paragon CD-ROM Emulator
2009-02-08 17:52 --------- d-----w c:\program files\DivX
2009-01-26 08:44 119,568 ----a-w c:\windows\system32\VB6FR.DLL
2009-01-22 21:56 --------- d-----w c:\program files\DivXCodec
2009-01-11 00:34 --------- d-----w c:\documents and settings\Krusi\Application Data\gtk-2.0
2009-01-11 00:32 --------- d-----w c:\program files\Avidemux 2.4
2009-01-11 00:32 --------- d-----w c:\documents and settings\Krusi\Application Data\avidemux
2009-01-08 09:41 --------- d-----w c:\program files\AVI-ból DVD !
2009-01-07 21:13 --------- d-----w c:\program files\Pegasys Inc
2009-01-05 23:23 --------- d-----w c:\program files\Shutdown Monster
2008-12-18 21:38 65,536 ----a-w c:\windows\IFinst27.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-06 13:38 86,016 ------w c:\windows\system32\pxwma.dll
2008-12-06 09:07 59,488 ----a-w c:\windows\system32\GenSvcInst.exe
2008-12-06 09:07 145,504 ----a-w c:\windows\system32\bgsvcgen.exe
2008-09-05 06:11 8 --sh--r c:\documents and settings\All Users\Application Data\A879945699.sys
2008-08-25 20:56 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-08-25 20:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-08-25 20:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
2008-08-25 20:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= L3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.VP40"= vp4vfw.dll
"vidc.VP50"= vp5vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 08:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2003-09-04 09:45 135214 c:\program files\Common Files\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSDPSRV"=3 (0x3)
"usnjsvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"PSEXESVC"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Hungarian\\setup.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2008-10-09 152576]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-c447c453 - c:\windows\system32\bishtpty.dll


.
------- Supplementary Scan -------
.
Trusted Zone: internet
FF - ProfilePath - c:\documents and settings\Krusi\Application Data\Mozilla\Firefox\Profiles\aj2hfdlo.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 19:21:06
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-03-05 19:25:37 - machine was rebooted [Krusi]
ComboFix-quarantined-files.txt 2009-03-05 18:25:15
ComboFix2.txt 2009-02-12 20:47:33

Pre-Run: 12 176 592 896 bájt szabad
Post-Run: 12,216,270,848 bájt szabad

177 --- E O F --- 2008-11-14 08:15:24

Stell az az igazság hogy ahogy húzom az egeret egy tized másodpercre akad mindig szerintem valami vírus lesz a dologban és amikor megnyitom a DC++-t akkor rohadt lassú a gé. Ez azóta van amióta MSN-en a haver egy vírust küldött rákattintottam
de az exet már nem szedtem le azonnal bezártam azóta ilyen tetű a gép! sztem valami nem oké :S:S:S:S

Segíts ha tudsz Köszi!