udv
tolds az asztalra es futasd a DDS-programot a logjat ted ide,
http://download.bleepingcomputer.com/sUBs/dds.scr
kinyilik 2-log mind a ketot ted ide,

Szevasztok!

A segítségeteket szeretném kérni a következő ügyben:

Adott egy Samsung p4-es Laptop + Vista 32Bit és a fent említett üzenet jelenik meg sűrűn - sűrűn (mint felugró ablak)

"Blokkolás történt - C:/Windows/system32/SECUR32.DLL"

Internetet lehetetlen használni..., Windows Deffender nem indul (csak valami hiba üzenetet ír ki a rendszer), telepíteni nem lehet programot és hasonlók)
De vannak programok, amelyek azért elindulnak...pl. Spyware Terminator, Saját gép...!

Ha tud valaki legyenszíves segítsen...! Hogy írtsam ki azt a férget..., mert gondolom valami olyasmiről van szó....!

A gép persze lassú és az egér néha használhatatlanná vállik (nem reagál)!

Előre is köszönet a segítségért...!

szia!

köszi szépen, úgy tűnik minden ok )

ok,akor nembabraljuk feleslegesen,a combofix logja jol nez ki,szed le a geprol a combofixet
start-futatas-masold be ezt a parancsot combofix /u ok
a combofix letelepitodik a geprol,
meg futasd le a Malwarebytes programot,csinalj komplet skant,amit talal torold ki,
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
jo ejt,ma mar vegzek,,

Most épp nem tapasztalok semmi rendelleneset.

Spybotot és CCleaner-t futtattam még...

hm,azt latom hogy a virusaim eltuntek,futatal valami programot a combofix elott??es ird ide hogy mukszik a Gep,,

Washinton, DC-ben vagyok épp, szóval itt 6 órával korább van

Na mit lát, doktor úr?

Vagy a user.
Meg attól is függ, hogy multibootos rendszer-e. Mert ha igen, akkor csak egy partíción, célszerűen a legtöbbet használton lehet bekapcsolva az automatikus átállás a nyári időszámításra.
Sőt a többi partíción az internetes időszinkront is ki kell kapcsolni.

hat,igen lehet az is de eltuntek a virusaim es nemtudom hova,es mikor
Amugy neztem a Hokit a Magyarok nemis tudtam hogy ilyen jol jatszanak,majdnem nyertek velunk is es a az oroszokal is,nemsok hianyzott,

Lehet a gép órája is bolond!
Nálam rendszeresen,ha a linux-ból újraaindítok wint két órát késik átírja a rendszeridőt a BIOS-ban!-Avagy a timerlock-kal telepítette a tört rendszert,és nem állította a valós időre-elképzelhető,hogy maga a virus olyan okos...átírja a rendszerórát a win indításakor..a fentebb emlegetett:timerlock képes hasonló huncutságokra ez nem lehet mérvadó,de felettébb gyanús!..

na varjal csak egy csepet,milyen logot tetel ide,ez volt futatva
ComboFix 09-04-27.04 - Ági 9. 04. 28. 7:12.1 - NTFSx86
7.ora 12-kor tehat mar futayad a combofixet regel??

Szia!

Ő lenne az:

ComboFix 09-04-27.04 - Ági 9. 04. 28. 7:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.461 [GMT -4:00]
Running from: c:\documents and settings\Ági\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\e1000msg.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 11:03 . 2009-04-28 11:03 -------- d--h--r c:\documents and settings\Ági\Recent
2009-04-28 11:03 . 2009-04-28 11:03 -------- d--h--r c:\documents and settings\Ági\Recent
2009-04-28 02:36 . 2009-04-28 02:36 -------- d-----w c:\program files\Hijack This 2.02
2009-04-28 02:09 . 2009-04-28 02:09 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 02:09 . 2009-04-28 03:18 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-23 03:37 . 2009-04-23 03:37 -------- d-----w c:\documents and settings\Ági\Application Data\Nokia Multimedia Player
2009-04-23 00:59 . 2006-09-26 17:57 28672 ----a-w c:\windows\system32\AVEQT.dll
2009-04-23 00:59 . 2004-12-20 20:19 129024 ----a-w c:\windows\system32\AVERM.dll
2009-04-23 00:59 . 2009-04-23 02:58 -------- d-----w c:\program files\Allok MP3 to AMR Converter
2009-04-23 00:32 . 2009-04-23 00:58 -------- d-----w c:\documents and settings\Ági\Application Data\GetRightToGo
2009-04-22 23:52 . 2009-04-22 23:52 -------- d-----w c:\documents and settings\Ági\Phone Browser
2009-04-22 23:52 . 2009-04-22 23:52 -------- d-----w c:\documents and settings\Ági\Phone Browser
2009-04-22 23:48 . 2009-04-22 23:48 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-22 23:47 . 2009-04-22 23:50 -------- d-----w c:\documents and settings\Ági\Application Data\Nokia
2009-04-22 23:46 . 2009-04-22 23:46 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-22 23:46 . 2009-04-22 23:46 -------- d-----w c:\program files\Common Files\Nokia
2009-04-22 23:46 . 2009-04-22 23:46 -------- d-----w c:\program files\DIFX
2009-04-22 23:46 . 2009-04-22 23:46 -------- d-----w c:\documents and settings\Ági\Application Data\PC Suite
2009-04-22 23:45 . 2009-04-22 23:45 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-22 23:45 . 2007-02-22 15:15 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-22 23:45 . 2009-04-22 23:46 -------- d-----w c:\program files\Nokia
2009-04-22 23:44 . 2009-04-22 23:44 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-18 13:01 . 2009-04-18 13:01 -------- d--h--w c:\windows\PIF
2009-04-17 04:35 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 04:35 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 04:35 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 04:35 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 04:35 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 04:35 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 04:35 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 04:35 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 04:35 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 04:35 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 04:34 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 04:34 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 02:24 . 2009-04-14 02:24 -------- d-----w c:\documents and settings\Ági\Local Settings\Application Data\GHISLER
2009-04-14 02:23 . 2009-04-14 02:23 -------- d-----w c:\documents and settings\Ági\Application Data\Help
2009-04-14 02:23 . 2009-04-14 02:23 -------- d-----w c:\documents and settings\Ági\Local Settings\Application Data\Help
2009-04-12 03:46 . 2009-04-12 03:51 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-12 03:46 . 2009-04-12 03:46 27136 ----a-w c:\windows\system32\drivers\nchssvad.sys
2009-04-12 03:44 . 2009-04-12 03:44 -------- d-----w c:\program files\NCH Software
2009-04-12 03:44 . 2009-04-12 03:55 -------- d-----w c:\program files\NCH Swift Sound
2009-04-12 03:44 . 2009-04-12 03:55 -------- d-----w c:\documents and settings\Ági\Application Data\NCH Swift Sound
2009-04-10 03:36 . 2009-04-10 03:36 -------- d-----w c:\documents and settings\Ági\Application Data\AdobeUM
2009-04-10 03:35 . 2009-04-10 03:35 -------- d-----w c:\documents and settings\Ági\Local Settings\Application Data\Adobe
2009-04-10 03:34 . 2009-04-10 03:34 -------- d-----w c:\program files\Common Files\Adobe
2009-04-10 02:15 . 2009-04-10 02:15 -------- d-----w c:\documents and settings\Ági\Application Data\Ulead Systems
2009-04-10 02:12 . 2009-04-10 02:13 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-04-10 02:12 . 2009-04-10 02:12 -------- d-----w c:\program files\Corel
2009-04-10 02:12 . 2009-04-10 02:13 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-04-09 03:46 . 2009-04-09 03:46 -------- d-----w c:\program files\MSXML 6.0
2009-04-08 12:05 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-08 12:05 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-08 00:24 . 2009-04-08 00:24 -------- d-----w c:\windows\Sun
2009-04-08 00:21 . 2009-04-08 00:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 00:21 . 2009-04-08 00:21 -------- d-----w c:\documents and settings\Ági\Application Data\Sun
2009-04-07 23:50 . 2009-04-28 11:17 -------- d-----w c:\documents and settings\Ági\Tracing
2009-04-07 23:50 . 2009-04-28 11:17 -------- d-----w c:\documents and settings\Ági\Tracing
2009-04-07 23:49 . 2009-04-07 23:49 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-07 23:49 . 2009-04-07 23:49 -------- d-----w c:\program files\Microsoft
2009-04-07 23:48 . 2009-04-07 23:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-07 23:48 . 2009-04-07 23:50 -------- d-----w c:\program files\Windows Live
2009-04-07 23:46 . 2009-04-07 23:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-02 16:34 . 2009-04-02 16:34 -------- d-----w c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 02:37 . 2009-03-23 09:16 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-28 02:36 . 2009-03-24 02:33 -------- d-----w c:\program files\MagicISO
2009-04-28 02:27 . 2009-03-23 09:30 -------- d-----w c:\program files\PCDR5
2009-04-28 02:27 . 2009-03-23 09:22 -------- d-----w c:\program files\NetWaiting
2009-04-26 04:00 . 2009-03-23 09:35 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-04-10 11:45 . 2009-03-23 09:48 82168 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 02:14 . 2009-03-23 09:19 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 03:46 . 2009-03-23 09:49 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-08 00:21 . 2009-03-23 09:27 -------- d-----w c:\program files\Java
2009-04-07 23:50 . 2009-03-23 13:25 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-24 03:12 . 2009-03-24 03:11 -------- d-----w c:\program files\Microsoft Expression
2009-03-24 03:02 . 2009-03-24 03:02 -------- d-----w c:\program files\MSBuild
2009-03-24 02:58 . 2009-03-24 02:58 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-24 02:29 . 2009-03-24 02:29 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-24 02:29 . 2009-03-24 02:29 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-24 02:22 . 2009-03-24 02:22 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-24 01:31 . 2009-03-24 01:31 -------- d-----w c:\program files\NeroInstall.bak
2009-03-24 01:14 . 2009-03-24 01:13 -------- d-----w c:\program files\Common Files\Nero
2009-03-24 01:13 . 2009-03-24 01:13 -------- d-----w c:\program files\Nero
2009-03-24 00:31 . 2009-03-24 00:30 -------- d-----w c:\program files\Google
2009-03-23 23:11 . 2009-03-23 23:12 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-23 23:09 . 2009-03-23 23:09 -------- d-----w c:\program files\SMPlayer
2009-03-23 22:44 . 2009-03-23 22:44 -------- d-----w c:\program files\Lavasoft
2009-03-23 22:38 . 2009-03-23 22:37 -------- d-----w c:\program files\iTunes
2009-03-23 22:37 . 2009-03-23 22:37 -------- d-----w c:\program files\iPod
2009-03-23 22:37 . 2009-03-23 22:37 -------- d-----w c:\program files\Bonjour
2009-03-23 22:37 . 2009-03-23 22:36 -------- d-----w c:\program files\QuickTime
2009-03-23 22:36 . 2009-03-23 22:36 -------- d-----w c:\program files\Apple Software Update
2009-03-23 22:36 . 2009-03-23 22:36 -------- d-----w c:\program files\Common Files\Apple
2009-03-23 22:35 . 2009-03-23 22:35 -------- d-----w c:\program files\CCleaner
2009-03-23 22:30 . 2009-03-23 22:30 -------- d-----w c:\program files\uTorrent
2009-03-23 22:25 . 2009-03-23 22:25 0 ----a-w c:\windows\nsreg.dat
2009-03-23 13:30 . 2009-03-23 13:30 -------- d-----r c:\program files\Skype
2009-03-23 13:25 . 2009-03-23 13:25 50 ----a-w c:\windows\system32\drivers\LENOVO_1952_VL5.MRK
2009-03-23 12:50 . 2009-03-23 10:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-23 12:50 . 2009-03-23 10:36 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-23 11:27 . 2006-04-30 07:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 10:35 . 2009-03-23 10:35 -------- d-----w c:\program files\AVG
2009-03-23 09:51 . 2009-03-23 09:51 -------- d-----w c:\program files\Microsoft Small Business
2009-03-23 09:48 . 2009-03-23 13:25 68456 ----a-w c:\documents and settings\Ági\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-23 09:46 . 2009-03-23 09:46 -------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-03-23 09:45 . 2009-03-23 09:45 -------- d-----w c:\program files\Microsoft Works
2009-03-23 09:44 . 2009-03-23 09:44 -------- d-----w c:\program files\Microsoft.NET
2009-03-23 09:36 . 2009-03-23 09:30 -------- d-----w c:\program files\Common Files\Lenovo
2009-03-23 09:36 . 2009-03-23 09:21 -------- d-----w c:\program files\Lenovo
2009-03-23 09:35 . 2009-03-23 09:35 23552 ----a-w c:\windows\system32\drivers\psasrv.exe
2009-03-23 09:35 . 2009-03-23 09:35 -------- d-----w c:\program files\SMI2
2009-03-23 09:35 . 2009-03-23 09:35 -------- d-----w c:\program files\TVT SMBus
2009-03-23 09:35 . 2009-03-23 09:35 7012 ----a-w c:\windows\system32\drivers\pmemnt.sys
2009-03-23 09:35 . 2006-11-16 23:14 17536 ----a-w c:\windows\system32\drivers\psadd.sys
2009-03-23 09:34 . 2009-03-23 09:19 -------- d-----w c:\program files\ThinkPad
2009-03-23 09:34 . 2009-03-23 09:34 -------- d-----w c:\program files\Diskeeper Corporation
2009-03-23 09:30 . 2009-03-23 09:30 -------- d-----w c:\program files\Sonic Icons for Lenovo
2009-03-23 09:30 . 2009-03-23 09:17 -------- d-----w c:\program files\Common Files\Installshield
2009-03-23 09:30 . 2009-03-23 09:30 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-03-23 09:30 . 2009-03-23 09:30 -------- d-----w c:\program files\Sonic
2009-03-23 09:30 . 2009-03-23 09:30 -------- d-----w c:\program files\Multimedia Center for Think Offerings
2009-03-23 09:30 . 2009-03-23 09:29 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-23 09:28 . 2009-03-23 09:28 -------- d-----w c:\program files\Common Files\InterVideo
2009-03-23 09:28 . 2009-03-23 09:28 -------- d-----w c:\program files\InterVideo
2009-03-23 09:27 . 2009-03-23 09:26 -------- d-----w c:\program files\ThinkVantage
2009-03-23 09:27 . 2009-03-23 09:27 -------- d-----w c:\program files\Common Files\Java
2009-03-23 09:22 . 2009-03-23 09:22 -------- d-----w c:\program files\Digital Line Detect
2009-03-23 09:22 . 2009-03-23 09:22 -------- d-----w c:\program files\CONEXANT
2009-03-23 09:22 . 2009-03-23 09:12 -------- d-----w c:\program files\Analog Devices
2009-03-23 09:21 . 2009-03-23 09:21 0 ---ha-r c:\windows\system32\drivers\IBM_1952_VL5_TP.MRK
2009-03-23 09:21 . 2009-03-23 09:21 -------- d-----w c:\program files\ThinkVantage Fingerprint Software
2009-03-23 09:21 . 2009-03-23 09:21 -------- d-----w c:\program files\Common Files\ThinkVantage Fingerprint Software
2009-03-23 09:21 . 2009-03-23 09:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 09:20 . 2009-03-23 09:20 21419 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-23 09:20 . 2009-03-23 09:20 -------- d-----w c:\program files\Intel
2009-03-23 09:19 . 2009-03-23 09:19 -------- d-----w c:\program files\Synaptics
2009-03-23 09:19 . 2009-03-23 09:19 -------- d-----w c:\program files\MSXML 4.0
2009-03-06 14:22 . 2006-04-30 06:55 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-23 22:36 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 03:59 . 2009-03-23 22:36 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 00:18 . 2006-04-30 06:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-04-30 06:55 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2006-04-30 06:55 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-04-30 06:55 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-04-30 06:55 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-04-30 06:55 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-04-30 06:55 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2006-04-30 06:55 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-04-30 06:55 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-04-30 06:55 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2006-04-30 06:55 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-02-19 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-19 110592]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1601304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-23 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-19 23:03 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 12:50 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-23 951632]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R3 PAC207;VideoCAM GE111;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2009-04-12 794628]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-23 64160]
S0 Shockprf;Shockprf; [x]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-11-08 11520]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-23 325128]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\Drivers\IBMBLDID.sys [2006-01-13 6016]
S1 ShockMgr;ShockMgr; [x]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-05-25 4442]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 3456]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{394ba7b3-17f8-11de-8d35-000000000000}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:11]

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-03-23 16:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6fce5b32-8658-41a9-ad8e-94f28031b82f} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Ági\Application Data\Mozilla\Firefox\Profiles\tkdrf1r0.default\
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 07:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(1416)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2009-04-28 7:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 11:19

Pre-Run: 8 246 448 128 bytes free
Post-Run: 8 145 588 224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

374 --- E O F --- 2009-04-17 07:05

Szia
agi_006
Hat igen a Donations to stell,nem rosz otlett,
De nemakarok en gyorsan megazdagodni

Igen a geped igen komolyan megvan fertozve ezert most futatod a Combofixet es a logjat ted ide,

Szia Stell!

Egyszer rég már segítettél.. most megint sikerült összeszednem vmi vírust és rögtön eszembe jutottál Tényleg kéne egy "donations to stell" link a sarokba

Csináltam egy Hijack This logot, meg tudnád nézni mi a bibi?
A vírusírtóm felismert pár fertőzött fájlt, de azt mondja nem találhatóak :S mindenféle .dll-ek a system32-ben...

Logfile of HijackThis v1.99.1
Scan saved at 22:34:20, on 2009. 04. 27.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\prnet.tmp
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ági\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {6fce5b32-8658-41a9-ad8e-94f28031b82f} - C:\WINDOWS\system32\sozerilu.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [wisukitazi] Rundll32.exe "C:\WINDOWS\system32\bitaloyo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\nogawale.dll,C:\WINDOWS\system32\ladovidi.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: VRS Recording System (VRSService) - Unknown owner - C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -service (file missing)

Good Luck!!
Ha valamit talal torold ki,kiprobalni es ha van problem leirni,majd holnap megnezem,,

thank you!!! Im doing the complete scan now

ok,torold mindet,es utana csinalj komplet skant

hi, fut most még. hogy lásd, igazi kezdővel van dolgod: elmondom, ez életem első résztvétele fórumon. nem találom, hogyan kell válaszolni idézet nélkül....
húúú, most lett kész a vizsgálattal: mywebes filet talált!
itt van az eredmény:
Malwarebytes' Anti-Malware 1.36
Adatbázis verzió: 2049
Windows 6.0.6001 Service Pack 1

27/04/2009 20:44:35
mbam-log-2009-04-27 (20-44-06).txt

Vizsgálat típusa: Gyorsvizsgálat
Átvizsgált objektumok: 71693
Eltelt idõ: 7 minute(s), 23 second(s)

Fertõzött memóriafolyamatok: 0
Fertõzött memória modulok: 0
Fertõzött rendszerleíró kulcsok: 9
Fertõzött rendszerleíró értékek: 0
Fertõzött rednszerleíró elemek: 0
Fertõzött mappák: 0
Fertõzött fájlok: 0

Fertõzött memóriafolyamatok:
(Nem észleltem rosszindulatú elemeket)

Fertõzött memória modulok:
(Nem észleltem rosszindulatú elemeket)

Fertõzött rendszerleíró kulcsok:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Fertõzött rendszerleíró értékek:
(Nem észleltem rosszindulatú elemeket)

Fertõzött rednszerleíró elemek:
(Nem észleltem rosszindulatú elemeket)

Fertõzött mappák:
(Nem észleltem rosszindulatú elemeket)

Fertõzött fájlok:
(Nem észleltem rosszindulatú elemeket)

nem,futasd a malwarebytes programot,a HiJack-program mar vak,,

hello,
a probléma az, hogy a mywebsearch -annak ellenére, h már mindenféle vírusirtó állítólag kiirtotta - a gép elindításakor betöltődik kezdőlapként (az eredeti az origo.hu lenne). tehát ott rejtőzködik, s támadhat, a háttérben...
a logból nem látni, hogy a gépen van?

What's Your Problem?

Tolds lea Malwarebytes programot es futasd-gyors-skent csinally,a logot ted ide,
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
itt van az hogy kel csinalnod logot,]
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229/

please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:03, on 27/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\krisztina\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\krisztina\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.origo.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\krisztina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] C:\Users\krisztina\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DB7250B-BDCE-473B-BA2B-33D88196A997}: NameServer = 213.46.246.54 213.46.246.53
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14195 bytes

az mind renben van
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=SnagItBHO.dll
nltide_2-renben van,
nincsen mitt,
udv

Nincs probléma a géppel, csak van olyan, mint: BHO, Toolbar, vagy O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'HELYI SZOLGÁLTATÁS') , O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'HÁLÓZATI SZOLGÁLTATÁS') , O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') , O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
Én ezekre gondoltam,mivel ismeretlen számomra, ezért fordultam Hozzád.
Nagyon szépen köszönöm,hogy segítettél.

Üdv.:Sanyi

ha nincsen semi problem a gepel akor ok,

Szia Stell!

Megnéznéd? Kösz

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:21, on 2009.04.23.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\WO6.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
C:\Program Files\Total Commander 2008 Final Edition by K-ED\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=hun
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6923 bytes

nincsen mit
udv,,

Köszönöm,majdnem leszedte a vista-mat is a KIS.

tesek
http://www.viry.cz/forum/viewtopic.php?f=29&t=72734&p=654327#p654327

Üdv stell mester,elküldenéd nekem a linket ahol fent van hogy kell beállítani a Kaspersky internetsecurity-it?(Vissza kellett tennem beszedtem egy trójait a nod32-vel)A Ksnem fut végig az összes lemezen(sok a tömörített cucc)kikapcsolhatom a tömörített és a többszörösen tömörített fileok ellenőrzését?

ide irtam hogy mitt csinalj
http://forum.terminal.hu/viewtopic.php?p=922731#922731

Üdv.: Stell és mindenki!

Már vagy 2 hete szívok 1 trójai féreg miatt amit vszeg egy cracks/serials oldalról szerezhettem be az avast futott de vmiért nem fogta meg szóval a következő a gond: ha elindul a gép és be van dugva a modem akkor 1-2 perc múlva elkezdenek letöltődni az windows/temp mappába bn1.tmp vr1.tmp..stb több .tmp fájlok a windows/system32 mappába is ide reader_s.exe is a tmp-k mellett és a document and settings/user mappába is reader_s.exe lefuttattam már a previxet/Malwarebytes' Anti-Malware amit találtak töröltem de továbbra sem változik semmi a virusirtók nem futnak mert az első alkalommal vagy 20 rendszerszolgáltatás futattási helyét átírta a registryben windows/temp/vrt164.tmp-re így lebénult minden virusírtó ill. plugandplay-t használó program, 3 rendszer szolgáltatás kivételével már mindent kijavítottam de a plugandplay-t használó programok (pl.:vírusírtók) azóta sem mennek.

Tudja valaki mitől indul újra a tmp letöltődése ha a modemet bedugom hol keressem a férget?

Válaszokat előre is köszönöm!

hjackthislog:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:11 du., on 2009.04.10.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Prevx\prevx.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Prevx\prevx.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
I:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
I:\Program Files\Spyware Terminator\sp_rsser.exe
I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
I:\WINDOWS\system32\taskmgr.exe
I:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.111.133.92:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O1 - Hosts: 193.125.23.12 updates.sald.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O4 - HKLM\..\Run: [SpywareTerminator] "I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] I:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] I:\WINDOWS\services.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Letöltés a FlashGet-tel - I:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Minden letöltése a FlashGet-tel - I:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - I:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3209654532
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: PreBootCheck - {b2fbad60-94bf-4f73-9018-63d4697b4563} - (no file)
O23 - Service: CSIScanner - Prevx - I:\Program Files\Prevx\prevx.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - I:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5678 bytes

Akor it megtalalsz minkett
Udv,,

Azért én csak megköszönném mégiscsak, hogy rám áldoztad az idődet!

Kellemes hétvégét, és ha bajom lenne ( remélem, nem lesz) akkor már tudom, kihez kell fordulni:D

ok,Az ESET karantenjaban vanak ezek a Trojak,tehat torold es kolds a penzedet,
nincsen mitt koszonod,
udv

Egy kicsit megnyugodtam, csak a karantpénban találta meg a szemeteket,..mit kéne azokkal csinálnom? vagy jó helyen vannak a karanténban? Mikor feljött a riasztás, törölni nem engedte...

C:\Program Files\ESET\infected\2PWCWWDA.NQF Infected: Trojan-Downloader.Win32.FraudLoad.dvv 1

C:\Program Files\ESET\infected\B2PSZ3BA.NQF Infected: Packed.Win32.Katusha.b 1

C:\Program Files\ESET\infected\INGC54AA.NQF Infected: Trojan-Downloader.Win32.FraudLoad.dvv 1

C:\Program Files\ESET\infected\WMNKYOCA.NQF Infected: Packed.Win32.Katusha.b 1

már több, mint egy órája fut, és 4!! infected object-et talált! az hogy lehet? Ha végez, jövök a reporttal...

szia,azt hiszem hogy nyugodtam koltheted a penzeded,de ha akarod meg teszteld le itt
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

szia stell!

Azt hiszem, ez is rendben van
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

meg a rend kedveert futasd le ezt a programot ted az asztalra_Futasd,,,rogton ad logot az asztalra-ted ide
http://www2.gmer.net/mbr/mbr.exe

stell, köszi szépen a segítséget, nagyon rendes vagy!

Ezek szerint mostmár netbankolhatok, a veszély elhárult?

szed le a geprol a combofixet-start-futatas-masold be-combofix /u ok
a vezerlo pulton keresztull szed le a
C:\Program Files\NVIDIA Corporation\NetworkAccessManage tuzfalat-mert ott van a Sunbelt Tuzfal,-de vigyaz ot van az NVIDIA driver is nehogy aztat leszeded,pucold att CCleaneral es ha nincsen semi gond a gepel akor most mar ok,,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:09, on 2009.04.01.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.index.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.157.108.227/activex/AMC.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9507 bytes

ComboFix 09-04-01.01 - Hercegnő 2009-04-01 23:25:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1038.18.1022.577 [GMT 2:00]
Running from: c:\documents and settings\Hercegnő\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Hercegnő\Asztal\CFScript.txt
AV: NOD32 Antivirus System 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\vbmt32.gld
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Avira
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\vbmt32.gld

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVBOOT
-------\Service_pavboot


((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-04-01 22:58 . 2009-04-01 22:58 <DIR> d-------- c:\program files\backups
2009-04-01 22:55 . 2009-04-01 22:55 401,720 --a------ c:\program files\HijackThis.exe
2009-03-20 22:16 . 2009-03-21 19:15 <DIR> d-------- c:\program files\Billy Blade
2009-03-20 21:47 . 2009-03-20 21:47 <DIR> d-------- c:\documents and settings\Hercegnő\WINDOWS
2009-03-20 21:47 . 2009-03-20 21:47 <DIR> d-------- c:\documents and settings\Hercegnő\WINDOWS
2009-03-19 18:28 . 2003-10-27 16:06 115,016 -ra------ c:\windows\system32\MSINET.OCX
2009-03-19 18:28 . 2003-10-27 16:06 89,360 -ra------ c:\windows\system32\VB5DB.DLL
2009-03-19 18:28 . 2003-10-27 16:06 69,632 -ra------ c:\windows\system32\xmltok.dll
2009-03-19 18:28 . 2003-10-27 16:06 36,864 -ra------ c:\windows\system32\xmlparse.dll
2009-03-19 18:28 . 2003-10-27 16:06 35,840 -ra------ c:\windows\system32\comdlg32.oca
2009-03-19 18:28 . 2003-10-27 16:06 29,184 -ra------ c:\windows\system32\MSINET.oca
2009-03-19 18:28 . 2003-10-27 16:06 26,096 -ra------ c:\windows\system32\xmlinst.exe
2009-03-19 18:28 . 2003-10-27 16:06 24,576 -ra------ c:\windows\system32\msxml3a.dll
2009-03-19 18:21 . 2009-03-21 19:23 <DIR> d-------- c:\program files\UBISOFT
2009-03-16 23:28 . 2009-04-01 23:22 <DIR> d-------- c:\program files\Crawler
2009-03-16 22:11 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-16 21:24 . 2007-05-06 17:59 <DIR> d--h----- c:\documents and settings\Rendszergazda\Sablonok
2009-03-16 21:24 . 2007-05-06 19:53 <DIR> d-------- c:\documents and settings\Rendszergazda\Dokumentumok
2009-03-16 21:24 . 2007-05-06 19:53 <DIR> d-------- c:\documents and settings\Rendszergazda\Asztal
2009-03-16 21:24 . 2009-03-16 21:24 <DIR> d-------- c:\documents and settings\Rendszergazda
2009-03-15 22:53 . 2009-03-15 22:53 <DIR> d-------- c:\documents and settings\Hercegnő\Application Data\Malwarebytes
2009-03-15 22:52 . 2009-03-15 22:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 22:52 . 2009-03-15 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 22:52 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 22:52 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\program files\MSBuild
2009-03-15 20:10 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-15 20:10 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-15 20:10 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-15 20:10 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-15 20:10 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-15 20:10 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-15 20:10 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-15 19:45 . 2009-03-15 19:45 <DIR> dr-h----- C:\AHCache
2009-03-15 19:08 . 2009-04-01 22:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-15 19:08 . 2009-04-01 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 05:15 . 2009-03-15 05:16 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-15 04:25 . 2008-10-31 08:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-03-15 04:25 . 2008-06-21 05:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-03-15 04:24 . 2009-03-15 04:24 <DIR> d-------- c:\program files\Sunbelt Software
2009-03-15 03:26 . 2009-03-17 00:20 26,000 --a------ c:\windows\system32\E3TL.DLL
2009-03-15 03:22 . 2009-03-15 03:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zenturi
2009-03-15 02:55 . 2009-03-16 00:55 <DIR> d-------- C:\KillWinPro
2009-03-15 02:55 . 2000-05-22 01:00 209,608 --a------ c:\windows\system32\Tabctl32.ocx
2009-03-15 02:55 . 1996-05-03 23:05 28,672 --a------ c:\windows\system32\Msghoo32.ocx
2009-03-15 01:44 . 2009-03-15 01:44 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\IEPro
2009-03-13 21:07 . 2009-03-13 21:45 <DIR> d-------- c:\documents and settings\Hercegnő\Application Data\Winamp
2009-03-08 17:06 . 2009-03-08 17:06 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-03-08 17:05 . 2008-07-29 14:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2009-03-08 17:05 . 2008-07-29 14:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2009-03-08 17:05 . 2008-07-08 02:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2009-03-08 16:27 . 2009-03-08 16:27 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 16:27 . 2009-03-08 16:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-08 16:18 . 2009-02-18 15:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-08 16:15 . 2009-03-08 16:15 <DIR> d-------- C:\NVIDIA
2009-03-08 16:07 . 2009-03-08 16:11 <DIR> d-------- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 18:48 --------- d-----w c:\documents and settings\Hercegnő\Application Data\CenoPDF
2009-04-01 16:45 --------- d-----w c:\program files\Spyware Terminator
2009-04-01 16:45 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Spyware Terminator
2009-03-31 20:55 14,336 ----a-w c:\windows\system32\svchost.exe
2009-03-31 15:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-30 21:51 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Uniblue
2009-03-28 21:26 --------- d-----w c:\program files\CCleaner
2009-03-19 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 22:46 26,112 ----a-w c:\windows\system32\userinit.exe
2009-03-16 21:19 --------- d-----w c:\program files\WinClamAVShield
2009-03-15 20:12 --------- d-----w c:\program files\ESET
2009-03-15 19:03 --------- d-----w c:\program files\Google
2009-03-13 19:08 --------- d-----w c:\program files\Winamp
2009-03-08 23:52 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Skype
2009-03-08 23:00 --------- d-----w c:\documents and settings\Hercegnő\Application Data\skypePM
2009-03-02 00:50 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Media Player Classic
2009-03-02 00:48 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Auslogics
2009-03-01 16:50 --------- d-----w c:\program files\EA GAMES
2009-02-16 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-16 23:16 --------- d-----w c:\program files\DivX
2009-02-16 22:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-15 14:25 --------- d-----w c:\program files\Auslogics
2009-02-15 13:55 --------- d-----w c:\program files\Foxit Software
2009-02-15 13:54 --------- d-----w c:\program files\JockerSoft
2009-02-15 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-13 15:38 --------- d-----w c:\program files\Common Files\Adobe
2009-02-13 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 00:37 --------- d-----w c:\documents and settings\Hercegnő\Application Data\stickies
2009-02-02 22:40 --------- d-----w c:\program files\HDCleaner
2009-02-02 21:57 --------- d-----w c:\program files\Lystech Computing
2009-02-02 21:56 --------- d-----w c:\program files\Softland
2009-02-02 21:48 --------- d-----w c:\program files\Ashampoo
2009-02-02 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2009-02-02 21:47 --------- d-----w c:\program files\Photo!
2009-02-02 21:47 --------- d-----w c:\program files\FormatFactory
2009-02-02 21:47 --------- d-----w c:\program files\Format Factory
2009-02-02 21:42 --------- d-----w c:\documents and settings\Hercegnő\Application Data\CyberLink
2009-02-02 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-01 16:47 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Spamihilator
2009-02-01 16:00 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-01 15:23 --------- d-----w c:\documents and settings\Hercegnő\Application Data\UpdateStar
2009-02-01 15:09 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-01 15:03 --------- d-----w c:\program files\MSN Games
2009-02-01 15:01 --------- d-----w c:\program files\NOS
2009-02-01 14:41 --------- d-----w c:\program files\IEPro
2009-02-01 14:41 --------- d-----w c:\documents and settings\Hercegnő\Application Data\MiniDm
2009-01-04 14:15 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-04-02 17:14 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_22.20.15,39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-01 21:32:33 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2008-11-04 3508568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-06 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-02-01 2267136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hercegnő^Start Menu^Programs^Indítópult^Stickies.lnk]
path=c:\documents and settings\Hercegnő\Start Menu\Programs\Indítópult\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 c:\progra~1\MICROS~4\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 17:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 18:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-02-18 15:44 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
--a------ 2006-02-21 16:19 548864 c:\program files\Sprite Software\Sprite Backup\SpriteService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2009-02-01 18:00 2267136 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
--a------ 2008-11-04 10:08 3508568 c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
--a------ 2009-01-16 13:52 4370672 c:\documents and settings\Hercegnő\Application Data\UpdateStar\UpdateStar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2009-03-09 17:49 37888 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 18:02 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-02-18 15:44 1657376 c:\windows\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\totalcmd\\totalcmd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-05-06 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-05-06 5248]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-03-15 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-02-01 142592]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2007-05-10 6852]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-03-15 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-01 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ChipDVDB.EXE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.index.hu/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.157.108.227/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 23:33:42
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1412)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\nvLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-01 23:39:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 21:39:20
ComboFix2.txt 2009-04-01 20:22:29

Pre-Run: 22 123 769 856 bájt szabad
Post-Run: 22,033,256,448 bájt szabad

289 --- E O F --- 2009-03-24 23:40:31

de ot van mindegy toroljuk mert a Google se ismeri nincsen ez senkinek hat neked se kel
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide Es az uj HijackThis logjat ted ide

Az avirát tényleg letöröltem, de a panda annak nem kéne maradéknak lenni, mert azt neten fizettem elő, és szoktam azt is néha használni! Kicsit paranoid vagyok, de ez volt az első vírusom, úgyhogy csak megérte. Ezek szerint elbántam a trójaiakkal? Hát, ezt sose gondoltamm volna
Közben fixeltem a HJT-vel amit mondtál, viszont ezt a wmbt filet nem találtam meg!

Lehet, hogy hülye vagyok, de nem találok ilyen nevű filet a sys32-ben

a log is jonak nez ki van ot a Panda es a Avira maradeka meg kitoroljuk majd a combo leszedte az ADS-t
Tsszteld le a virustotalon-es az eredmenyt ted ide
VIRUSTOTALu
c:\windows\system32\vbmt32.gld
klik-prochazet-megtalalod-kuldod es varod az eredmenyt -ide teszed,

Mind a ketto fut neked automatikusan a startupba es verekszenek
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"

szed le a Spybotot a geprol
Fixeles-futatod a HiJackthis programot-klik gomb doa system scan only pipat teszel azokhoz amit oda irtam es alol klik FIXCHECKEd ez az egesz de mar most nefixelj semmit hanem majd a vegen majd ide irom most att nezem a combofix logjat,,

ComboFix 09-04-01.01 - Hercegnő 2009-04-01 22:12:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1038.18.1022.644 [GMT 2:00]
Running from: c:\documents and settings\Hercegnő\Asztal\ComboFix.exe
AV: NOD32 Antivirus System 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-20 22:16 . 2009-03-21 19:15 <DIR> d-------- c:\program files\Billy Blade
2009-03-20 21:47 . 2009-03-20 21:47 <DIR> d-------- c:\documents and settings\Hercegnő\WINDOWS
2009-03-20 21:47 . 2009-03-20 21:47 <DIR> d-------- c:\documents and settings\Hercegnő\WINDOWS
2009-03-19 18:28 . 2003-10-27 16:06 115,016 -ra------ c:\windows\system32\MSINET.OCX
2009-03-19 18:28 . 2003-10-27 16:06 89,360 -ra------ c:\windows\system32\VB5DB.DLL
2009-03-19 18:28 . 2003-10-27 16:06 69,632 -ra------ c:\windows\system32\xmltok.dll
2009-03-19 18:28 . 2003-10-27 16:06 36,864 -ra------ c:\windows\system32\xmlparse.dll
2009-03-19 18:28 . 2003-10-27 16:06 35,840 -ra------ c:\windows\system32\comdlg32.oca
2009-03-19 18:28 . 2003-10-27 16:06 29,184 -ra------ c:\windows\system32\MSINET.oca
2009-03-19 18:28 . 2003-10-27 16:06 26,096 -ra------ c:\windows\system32\xmlinst.exe
2009-03-19 18:28 . 2003-10-27 16:06 24,576 -ra------ c:\windows\system32\msxml3a.dll
2009-03-19 18:21 . 2009-03-21 19:23 <DIR> d-------- c:\program files\UBISOFT
2009-03-16 23:28 . 2009-04-01 22:08 <DIR> d-------- c:\program files\Crawler
2009-03-16 22:11 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-16 21:24 . 2007-05-06 17:59 <DIR> d--h----- c:\documents and settings\Rendszergazda\Sablonok
2009-03-16 21:24 . 2007-05-06 19:53 <DIR> d-------- c:\documents and settings\Rendszergazda\Dokumentumok
2009-03-16 21:24 . 2007-05-06 19:53 <DIR> d-------- c:\documents and settings\Rendszergazda\Asztal
2009-03-16 21:24 . 2009-03-16 21:24 <DIR> d-------- c:\documents and settings\Rendszergazda
2009-03-15 22:53 . 2009-03-15 22:53 <DIR> d-------- c:\documents and settings\Hercegnő\Application Data\Malwarebytes
2009-03-15 22:52 . 2009-03-15 22:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 22:52 . 2009-03-15 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 22:52 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 22:52 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-15 21:50 . 2009-03-22 16:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-15 20:11 . 2009-03-15 20:11 <DIR> d-------- c:\program files\MSBuild
2009-03-15 20:10 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-15 20:10 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-15 20:10 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-15 20:10 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-15 20:10 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-15 20:10 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-15 20:10 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-15 19:45 . 2009-03-15 19:45 <DIR> dr-h----- C:\AHCache
2009-03-15 19:08 . 2009-03-15 19:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-15 19:08 . 2009-03-31 22:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 05:15 . 2009-03-15 05:16 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-15 04:25 . 2008-10-31 08:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-03-15 04:25 . 2008-06-21 05:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-03-15 04:24 . 2009-03-15 04:24 <DIR> d-------- c:\program files\Sunbelt Software
2009-03-15 03:42 . 2009-03-16 21:48 9 --a------ c:\windows\system32\vbmt32.gld
2009-03-15 03:26 . 2009-03-17 00:20 26,000 --a------ c:\windows\system32\E3TL.DLL
2009-03-15 03:22 . 2009-03-15 03:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zenturi
2009-03-15 02:55 . 2009-03-16 00:55 <DIR> d-------- C:\KillWinPro
2009-03-15 02:55 . 2000-05-22 01:00 209,608 --a------ c:\windows\system32\Tabctl32.ocx
2009-03-15 02:55 . 1996-05-03 23:05 28,672 --a------ c:\windows\system32\Msghoo32.ocx
2009-03-15 01:44 . 2009-03-15 01:44 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\IEPro
2009-03-13 21:07 . 2009-03-13 21:45 <DIR> d-------- c:\documents and settings\Hercegnő\Application Data\Winamp
2009-03-08 17:06 . 2009-03-08 17:06 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-03-08 17:05 . 2008-07-29 14:33 446,464 --a------ c:\windows\system32\nvunrm.exe
2009-03-08 17:05 . 2008-07-29 14:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2009-03-08 17:05 . 2008-07-08 02:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2009-03-08 16:27 . 2009-03-08 16:27 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-08 16:27 . 2009-03-08 16:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-08 16:18 . 2009-02-18 15:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-08 16:15 . 2009-03-08 16:15 <DIR> d-------- C:\NVIDIA
2009-03-08 16:07 . 2009-03-08 16:11 <DIR> d-------- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 18:48 --------- d-----w c:\documents and settings\Hercegnő\Application Data\CenoPDF
2009-04-01 16:45 --------- d-----w c:\program files\Spyware Terminator
2009-04-01 16:45 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Spyware Terminator
2009-03-31 20:55 14,336 ----a-w c:\windows\system32\svchost.exe
2009-03-31 15:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-30 21:51 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Uniblue
2009-03-28 21:26 --------- d-----w c:\program files\CCleaner
2009-03-19 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 22:46 26,112 ----a-w c:\windows\system32\userinit.exe
2009-03-16 21:19 --------- d-----w c:\program files\WinClamAVShield
2009-03-15 20:12 --------- d-----w c:\program files\ESET
2009-03-15 19:03 --------- d-----w c:\program files\Google
2009-03-13 19:08 --------- d-----w c:\program files\Winamp
2009-03-08 23:52 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Skype
2009-03-08 23:00 --------- d-----w c:\documents and settings\Hercegnő\Application Data\skypePM
2009-03-02 00:50 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Media Player Classic
2009-03-02 00:48 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Auslogics
2009-03-01 16:50 --------- d-----w c:\program files\EA GAMES
2009-02-16 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-16 23:16 --------- d-----w c:\program files\DivX
2009-02-16 22:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-15 14:25 --------- d-----w c:\program files\Auslogics
2009-02-15 13:55 --------- d-----w c:\program files\Foxit Software
2009-02-15 13:54 --------- d-----w c:\program files\JockerSoft
2009-02-15 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-13 15:38 --------- d-----w c:\program files\Common Files\Adobe
2009-02-13 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 00:37 --------- d-----w c:\documents and settings\Hercegnő\Application Data\stickies
2009-02-02 22:40 --------- d-----w c:\program files\HDCleaner
2009-02-02 21:57 --------- d-----w c:\program files\Lystech Computing
2009-02-02 21:56 --------- d-----w c:\program files\Softland
2009-02-02 21:48 --------- d-----w c:\program files\Ashampoo
2009-02-02 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2009-02-02 21:47 --------- d-----w c:\program files\Photo!
2009-02-02 21:47 --------- d-----w c:\program files\FormatFactory
2009-02-02 21:47 --------- d-----w c:\program files\Format Factory
2009-02-02 21:42 --------- d-----w c:\documents and settings\Hercegnő\Application Data\CyberLink
2009-02-02 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-01 16:47 --------- d-----w c:\documents and settings\Hercegnő\Application Data\Spamihilator
2009-02-01 16:00 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-01 15:23 --------- d-----w c:\documents and settings\Hercegnő\Application Data\UpdateStar
2009-02-01 15:09 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-01 15:03 --------- d-----w c:\program files\MSN Games
2009-02-01 15:01 --------- d-----w c:\program files\NOS
2009-02-01 14:41 --------- d-----w c:\program files\IEPro
2009-02-01 14:41 --------- d-----w c:\documents and settings\Hercegnő\Application Data\MiniDm
2009-01-04 14:15 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-04-02 17:14 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2008-11-04 3508568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-06 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-02-01 2267136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hercegnő^Start Menu^Programs^Indítópult^Stickies.lnk]
path=c:\documents and settings\Hercegnő\Start Menu\Programs\Indítópult\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-12-27 20:43 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 c:\progra~1\MICROS~4\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 17:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 18:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-02-18 15:44 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpriteService]
--a------ 2006-02-21 16:19 548864 c:\program files\Sprite Software\Sprite Backup\SpriteService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2009-02-01 18:00 2267136 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
--a------ 2008-11-04 10:08 3508568 c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
--a------ 2009-01-16 13:52 4370672 c:\documents and settings\Hercegnő\Application Data\UpdateStar\UpdateStar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2009-03-09 17:49 37888 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 18:02 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-02-18 15:44 1657376 c:\windows\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\totalcmd\\totalcmd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-05-06 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-05-06 5248]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-28 28544]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-03-15 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-02-01 142592]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2007-05-10 6852]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-03-15 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-01 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ChipDVDB.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.index.hu/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://213.157.108.227/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 22:18:34
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-04-01 22:22:24
ComboFix-quarantined-files.txt 2009-04-01 20:22:19

Pre-Run: 22 110 064 640 bájt szabad
Post-Run: 22,123,950,080 bájt szabad

255 --- E O F --- 2009-03-24 23:40:31