Terminál Fórum - Téma megtekintése - Msn-en terjedő vírus eltávolítása

Megválaszolatlan hozzászólások | Aktív témák

Pontos idő: hétf. nov. 18, 2024 18:25

Msn-en terjedő vírus eltávolítása

Moderátorok: Wiki, Moderátorok

Oldal: 3 / 24

[ 1193 hozzászólás ]

Oldal Előző 1, 2, 3, 4, 5, 6 ... 24 Következő

Nyomtatóbarát verzió

Előző téma | Következő téma

Msn-en terjedő vírus eltávolítása

Szerző	Üzenet
stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	ok,a malwarebytes logjat ted majd ide egyelorre netorolj semmit,varjal hogy megnezzem,,a programot nezard be,, az OTMOVEITET nem jol csinaltad,mert csak benyomtad a Cleanup gombot,,tehat majd ha bevegezuk az Malwarebytes programmal,,akor ide irom hogy mit csinalsz,, meglassuk mit tallal a malwarebytes,es aztan megmondom mivan,ok
pén. feb. 05, 2010 16:06

DrakeLee vas-tag Csatlakozott: pén. feb. 05, 2010 10:38 Hozzászólások: 7	Malwarebytes most fut de az usb fix nem tett ki semmit az asztalomra. Nem találom sehol. Futtassam le újra hogy megkapjam ezt a filt? vagy ez nem olyan fontos. Amúgy a vírus a gép újraindításánál már nem dobja fel az ablakot vagyis remélem kinyírtuk. szerinted? editeltem a hsz-em ott van benne az OTM is jah semmi megvan az usbfixes cucc már elküldtem. amugy ehhez a Malwarebytes progihoz gondolom kell majd vmi licens kulcs vagy valami hogy le is tudjam törölni a file-okat. ez csak megkeresi nekem de nem törli le gondolom én.
pén. feb. 05, 2010 15:54

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	ok,az asztalon van neked ,C:\UsbFix_Upload_Me_DRAKE.zip kuld el a USBFIX fejlesztonek klik a linkre,aztan folytasd a OTM es a Malwarebytes programmal. Please send the file : C:\UsbFix_Upload_Me_DRAKE.zip : http://chiquitine.changelog.fr/Sample/Upload.php
pén. feb. 05, 2010 13:25

DrakeLee vas-tag Csatlakozott: pén. feb. 05, 2010 10:38 Hozzászólások: 7	############################## \| UsbFix V6.090 \| User : home (Rendszergazdák) # DRAKE Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8 Start at: 12:31:44 \| 2010.02.05. Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Microsoft Windows XP Professional (5.1.2600 32-bit) # Szervizcsomag 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : ESET NOD32 Antivirus 4.0 4.0 [ (!) Disabled \| Updated ] A:\ -> 3,5 hüvelykes hajlékonylemezes meghajtó C:\ -> Helyi rögzített lemez # 48,83 Go (4,4 Go free) # NTFS D:\ -> Helyi rögzített lemez # 249,25 Go (49,62 Go free) # NTFS E:\ -> CD-ROM lemez F:\ -> CD-ROM lemez G:\ -> CD-ROM lemez H:\ -> CD-ROM lemez ############################## \| Active processes \| C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe ################## \| Files # Infected Folders \| Deleted ! C:\WINDOWS\infocard.exe Deleted ! C:\Recycler\S-1-5-21-1482476501-1604221776-725345543-1003 Deleted ! D:\Recycler\S-1-5-21-1004336348-790525478-725345543-1003 Deleted ! D:\Recycler\S-1-5-21-1214440339-1645522239-839522115-1003 Deleted ! D:\Recycler\S-1-5-21-1482476501-1604221776-725345543-1003 Deleted ! D:\Recycler\S-1-5-21-1659004503-920026266-725345543-1003 Deleted ! D:\Recycler\S-1-5-21-725345543-492894223-1801674531-1003 ################## \| MD5 \| Deleted ! C:\Documents and Settings\home\Local Settings\Temp\IXP000.TMP\jtrtrtr.exe Deleted ! C:\Documents and Settings\home\Local Settings\Temp\IXP001.TMP\jtrtrtr.exe Deleted ! C:\Documents and Settings\home\Local Settings\Temp\IXP002.TMP\jtrtrtr.exe Deleted ! C:\System Volume Information\_restore{B2EFB731-8646-41D6-846B-33BBB67FFB7E}\RP215\A0053777.exe ################## \| Registry \| Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Firewall Administrating" Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch" ################## \| Mountpoints2 \| Deleted ! HKCU\...\Explorer\MountPoints2\J\Shell\AutoRun\Command Deleted ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command ################## \| Listing of the present files \| [2009.08.02. 09:01\|--a------\|0] C:\AUTOEXEC.BAT [2009.11.26. 10:44\|-r-hs----\|232] C:\boot.ini [2001.10.26. 11:00\|-rahs----\|4952] C:\Bootfont.bin [2009.08.02. 09:01\|--a------\|0] C:\CONFIG.SYS [2009.08.02. 09:14\|--a------\|206] C:\csb.log [2009.11.12. 10:18\|--a------\|163] C:\DevList.txt [2009.08.02. 09:01\|-rahs----\|0] C:\IO.SYS [2010.01.24. 12:43\|--a------\|16156653613] C:\KillingFloor.exe.log [2009.08.02. 09:01\|-rahs----\|0] C:\MSDOS.SYS [2010.01.30. 11:19\|--a------\|1835016] C:\necflash -scan.bin [2010.01.30. 10:12\|--a------\|1835016] C:\necflash -version.bin [2004.08.03. 21:38\|-rahs----\|47564] C:\NTDETECT.COM [2009.08.02. 13:18\|-rahs----\|251152] C:\ntldr [?\|?\|?] C:\pagefile.sys [2010.01.24. 12:27\|--a------\|237] C:\players.txt [2010.01.24. 12:38\|--a------\|6474] C:\revLoader.exe.log [2009.08.02. 09:14\|--a------\|1581] C:\RHDSetup.log [2010.02.05. 13:01\|--a------\|4039] C:\UsbFix.txt [2009.12.13. 18:13\|--a------\|83735] D:\btbmisi.jpg [2009.11.01. 20:07\|--a------\|1465872384] D:\devise-b13u.avi [2009.11.15. 22:56\|--a------\|3923544] D:\iw4mp.exe [2009.07.06. 07:18\|--a------\|7031340] D:\nova_km_carter_volt_ugy.mp3 [2010.01.02. 10:18\|--ahs----\|7168] D:\Thumbs.db [2009.08.16. 08:32\|--a------\|1162559488] D:\tmnt-mybloodyvalentine-xvid.avi [2010.01.16. 07:20\|---h-----\|77551] D:\treeinfo.wc [2010.01.17. 20:45\|--a------\|2506752] D:\XLinkKai-7.1.7.6-win32.msi [2009.12.14. 20:58\|--a------\|3894993] D:\youtube_204729(1).mp3 [2009.12.14. 20:58\|--a------\|3243813] D:\youtube_204743(1).mp3 [2009.12.14. 20:58\|--a------\|3669295] D:\youtube_205145(1).mp3 ################## \| Vaccination \| # C:\autorun.inf -> Folder created by UsbFix . # D:\autorun.inf -> Folder created by UsbFix . ################## \| Upload \| Please send the file : C:\UsbFix_Upload_Me_DRAKE.zip : http://chiquitine.changelog.fr/Sample/Upload.php Thank you for your contribution . ################## \| ! End of report # UsbFix V6.090 ! \| Error: Unable to interpret <File/Folder avenger.zip not found.> in the current context! Error: Unable to interpret <File/Folder avenger.exe not found.> in the current context! Error: Unable to interpret <File/Folder Avenger not found.> in the current context! Error: Unable to interpret <File/Folder avenger.txt not found.> in the current context! Error: Unable to interpret <File/Folder bfu.zip not found.> in the current context! Error: Unable to interpret <File/Folder BFU not found.> in the current context! Error: Unable to interpret <File/Folder combofix.exe not found.> in the current context! Error: Unable to interpret <File/Folder combo-fix.exe not found.> in the current context! Error: Unable to interpret <File/Folder Combo-Fix.sys not found.> in the current context! Error: Unable to interpret <File/Folder ComboFix not found.> in the current context! Error: Unable to interpret <File/Folder erdnt\subs not found.> in the current context! Error: Unable to interpret <File/Folder QooBox not found.> in the current context! Error: Unable to interpret <File/Folder ComboFix.txt not found.> in the current context! Error: Unable to interpret <Error: No service named catchme was found to stop!> in the current context! Error: Unable to interpret <Unable to stop service catchme!> in the current context! Error: Unable to interpret <File/Folder catchme.exe not found.> in the current context! Error: Unable to interpret <File/Folder fdsv.exe not found.> in the current context! Error: Unable to interpret <File/Folder grep.exe not found.> in the current context! Error: Unable to interpret <File/Folder moveex.exe not found.> in the current context! Error: Unable to interpret <File/Folder nircmd.exe not found.> in the current context! Error: Unable to interpret <File/Folder sed.exe not found.> in the current context! Error: Unable to interpret <File/Folder swreg.exe not found.> in the current context! Error: Unable to interpret <File/Folder Swsc.exe not found.> in the current context! Error: Unable to interpret <File/Folder Swxcacls.exe not found.> in the current context! Error: Unable to interpret <File/Folder VFind.exe not found.> in the current context! Error: Unable to interpret <File/Folder WS2Fix.exe not found.> in the current context! Error: Unable to interpret <File/Folder zip.exe not found.> in the current context! Error: Unable to interpret <File/Folder tmp.reg not found.> in the current context! Error: Unable to interpret <File/Folder dds.scr not found.> in the current context! Error: Unable to interpret <File/Folder dds.pif not found.> in the current context! Error: Unable to interpret <File/Folder dds.com not found.> in the current context! Error: Unable to interpret <File/Folder dss.exe not found.> in the current context! Error: Unable to interpret <File/Folder Deckard not found.> in the current context! Error: Unable to interpret <File/Folder deljob.exe not found.> in the current context! Error: Unable to interpret <File/Folder deljob not found.> in the current context! Error: Unable to interpret <File/Folder logit.txt not found.> in the current context! Error: Unable to interpret <File/Folder FindAWF.exe not found.> in the current context! Error: Unable to interpret <File/Folder AWF.txt not found.> in the current context! Error: Unable to interpret <File/Folder fixwareout.exe not found.> in the current context! Error: Unable to interpret <File/Folder fixwareout not found.> in the current context! Error: Unable to interpret <File/Folder fsbl.exe not found.> in the current context! Error: Unable to interpret <File/Folder fsbl.log not found.> in the current context! Error: Unable to interpret <File/Folder gmer.exe not found.> in the current context! Error: Unable to interpret <File/Folder gmer.dll not found.> in the current context! Error: Unable to interpret <File/Folder gmer.ini not found.> in the current context! Error: Unable to interpret <File/Folder gmer.log not found.> in the current context! Error: Unable to interpret <File/Folder gmer_uninstall.cmd not found.> in the current context! Error: Unable to interpret <File/Folder gmer.sys not found.> in the current context! Error: Unable to interpret <Error: No service named gmer was found to stop!> in the current context! Error: Unable to interpret <Unable to stop service gmer!> in the current context! Error: Unable to interpret <File/Folder haxfix.exe not found.> in the current context! Error: Unable to interpret <File/Folder haxfix.txt not found.> in the current context! Error: Unable to interpret <File/Folder killbox.exe not found.> in the current context! Error: Unable to interpret <File/Folder !Killbox not found.> in the current context! Error: Unable to interpret <File/Folder NoLop.exe not found.> in the current context! Error: Unable to interpret <File/Folder NoLop.txt not found.> in the current context! Error: Unable to interpret <File/Folder NoLopOLD.txt not found.> in the current context! Error: Unable to interpret <File/Folder delete.bat not found.> in the current context! Error: Unable to interpret <File/Folder OTListIt2.exe not found.> in the current context! Error: Unable to interpret <File/Folder OTListIt.txt not found.> in the current context! Error: Unable to interpret <File/Folder Extras.txt not found.> in the current context! Error: Unable to interpret <File/Folder _OTListIt not found.> in the current context! Error: Unable to interpret <File/Folder OTL.exe not found.> in the current context! Error: Unable to interpret <File/Folder OTLPE.exe not found.> in the current context! Error: Unable to interpret <File/Folder OTL.txt not found.> in the current context! Error: Unable to interpret <File/Folder _OTL not found.> in the current context! Error: Unable to interpret <File/Folder OTMoveIt.exe not found.> in the current context! Error: Unable to interpret <File/Folder OTMoveIt2.exe not found.> in the current context! Error: Unable to interpret <File/Folder OTMoveIt3.exe not found.> in the current context! Error: Unable to interpret <File delete failed. C:\Documents and Settings\home\Asztal\OTM.exe scheduled to be deleted on reboot.> in the current context! Error: Unable to interpret <File delete failed. C:\Documents and Settings\home\Asztal\OTM.exe scheduled to be deleted on reboot.> in the current context! Error: Unable to interpret <File delete failed. C:\Documents and Settings\home\Asztal\OTM.exe scheduled to be deleted on reboot.> in the current context! OTM by OldTimer - Version 3.1.8.0 log created on 02052010_153400 A hozzászólást 1 alkalommal szerkesztették, utoljára DrakeLee pén. feb. 05, 2010 15:38-kor.
pén. feb. 05, 2010 13:12

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Kapcsold a gephez a penrivetmUsb kulcsokat, 1:Tolds le az USBFIX programot http://sites.google.com/site/stellmajds ... -fertozese futtasd<benyomod a [2] lehetoseget,a logot majd tedd ide. 2:tpds le az OTMOVEIT programot http://oldtimer.geekstogo.com/OTM.exe Futtasd az balablakjaba masold be a zold textet,,es klik MOVEIT a logot a restart utan ted ide, Kód: :processes explorer.exe infocard.exe :files C:\WINDOWS\infocard.exe C:\DOCUME~1\home\LOCALS~1\Temp\IXP001.TMP\jtrtrtr.exe :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "GEST"=- "NeroFilterCheck"=- "Adobe Reader Speed Launcher"=- "Firewall Administrating"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\DOCUME~1\home\LOCALS~1\Temp\IXP001.TMP\jtrtrtr.exe"=- "C:\DOCUME~1\home\LOCALS~1\Temp\IXP000.TMP\jtrtrtr.exe"=- :commands [emptytemp] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot] 3:Tolds le a Malwarebytes programot,csinalsz teljes vizsgalatot,,a logjat ted ide es varsz ne zard be a programot, http://squito-web.com/stell/forum/viewtopic.php?t=10
pén. feb. 05, 2010 12:23

DrakeLee vas-tag Csatlakozott: pén. feb. 05, 2010 10:38 Hozzászólások: 7	RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by home at 2010-02-05 11:55:02 Microsoft Windows XP Professional Szervizcsomag 3 System drive C: has 5 GB (10%) free of 50 GB Total RAM: 2047 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:14, on 2010.02.05. Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\infocard.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Documents and Settings\home\Asztal\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\home.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findarticlesblog.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] m‘\|Pë O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Firewall Administrating] infocard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F5028DE1-ED1C-401F-B3DB-A0C16605D921}: NameServer = 192.168.0.2 O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7634 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}] Softonic English Toolbar - C:\Program Files\Softonic_English\tbSoft.dll [2009-09-08 2260504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-12 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216] {930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSoft.dll [2009-09-08 2260504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736] "nwiz"=nwiz.exe /install [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "GEST"=m‘\|Pë [] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-28 2029640] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016] "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824] "WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "Firewall Administrating"=C:\WINDOWS\infocard.exe [2010-01-28 254156] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "ISUSPM"=C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-08-05 224712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] c:\program files\steam\steam.exe [2009-11-16 1217808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-12 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoResolveSearch"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe::Enabled:Garena" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "D:\Letöltve\Killing Floor\System\KillingFloor.exe"="D:\Letöltve\Killing Floor\System\KillingFloor.exe::Enabled:KillingFloor" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "D:\MMORPG\System\Exteel.exe"="D:\MMORPG\System\Exteel.exe::Enabled:Exteel" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe::Enabled:Pando Media Booster" "D:\Blackshot\Blackshot\system\BlackShot.exe"="D:\Blackshot\Blackshot\system\BlackShot.exe::Enabled:BlackShot" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB" "D:\BParadise\BurnoutLauncher.exe"="D:\BParadise\BurnoutLauncher.exe::Enabled:Burnout(TM) Paradise The Ultimate Box" "D:\BParadise\BurnoutConfigTool.exe"="D:\BParadise\BurnoutConfigTool.exe::Enabled:Burnout(TM) Paradise The Ultimate Box" "D:\BParadise\BurnoutParadise.exe"="D:\BParadise\BurnoutParadise.exe::Enabled:Burnout(TM) Paradise The Ultimate Box" "C:\Documents and Settings\home\Asztal\)\metin2.bin"="C:\Documents and Settings\home\Asztal\)\metin2.bin::Enabled:metin2" "D:\Order Of War\oow_final_dx9.exe"="D:\Order Of War\oow_final_dx9.exe::Enabled:ORDER OF WAR" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "D:\Mirrors Edge\Binaries\MirrorsEdge.exe"="D:\Mirrors Edge\Binaries\MirrorsEdge.exe::Enabled:Mirror's Edge™" "D:\FFoW\Binaries\FFOW.exe"="D:\FFoW\Binaries\FFOW.exe::Enabled:Frontlines Game" "D:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="D:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe::Enabled:Frontlines Game" "D:\Cod2\CoD2MP_s.exe"="D:\Cod2\CoD2MP_s.exe::Enabled:CoD2MP_s" "D:\Stronghod 2\Stronghold2.exe"="D:\Stronghod 2\Stronghold2.exe::Enabled:Stronghold 2" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe::Enabled:DLL futtatása alkalmazásként" "D:\Boderlands\Binaries\Borderlands.exe"="D:\Boderlands\Binaries\Borderlands.exe::Enabled:Borderlands" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe::Enabled:Steam" "D:\Call of Duty MW2\Modern Warfare 2\iw4mp.exe"="D:\Call of Duty MW2\Modern Warfare 2\iw4mp.exe::Enabled:iw4mp" "D:\Dirt 2\DiRT2GameFiles\dirt2_game.exe"="D:\Dirt 2\DiRT2GameFiles\dirt2_game.exe::Enabled:DiRT2 Executable" "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe::Enabled:Left 4 Dead 2" "C:\Program Files\XLink Kai\kaiUI.exe"="C:\Program Files\XLink Kai\kaiUI.exe::Enabled:Start User Interface" "C:\Program Files\XLink Kai\kaiEngine.exe"="C:\Program Files\XLink Kai\kaiEngine.exe::Enabled:Start Kai" "C:\Program Files\XBC\neXBC.exe"="C:\Program Files\XBC\neXBC.exe::Enabled:XBConnect" "D:\STALKER\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="D:\STALKER\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe::Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "D:\STALKER\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="D:\STALKER\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe::Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\XLink Kai Evolution VII\kaiLaunch.exe"="C:\Program Files\XLink Kai Evolution VII\kaiLaunch.exe::Enabled:XLink Kai Evolution 7 Launcher" "C:\Program Files\XLink Kai Evolution VII\kaiEngine.exe"="C:\Program Files\XLink Kai Evolution VII\kaiEngine.exe::Enabled:XLink Kai Evolution 7 Engine" "D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe::Enabled:Mass Effect 2 Game" "D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="D:\Program Files\Mass Effect 2\MassEffect2Launcher.exe::Enabled:Mass Effect 2 Launcher" "C:\DOCUME~1\home\LOCALS~1\Temp\IXP001.TMP\jtrtrtr.exe"="C:\DOCUME~1\home\LOCALS~1\Temp\IXP001.TMP\jtrtrtr.exe::Enabled:Firewall Administrating" "C:\DOCUME~1\home\LOCALS~1\Temp\IXP000.TMP\jtrtrtr.exe"="C:\DOCUME~1\home\LOCALS~1\Temp\IXP000.TMP\jtrtrtr.exe::Enabled:Firewall Administrating" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "D:\MMORPG\System\Exteel.exe"="D:\MMORPG\System\Exteel.exe::Enabled:Exteel" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe::Enabled:Pando Media Booster" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] shell\AutoRun\command - J:\autorun.exe -auto [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] shell\AutoRun\command - K:\autorun.exe -auto ======List of files/folders created in the last 1 months====== 2010-02-05 11:55:02 ----D---- C:\rsit 2010-02-05 11:55:02 ----D---- C:\Program Files\trend micro 2010-02-05 11:00:14 ----D---- C:\Program Files\Softonic_English 2010-02-05 10:19:49 ----A---- C:\WINDOWS\system32\PxSecure(2).dll 2010-02-05 10:19:46 ----D---- C:\Program Files\Prevx 2010-02-05 10:19:33 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2010-01-28 18:45:27 ----RSH---- C:\WINDOWS\infocard.exe 2010-01-24 16:21:17 ----D---- C:\Program Files\The KMPlayer 2010-01-24 16:15:56 ----A---- C:\WINDOWS\system32\unrar.dll 2010-01-24 16:15:52 ----A---- C:\WINDOWS\avisplitter.ini 2010-01-24 16:15:46 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2010-01-24 16:15:41 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2010-01-24 16:15:41 ----A---- C:\WINDOWS\system32\xvidcore.dll 2010-01-24 16:15:29 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2010-01-24 16:15:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2010-01-24 15:14:22 ----D---- C:\Program Files\Conduit 2010-01-24 15:07:37 ----D---- C:\Documents and Settings\home\Application Data\Python-Eggs 2010-01-24 15:07:06 ----SHD---- C:\Config.Msi 2010-01-24 15:06:05 ----D---- C:\Program Files\Moovida 2010-01-24 10:33:54 ----D---- C:\WINDOWS\system32\quicktime 2010-01-24 10:33:51 ----D---- C:\Program Files\Common Files\Real 2010-01-24 10:33:50 ----D---- C:\Program Files\MYMPC 2010-01-20 13:20:35 ----D---- C:\Program Files\Adobe 2010-01-17 20:53:24 ----D---- C:\Program Files\XLink Kai Evolution VII 2010-01-13 11:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-01-12 20:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-01-09 10:42:36 ----A---- C:\players.txt 2010-01-09 09:25:52 ----D---- C:\Program Files\WinPcap 2010-01-09 09:25:24 ----D---- C:\Program Files\XBC 2010-01-09 09:11:01 ----D---- C:\Documents and Settings\home\Application Data\XLink Kai ======List of files/folders modified in the last 1 months====== 2010-02-05 11:55:08 ----D---- C:\WINDOWS\Temp 2010-02-05 11:55:02 ----RD---- C:\Program Files 2010-02-05 11:54:56 ----D---- C:\WINDOWS\Prefetch 2010-02-05 11:45:04 ----D---- C:\Program Files\Spyware Doctor 2010-02-05 11:41:13 ----D---- C:\Program Files\Mozilla Firefox 2010-02-05 11:40:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-02-05 11:38:32 ----D---- C:\WINDOWS\system32\config 2010-02-05 11:38:27 ----D---- C:\WINDOWS\system32\wbem 2010-02-05 11:38:27 ----D---- C:\WINDOWS\Registration 2010-02-05 11:38:20 ----D---- C:\Documents and Settings\home\Application Data\uTorrent 2010-02-05 10:56:22 ----D---- C:\WINDOWS 2010-02-05 10:56:21 ----D---- C:\WINDOWS\system32\drivers 2010-02-05 10:56:21 ----D---- C:\WINDOWS\system32 2010-02-05 10:55:33 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-01 23:33:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-31 12:00:04 ----A---- C:\WINDOWS\NeroDigital.ini 2010-01-30 10:30:25 ----D---- C:\Documents and Settings\home\Application Data\Uniblue 2010-01-30 10:30:25 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner 2010-01-30 10:30:20 ----SHD---- C:\WINDOWS\Installer 2010-01-29 20:59:22 ----D---- C:\Documents and Settings\home\Application Data\.purple 2010-01-29 20:40:11 ----D---- C:\Program Files\Pidgin 2010-01-29 15:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2010-01-29 04:38:54 ----D---- C:\Program Files\Messenger Plus! Live 2010-01-24 16:16:06 ----D---- C:\Program Files\K-Lite Codec Pack 2010-01-24 16:15:29 ----D---- C:\Program Files\DScaler5 2010-01-24 16:13:52 ----D---- C:\Program Files\DirectVobSub 2010-01-24 16:13:43 ----D---- C:\Program Files\OpenSource Flash Video Splitter 2010-01-24 16:13:29 ----D---- C:\Program Files\CD Audio Reader Filter 2010-01-24 15:06:36 ----D---- C:\Program Files\SeriesCalendar 2010-01-24 12:43:03 ----A---- C:\KillingFloor.exe.log 2010-01-24 12:38:23 ----A---- C:\revLoader.exe.log 2010-01-24 12:32:03 ----D---- C:\Program Files\Garena 2010-01-24 10:33:51 ----D---- C:\Program Files\Common Files 2010-01-24 10:32:28 ----HD---- C:\WINDOWS\inf 2010-01-23 16:41:13 ----D---- C:\Program Files\Common Files\BioWare 2010-01-23 16:41:04 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare 2010-01-23 08:06:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-23 08:05:56 ----D---- C:\Program Files\Internet Explorer 2010-01-23 08:05:45 ----D---- C:\WINDOWS\ie8updates 2010-01-23 08:05:12 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-21 08:32:40 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-20 13:21:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-01-20 13:20:44 ----D---- C:\Program Files\Common Files\Adobe 2010-01-13 20:05:39 ----D---- C:\Program Files\Windows Live Safety Center 2010-01-13 11:38:14 ----A---- C:\WINDOWS\imsins.BAK 2010-01-13 11:34:36 ----D---- C:\WINDOWS\AppPatch 2010-01-09 09:00:01 ----D---- C:\WINDOWS\system32\ias 2010-01-06 19:30:07 ----D---- C:\Program Files\Steam ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD processzor-illesztőprogram; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216] R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-28 107256] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-28 94360] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-17 281760] R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-08-20 73232] R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-28 114472] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-17 25888] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-26 63232] R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336] R3 BridgeMP;MAC-híd - miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] R3 HDAudBus;Microsoft UAA busz-illesztőprogram - High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232] R3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\nvefd2k.sys [2007-11-18 50304] R3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB nyílt állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibilis átviteli protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] S3 a5dg9r68;a5dg9r68; C:\WINDOWS\system32\drivers\a5dg9r68.sys [] S3 Bridge;MAC-híd; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\home\LOCALS~1\Temp\WYO3E12.tmp [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-12-19 101120] S3 Moufiltr;Mouse Test Driver; C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661] S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 nm;Hálózatfigyelő illesztőprogramja; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512] S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584] S3 PsSdk30;PsSdk30; \??\C:\WINDOWS\system32\Drivers\PsSdk30.drv [] S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys [] S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28 731840] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-12 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908] R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-10-07 939272] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-21 66872] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-10-07 1033480] S2 NWCWorkstation;Netware ügyfélszolgáltatás; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28 20680] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-12 3414068] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
pén. feb. 05, 2010 12:00

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	udv ha mar ide teted akor megnezem,amugy it nemcsinalom a virus problemakat ,de mar mindegy ,,igen van ot neked autorun worm,ted ide az RSIT logjat Idézet: RSIT az egyik alap szkaner szükséges a Malware jelenlétének kimutatására,amelyek rosszindulatú programokat telepítenek a számítógépre.A hasznalata egyszeru,letoltsuk innen az asztalra>RSIT Klik>Continue>egy kiss ido mulva ad logot,eztet kerem tegye be a temajaba, http://images.malwareremoval.com/random/RSIT.exe
pén. feb. 05, 2010 11:49

DrakeLee vas-tag Csatlakozott: pén. feb. 05, 2010 10:38 Hozzászólások: 7	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:39, on 2010.02.05. Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\infocard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\home\Asztal\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findarticlesblog.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GEST] m‘\|Pë O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Firewall Administrating] infocard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F5028DE1-ED1C-401F-B3DB-A0C16605D921}: NameServer = 192.168.0.2 O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7397 bytes Segítsetek pls mert már nagyon unom Köszönöm szépen.
pén. feb. 05, 2010 10:44

KFelix ezüst tag Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 62	Hoppá! Most láttam. A fertőzött gépre pendrive-on vittem át a tisztitó progit és most az én gépembe visszarakva találtam a pendrive-on egy: - "aut[i]orun.inf[/i]" fájlt - "\[i]driver\usb[/i]" mappát Mindkettő rejtett. Az "autorun.inf" tartalma: [autor[i]un][/i] open=driver\usb\–��Ľ[i]‡‘Š•†‘Í€ŚŽ[/i] action=O[i]pen[/i] shell\open=Open shell\open\command=[i]driver\usb\[i]–��Ľ‡‘Š•†‘[/i]Í€ŚŽ[/i]Usb_Driver installed Úgy néz ki, hogy kiírtás előtt még megfertőzte a pendrive-omat, aztán onnan ki lett írtva, mert olyan fájlt nem találtam rajta, talán ott van még. Érdekes még, hogy a "USB" mappát lomtárnak álcázta, mivel ha megnyitom, a gépem lomtárába vezet, talán ezért is nem láthatom, hogy hol van maga a vírus, de ő maga ott nyugszik. AVG9 Free találta meg most a pendrive-on. Edit: Igazam volt Ott van a vírus, de én nem dőlte be neki A vírusírtóm kivágta az "autorun.inf"-et, a "driver\usb" mappát már kézzel kellet törölnöm, és ekkor a Windows jelezte, hogy van benne egy rendszerfálj a fenti névvel, biztos vagyok benne, hogy törölni akarom? Hát persze, hogy igen Az autorunos kódot egy kicsit módosítottam, mert a NOD-osoknak így problémás az oldal megjelenítése. Hannibal.
hétf. jan. 04, 2010 13:33

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Egy a sok kozul,valamit felismer valamit nem ,mindig job sajat szemel es tob skenneral at vizsgalni a gepet at vizsgalni a logokat,mert minden nap,honapban tobszaz uj fereg ,virus van,es nem hiszem hogy tiszta a geped,az hogy mar mukszik minden csak ideglenes alapot,mert lehetnek rootkitek es ez a skenner ezt nem keres,
hétf. jan. 04, 2010 13:15

KFelix ezüst tag Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 62	Pár évvel ezelőtt találkoztam már egy hasonló esettel egyik javítás alatt álló géppel. Próbáltam többféle vírusírtóval és akkoriban csak az AVIRA ismerte fel a férget. Gondolom a vírusírtó azért nem reagál rá mert a féreg nem igazán vírusként működik, vagy pedig nagyon jól álcázza magát. Amint néztem az említett keresőnek a kezdeti üzenetét, valami intelligens keresési módszert használ, azt hiszem azt nevezik heurisztikusnak.
hétf. jan. 04, 2010 13:05

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	KFelix írta: ... az egyik gépen a gyerek rákattintott véletlenül egy fent említett linkre és be is kapta a Messenger vírust... A víruskereső mit csinál ilyenkor? Nem jelez? Hihetetlen.
hétf. jan. 04, 2010 10:23

KFelix ezüst tag Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 62	Üdv mindenkinek és BUÉK! Rég jártam erre. Tegnap itt hon az egyik gépen a gyerek rákattintott véletlenül egy fent említett linkre és be is kapta a Messenger vírust. Különféle sikertelen próbálkozás után úgy tünik a következő segített: http://www.msnvirusremoval.com/download/ A vírus jelenlétében az Messenger párbeszédablakai maguktól bezárultak, majd hirtelen megnyíltak, majd ismét bezárultak, közben persze, küldözgette a linkeket. Ezt kb. 5 percenként művelte, egyszerűen használhatatlan volt. A fenti linkről letöltött programocskát letöltöttem, lefuttattam, majd kiírta, hogy minden fertőzést eltávolít, a gépet újra kell indítani. Megtettem és ezek után, több mint egy órán keresztül már nem művelt a gép disznóságokat. Jó eséllyel sikerült kiirtani a férget. Próbáljátok ki, és írjátok meg az eredményt, kíváncsi vagyok, sikerül-e.
hétf. jan. 04, 2010 4:43

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	stell írta: en eztet neme3rtem,it minenki segitseget ker,es aztan eltuntok.es ugyis sajat magatoktol csinaltok mindent,amit nemis kell,ha pontosan es foleg rogton csinalnad aztat amit irok akor mar reges reg elfelejtetem volna hogy virusos volt a geped,it nemkel semit se irkalni csak csinalni amit irtam,se kevesbet se tobbet, futasd a combofixet Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes...... Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed es http://download.bleepingcomputer.com/sUBs/ComboFix.exe nem érdemes dühöngened, nagy köszönet hogy szilveszter napján is nekem segitesz. Most jelenleg is fut MSNem, ugy tünik a virus elmult. A gépem meg amugyis tele van már midnenféle 'szeméttel' már ideje lenne rég egy OPrendszer ujrarakásnak, csak eddig a lustaságom miatt halasztottam. mégegyszer köszönöm a segitséged, és ezentul ha valami virus vagy hasonló problémám lenne, jövök nyaggatni téged! (Lehet hogy már Holnap! BÚÉK Stell barátom!
vas. jan. 03, 2010 21:39

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	stell írta: en eztet neme3rtem,it minenki segitseget ker,es aztan eltuntok.es ugyis sajat magatoktol csinaltok mindent,amit nemis kell, ... Néha sajnállak. De azért köszönöm a segítséged, talán az egész Fórum nevében is. BUÉK.
szomb. jan. 02, 2010 10:18

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	en eztet neme3rtem,it minenki segitseget ker,es aztan eltuntok.es ugyis sajat magatoktol csinaltok mindent,amit nemis kell,ha pontosan es foleg rogton csinalnad aztat amit irok akor mar reges reg elfelejtetem volna hogy virusos volt a geped,it nemkel semit se irkalni csak csinalni amit irtam,se kevesbet se tobbet, futasd a combofixet Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes...... Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed es http://download.bleepingcomputer.com/sUBs/ComboFix.exe
szomb. jan. 02, 2010 8:34

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	nbela írta: Ferenc70 írta: értem, és hol van a zöld text? mert amit belinkeltél az barna/bordo ...mindjrt kipróbálom a barna textel. A profilodban beállított stílustól függ, hogy az idézetek éppen milyen színnel jelennek meg. Ha nálad barna, akkor az lesz az... BÚÉK megcsinálam, újraindult gépem, de semmiféle új logot nem csinált. MSNT nem probáltam azóta, viszont az automatikus uindutásnál bejön egy mirc progi, ami bevisz vmi Mirc oldalra. ez a virus eredménye, vagy a rebooté? már lassan ugy vagyok vele ujrateszem egész gépem, elkezdtem kiirni a fontos dolgokat.
szomb. jan. 02, 2010 2:40

nbela gyémánt tag Csatlakozott: pén. aug. 06, 2004 22:20 Hozzászólások: 3578 Tartózkodási hely: Miskolc	Ferenc70 írta: értem, és hol van a zöld text? mert amit belinkeltél az barna/bordo ...mindjrt kipróbálom a barna textel. A profilodban beállított stílustól függ, hogy az idézetek éppen milyen színnel jelennek meg. Ha nálad barna, akkor az lesz az...
pén. jan. 01, 2010 8:49

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	stell írta: Ez az a program amivel a logot csinaltad OTL, értem, és hol van a zöld text? mert amit belinkeltél az barna/bordo nem kekeckedni akarok, hálás vagyok hogy segitesz, csak nem értettem. mindjrt kipróbálom a barna textel.
csüt. dec. 31, 2009 23:01

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Ez az a program amivel a logot csinaltad OTL,
csüt. dec. 31, 2009 19:06

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	Hol találom az OTL2 progit?
csüt. dec. 31, 2009 18:53

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Futasd az OTL2 programot,az ablakba Customscan/fixes masold bea zold textet es klik RunFix a restart utan a logot ted ide,, Kód: :OTL PRC - [2009.12.30 21:53:56 \| 00,079,954 \| -H-- \| M] () -- C:\WINDOWS\system32\win.exe PRC - [2009.12.29 19:12:38 \| 00,080,385 \| RHS- \| M] () -- C:\WINDOWS\winmbu.exe O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-746137067-1965331169-842925246-500\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [Winsock2 driver] C:\WINDOWS\System32\win.exe () O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-21-746137067-1965331169-842925246-500..\RunOnce: [Winsock2 driver] C:\WINDOWS\System32\win.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\winmbu.exe) - C:\WINDOWS\winmbu.exe () :commands [purity] [emptytemp] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot]
csüt. dec. 31, 2009 17:05

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	nbela írta: http://www.facebooklady.com/image.php?=Photo28122010.JPG? Ferenc70 írta: azért nem tudod megnézni mert nincs semmilyen kép. ha rákattintasz, akkor a virus programját akarja letöltetni veled. Nem töltődik onnan semmi, mivel jelen pillanatban a facebooklady.com egy nemlétező cím. A nevet a dns szerver nem tudja feloldani. A nevet izraelben regisztrálták 2009-12-29-én, de ip cím -e sorok írásának pillanatában- nincs mögötte, és tegnap sem volt amikor néztem volna. pedig tegnap még felajánlotta a futatás/mentés/mégse opciót amikor rákattintottam linkre. most viszont kipróbáltam, tényelg nem jön be semmi, és a másik cimröl sem amire átváltott. lehet hogy leszedte a szolgáltató vagy nemtom.
csüt. dec. 31, 2009 17:00

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	stell írta: Szerintem a geped csunan meg van fertozve teszteld le a Virustotalon ezeket a falylokat,mivel hogy relytet falylok,jelenitsd meg a relytet falylokat, C:\WINDOWS\winmbu.exe C:\WINDOWS\System32\win.exe VIRUSTOTALu a linket a tesztrol ted ide,ha nemtalalnad a falylokat masold be az ablakba az egesz uttal es kuldod, winmbu.exe http://www.virustotal.com/hu/analisis/c ... 1262274069 win.exe http://www.virustotal.com/hu/analisis/9 ... 1262274402 megjegyzem megint használtam MSN-r és nem jön elö a link küldözgetés. lehet hogy sikerült tegnap leirtani? vagy megint csak este 9 kor kezdi mint tegnap? remélem megtisztitjuk teljesen a segiotségeddel a gépem
csüt. dec. 31, 2009 16:53

nbela gyémánt tag Csatlakozott: pén. aug. 06, 2004 22:20 Hozzászólások: 3578 Tartózkodási hely: Miskolc	http://www.facebooklady.com/image.php?=Photo28122010.JPG? Ferenc70 írta: azért nem tudod megnézni mert nincs semmilyen kép. ha rákattintasz, akkor a virus programját akarja letöltetni veled. Nem töltődik onnan semmi, mivel jelen pillanatban a facebooklady.com egy nemlétező cím. A nevet a dns szerver nem tudja feloldani. A nevet izraelben regisztrálták 2009-12-29-én, de ip cím -e sorok írásának pillanatában- nincs mögötte, és tegnap sem volt amikor néztem volna.
csüt. dec. 31, 2009 16:23

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Szerintem a geped csunan meg van fertozve teszteld le a Virustotalon ezeket a falylokat,mivel hogy relytet falylok,jelenitsd meg a relytet falylokat, C:\WINDOWS\winmbu.exe C:\WINDOWS\System32\win.exe VIRUSTOTALu a linket a tesztrol ted ide,ha nemtalalnad a falylokat masold be az ablakba az egesz uttal es kuldod,
csüt. dec. 31, 2009 16:01

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	OTL Test OTL logfile created on: 2009.12.31. 15:06:33 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rendszergazda\Asztal Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040E \| Country: Magyarország \| Language: HUN \| Date Format: yyyy.MM.dd. 375,00 Mb Total Physical Memory \| 268,00 Mb Available Physical Memory \| 72,00% Memory free 1,00 Gb Paging File \| 1,00 Gb Available in Paging File \| 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1000 2000 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 18,64 Gb Total Space \| 1,47 Gb Free Space \| 7,86% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 512,96 Mb Total Space \| 0,00 Mb Free Space \| 0,00% Space Free \| Partition Type: CDFS Drive F: \| 76,33 Gb Total Space \| 50,62 Gb Free Space \| 66,32% Space Free \| Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-775465BCF3 Current User Name: Rendszergazda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009.12.31 14:56:37 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe PRC - [2009.12.30 21:53:56 \| 00,079,954 \| -H-- \| M] () -- C:\WINDOWS\system32\win.exe PRC - [2009.12.29 19:12:38 \| 00,080,385 \| RHS- \| M] () -- C:\WINDOWS\winmbu.exe PRC - [2009.11.21 12:46:36 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009.11.21 12:46:36 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009.10.20 19:34:38 \| 00,207,376 \| ---- \| M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe PRC - [2009.02.28 05:54:41 \| 00,636,072 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009.01.14 17:53:02 \| 00,226,656 \| ---- \| M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.04.14 08:02:34 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008.04.14 08:02:18 \| 01,035,776 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.07.26 08:05:18 \| 00,155,648 \| R--- \| M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2002.07.26 07:45:52 \| 00,114,688 \| R--- \| M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe ========== Modules (SafeList) ========== MOD - [2009.12.31 14:56:37 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009.11.21 12:46:36 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) [Auto \| Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009.10.20 19:39:28 \| 00,340,456 \| ---- \| M] (Kaspersky Lab) [Auto \| Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP) SRV - [2009.08.05 22:48:42 \| 00,704,864 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.01.14 17:53:02 \| 00,226,656 \| ---- \| M] (Microsoft Corp.) [Auto \| Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) ========== Driver Services (SafeList) ========== DRV - [2009.12.17 19:46:22 \| 00,315,408 \| ---- \| M] (Kaspersky Lab) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009.10.14 20:18:34 \| 00,036,880 \| ---- \| M] (Kaspersky Lab) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009.10.02 18:39:44 \| 00,019,472 \| ---- \| M] (Kaspersky Lab) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.09.14 13:42:46 \| 00,032,272 \| ---- \| M] (Kaspersky Lab) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009.09.01 14:29:50 \| 00,128,016 \| ---- \| M] (Kaspersky Lab) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2009.08.05 22:48:42 \| 00,054,752 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008.05.07 00:18:41 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2008.04.13 08:39:18 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007.03.08 00:51:00 \| 00,043,528 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2002.08.27 13:12:42 \| 00,071,258 \| R--- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) DRV - [2002.08.27 13:12:32 \| 00,091,390 \| R--- \| M] (Intel Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) DRV - [2002.08.27 13:11:18 \| 00,079,643 \| R--- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2002.08.11 15:44:50 \| 00,179,664 \| R--- \| M] (SigmaTel, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM) DRV - [2002.05.21 11:40:18 \| 00,038,528 \| R--- \| M] (ADMtek Incorporated.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746137067-1965331169-842925246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-746137067-1965331169-842925246-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-746137067-1965331169-842925246-500\S-1-5-21-746137067-1965331169-842925246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== [2008.07.13 12:25:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Extensions [2009.06.22 03:57:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\ewga0nzf.default\extensions [2009.06.22 03:57:00 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\ewga0nzf.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: (687 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-746137067-1965331169-842925246-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-746137067-1965331169-842925246-500\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Winsock2 driver] C:\WINDOWS\System32\win.exe () O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-746137067-1965331169-842925246-500..\RunOnce: [Winsock2 driver] C:\WINDOWS\System32\win.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-746137067-1965331169-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Küldés blogba - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Küldés blogba a Windows Live Writer programmal - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 5987571156 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.2.44.1 84.2.46.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\winmbu.exe) - C:\WINDOWS\winmbu.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.13 10:58:31 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001.04.18 16:23:00 \| 00,000,041 \| R--- \| M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{35613bc4-50cf-11dd-817f-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{35613bc4-50cf-11dd-817f-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001.04.30 18:33:00 \| 00,032,768 \| R--- \| M] () O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2009.12.31 14:56:32 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe [2009.12.30 22:59:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Application Data\Malwarebytes [2009.12.30 22:59:15 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.12.30 22:59:12 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009.12.30 22:59:11 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.12.30 22:59:10 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.12.30 22:56:55 \| 05,061,512 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rendszergazda\Asztal\mbam-setup.exe [2009.12.29 21:07:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AxBx [2009.12.25 15:12:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\MGS [2009.12.25 15:07:24 \| 00,000,000 \| ---D \| C] -- C:\Microgaming [2009.12.17 20:05:14 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Application Data\Help [2009.12.17 20:05:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\Help [2009.12.17 19:48:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Kaspersky Lab [2009.12.17 19:48:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2009.12.17 19:46:22 \| 00,315,408 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009.12.17 19:29:09 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2009.12.17 04:42:09 \| 60,121,968 \| ---- \| C] (Kaspersky Lab) -- C:\Documents and Settings\Rendszergazda\Asztal\kav2010_9.0.0.463EN.exe [2009.12.06 19:43:39 \| 00,000,000 \| ---D \| C] -- C:\bwinPoker [2009.12.06 19:42:18 \| 01,231,512 \| ---- \| C] (bwin ) -- C:\Documents and Settings\Rendszergazda\Asztal\InstallBwinPoker.exe [2009.11.21 12:59:54 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\freecol [2009.11.21 12:55:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\freecol [2009.11.21 12:48:11 \| 00,073,728 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009.11.21 12:48:10 \| 00,411,368 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009.11.21 12:48:10 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009.11.21 12:48:10 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009.11.21 12:48:10 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009.11.21 12:46:00 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Java [2009.11.21 12:42:35 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Application Data\Sun [2009.11.16 06:57:00 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Asztal\szaz [2009.11.06 21:24:55 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Tracing [2009.11.06 21:17:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Silverlight [2009.11.06 21:16:54 \| 00,054,752 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys [2009.11.06 21:15:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Sync Framework [2009.11.06 21:13:03 \| 03,426,072 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2009.11.06 21:11:47 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009.11.06 21:06:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft [2009.11.06 21:05:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live SkyDrive [2009.11.06 20:43:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Windows Live [2009.10.20 19:34:56 \| 00,219,664 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\klogon.dll [2009.10.18 21:17:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Boss Media [2009.10.18 21:17:22 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\Boss Media [2009.10.18 21:16:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ParadisePoker [2009.10.14 20:18:34 \| 00,036,880 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2009.10.02 18:39:44 \| 00,019,472 \| ---- \| C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys [2008.07.13 15:14:22 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008.07.13 11:08:48 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008.07.13 11:02:14 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008.07.13 11:02:14 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [3 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files - Modified Within 90 Days ========== [2009.12.31 14:56:37 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe [2009.12.31 14:31:26 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009.12.31 14:31:16 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009.12.31 03:29:59 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\Rendszergazda\ntuser.ini [2009.12.31 03:29:58 \| 07,340,032 \| -H-- \| M] () -- C:\Documents and Settings\Rendszergazda\NTUSER.DAT [2009.12.31 02:47:54 \| 03,706,758 \| -H-- \| M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\IconCache.db [2009.12.30 22:56:55 \| 05,061,512 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rendszergazda\Asztal\mbam-setup.exe [2009.12.30 22:51:33 \| 03,877,972 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\ComboFix.exe [2009.12.30 21:53:56 \| 00,079,954 \| -H-- \| M] () -- C:\WINDOWS\System32\win.exe [2009.12.30 14:55:24 \| 00,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.12.30 14:54:58 \| 00,019,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.12.29 23:07:16 \| 00,002,283 \| ---- \| M] () -- C:\Documents and Settings\All Users\Asztal\Skype.lnk [2009.12.29 19:12:38 \| 00,080,385 \| RHS- \| M] () -- C:\WINDOWS\winmbu.exe [2009.12.28 16:42:03 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009.12.21 23:11:31 \| 00,021,292 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\pompom fren.jpg [2009.12.18 21:37:59 \| 00,187,044 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\Image.jpg [2009.12.17 20:11:38 \| 00,001,946 \| ---- \| M] () -- C:\WINDOWS\wincmd.ini [2009.12.17 19:56:16 \| 00,108,059 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009.12.17 19:56:16 \| 00,095,259 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009.12.17 19:46:22 \| 00,315,408 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009.12.17 04:43:50 \| 60,121,968 \| ---- \| M] (Kaspersky Lab) -- C:\Documents and Settings\Rendszergazda\Asztal\kav2010_9.0.0.463EN.exe [2009.12.13 02:39:44 \| 00,000,720 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\ParadiseCasino.lnk [2009.12.10 00:35:21 \| 00,000,091 \| ---- \| M] () -- C:\WINDOWS\CIV.INI [2009.12.09 16:40:07 \| 01,217,536 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\ps mtt.xls [2009.12.06 19:43:41 \| 00,001,387 \| ---- \| M] () -- C:\Documents and Settings\All Users\Asztal\bwin Poker.lnk [2009.12.06 19:42:27 \| 01,231,512 \| ---- \| M] (bwin ) -- C:\Documents and Settings\Rendszergazda\Asztal\InstallBwinPoker.exe [2009.12.01 00:32:49 \| 00,017,342 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\sng.JPG [2009.12.01 00:32:08 \| 00,019,745 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\mtt.JPG [2009.12.01 00:29:50 \| 00,055,216 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\off1.JPG [2009.12.01 00:28:21 \| 00,046,540 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\off2.JPG [2009.11.30 18:41:33 \| 00,100,123 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\111.JPG [2009.11.28 23:43:15 \| 00,090,112 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.28 18:31:48 \| 00,015,872 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\közüzemi.xls [2009.11.21 12:46:35 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009.11.21 12:46:35 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009.11.21 12:46:35 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009.11.21 12:46:35 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009.11.21 12:46:35 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009.11.21 12:11:39 \| 24,032,768 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\freecol-0.8.4-installer.exe [2009.11.16 06:56:35 \| 00,006,050 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\.recently-used.xbel [2009.11.07 19:19:27 \| 00,406,004 \| ---- \| M] () -- C:\WINDOWS\System32\perfh00E.dat [2009.11.07 19:19:26 \| 00,401,378 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009.11.07 19:19:26 \| 00,089,942 \| ---- \| M] () -- C:\WINDOWS\System32\perfc00E.dat [2009.11.07 19:19:26 \| 00,062,658 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009.11.07 19:19:23 \| 00,971,016 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.11.07 19:14:16 \| 00,110,992 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.11.06 21:24:25 \| 00,017,368 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009.11.06 21:09:19 \| 00,000,927 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Megosztási mappák.lnk [2009.11.02 11:04:36 \| 00,029,696 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\civ2.xls [2009.10.31 00:33:11 \| 00,315,392 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\william hill.xls [2009.10.30 20:17:47 \| 00,000,717 \| ---- \| M] () -- C:\Documents and Settings\All Users\Asztal\William Hill CASINO CLUB.lnk [2009.10.28 17:20:46 \| 00,196,096 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\stratega.xls [2009.10.23 17:27:25 \| 00,162,304 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\rulett.xls [2009.10.23 17:27:25 \| 00,040,960 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\CASINO.xls [2009.10.20 19:34:56 \| 00,219,664 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\klogon.dll [2009.10.18 22:30:52 \| 00,059,904 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\DoN.xls [2009.10.18 21:17:11 \| 00,000,698 \| ---- \| M] () -- C:\Documents and Settings\Rendszergazda\Asztal\ParadisePoker.lnk [2009.10.14 20:18:34 \| 00,036,880 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2009.10.02 18:39:44 \| 00,019,472 \| ---- \| M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys [4 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [3 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files Created - No Company Name ========== [2009.12.30 22:51:32 \| 03,877,972 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\ComboFix.exe [2009.12.30 21:53:59 \| 00,079,954 \| -H-- \| C] () -- C:\WINDOWS\System32\win.exe [2009.12.29 19:13:02 \| 00,080,385 \| RHS- \| C] () -- C:\WINDOWS\winmbu.exe [2009.12.21 23:26:04 \| 00,021,292 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\pompom fren.jpg [2009.12.18 21:37:55 \| 00,187,044 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\Image.jpg [2009.12.17 19:56:16 \| 00,108,059 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009.12.17 19:56:16 \| 00,095,259 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009.12.06 19:43:41 \| 00,001,387 \| ---- \| C] () -- C:\Documents and Settings\All Users\Asztal\bwin Poker.lnk [2009.12.01 00:06:49 \| 00,046,540 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\off2.JPG [2009.12.01 00:06:06 \| 00,055,216 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\off1.JPG [2009.11.30 23:40:11 \| 00,017,342 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\sng.JPG [2009.11.30 23:39:27 \| 00,019,745 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\mtt.JPG [2009.11.30 18:41:33 \| 00,100,123 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\111.JPG [2009.11.21 12:11:29 \| 24,032,768 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\freecol-0.8.4-installer.exe [2009.11.16 06:56:35 \| 00,006,050 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\.recently-used.xbel [2009.11.10 13:27:23 \| 01,217,536 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\ps mtt.xls [2009.10.30 20:17:47 \| 00,000,717 \| ---- \| C] () -- C:\Documents and Settings\All Users\Asztal\William Hill CASINO CLUB.lnk [2009.10.30 02:00:09 \| 00,315,392 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\william hill.xls [2009.10.27 14:18:55 \| 00,000,720 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\ParadiseCasino.lnk [2009.10.24 07:18:46 \| 00,196,096 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\stratega.xls [2009.10.23 17:27:24 \| 00,040,960 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\CASINO.xls [2009.10.18 21:17:11 \| 00,000,698 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Asztal\ParadisePoker.lnk [2009.06.26 12:24:08 \| 00,168,448 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2009.06.26 12:23:52 \| 00,795,648 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.06.26 12:23:51 \| 00,130,048 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.06.26 12:23:46 \| 03,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009.06.26 12:23:33 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.06.26 12:23:31 \| 00,067,584 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.05.30 16:23:50 \| 00,021,840 \| ---- \| C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.05.30 16:23:50 \| 00,017,212 \| ---- \| C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.05.30 16:23:50 \| 00,012,067 \| ---- \| C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.04.25 20:13:44 \| 00,000,136 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\fusioncache.dat [2009.04.01 19:44:37 \| 00,484,352 \| ---- \| C] () -- C:\WINDOWS\System32\lame_enc.dll [2009.02.20 21:55:41 \| 00,000,091 \| ---- \| C] () -- C:\WINDOWS\CIV.INI [2008.11.14 20:13:46 \| 00,000,063 \| ---- \| C] () -- C:\WINDOWS\WININIT.INI [2008.10.31 13:25:28 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\wcx_ftp.ini [2008.10.31 13:22:36 \| 00,001,946 \| ---- \| C] () -- C:\WINDOWS\wincmd.ini [2008.08.11 23:28:46 \| 00,090,112 \| ---- \| C] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.05 17:05:20 \| 00,000,388 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2008.07.13 11:20:51 \| 00,266,240 \| R--- \| C] () -- C:\WINDOWS\System32\shpshftr.dll [2008.07.13 11:20:43 \| 00,028,672 \| R--- \| C] () -- C:\WINDOWS\System32\igfxdgps.dll ========== LOP Check ========== [2009.10.18 21:17:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Boss Media [2008.08.16 12:59:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\CardPlayer [2009.12.25 15:12:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGS [2008.08.12 18:32:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WhereIsIt [2008.10.31 11:50:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\BPFTP [2009.05.05 20:42:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\DeepBurner [2009.03.16 13:26:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\Foxit [2009.11.16 06:52:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Rendszergazda\Application Data\gtk-2.0 ========== Purity Check ========== < End of report >
csüt. dec. 31, 2009 15:25

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	azért nem tudod megnézni mert nincs semmilyen kép. ha rákattintasz, akkor a virus programját akarja letöltetni veled. csak azlért tettem be a linket hogy aki virusokkal foglalkozik áttanulmányozhassa. Tegnap letölttööem a Malwarebytest amit ajánlottatok, és végigfuttattam gépem, 7 trojant talált, azokat leirtotta. MÉg nem teszteltem azűta MSN-t, de azért kiprübálom ezt az OTLT.
csüt. dec. 31, 2009 15:07

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	udv a kepet nemtudom megnezni,mert nemlatom, tegy ide valami logot, tolds le ted az asztalra OTL - futasd -bepipazni -file age valtoztasd meg z 30 day >>7 day..ra, -Scan all users. -Lop check. -Purity check. -v sekcioba Extra Registry>bepotyozo>Use SafeList - klik Run SCAN -a scan vegen ted ide -OTL.txt (az asztalon lesz].>>ted ide,
csüt. dec. 31, 2009 9:01

Ferenc70 vas-tag Csatlakozott: szer. dec. 30, 2009 22:33 Hozzászólások: 9	MSN nVIrus Hali Sajnos sikerült beszednem tegnap egy MSN viust a.. szövege. nézd meg a képet http://www.facebooklady.com/image.php?= ... 122010.JPG? Photo28122010.jpg.com alatt bujik meg a virus. szokásos módon, nem látom senkinek az üzenetét, csak küldözgeti 5 percenként a linket minden aktiv ismerüsőmnek. Hajnalban átfuttattam Kasperskyt a gépemen, leszedett vagy 10 Trójat, és ma délután rendben is ment MSNem, de ma 21.05-kor ujra elkezdte a küldözgetést. Segitene valamelyik hozzáértő szaki hogyan tudok megszabadulni töle? Köszi!
szer. dec. 30, 2009 22:43

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	Re: combofix Patrik555 írta: ... ha 3 vírus van a gépen? Egy is sok. Nagyon.
hétf. dec. 14, 2009 19:29

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Idézet: A Combofixet akkor is kell használni ha 3 vírus van a gépen? Es eztet hogy szamoltad me hogy 3 virus van a gepen?? A combofixet egyaltalan nemszabad hasznalni a hoza nemertoknek,ez nem antivirus program,hanem komoly eszkoz amivel konyen tonkre lehet teni a rendszert,,amugy most nemis mukszik mert javitason van,az uj rootkitek miat,
hétf. dec. 14, 2009 18:50

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	combofix A Combofixet akkor is kell használni ha 3 vírus van a gépen?
hétf. dec. 14, 2009 18:41

szomi1986 vas-tag Csatlakozott: szer. dec. 02, 2009 0:09 Hozzászólások: 2	---------- elküldttem neked a címet
szer. dec. 02, 2009 14:12

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Udv termeszetesen,de nem a Teamviewerel hanem adok neked mas programot a privat uzenetbe,es megirom hogy mit kel csinalnod,ok Ha van skype,ird be a privat uzibe a skype cimedet es majd ot megdumaljuk,,ok
szer. dec. 02, 2009 8:44

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Udv termeszetesen,de nem a Teamviewerel hanem adok neked mas programot a privat uzenetbe,es megirom hogy mit kel csinalnod,ok
szer. dec. 02, 2009 8:44

szomi1986 vas-tag Csatlakozott: szer. dec. 02, 2009 0:09 Hozzászólások: 2	heló stell csak azt szeretném kérdezni hogy ha megadnám a Teamwiever kódomat akkor meg-e tudnád nekem csinálni a gépemet mert nekem is ez a MSN-es vírus van , de már annyit próbálkoztam hogy az idegességtől már nemnagyon tudnám követni az utasításaidat
szer. dec. 02, 2009 0:32

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Idézet: Csak azt szeretném még meg kérdezni hogy a Nod32 hova lett a gépemről?? ot van ahol volt,,de ez mijen verzio 2.7..valami regi, Kinyitod a Notepadot>Start>futatas>beirod notepad Es bemasolod a piros textet KILLALL:: Folder:: c:\program files\SweetIM\Toolbars c:\program files\AskBarDis c:\program files\Software Informer Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"=- [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=- "{EEE6C35B-6118-11DC-9C72-001320C79847}"=- [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"=- "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=- [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Software Informer"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "QuickTime Task"=- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] MsnMsgr =- Extra:: FireFox:: FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\o13ud1o3.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Driver:: ASKUpgrade Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint.... A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl< legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide
hétf. nov. 30, 2009 20:15

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	nod32 Csak azt szeretném még meg kérdezni hogy a Nod32 hova lett a gépemről??
hétf. nov. 30, 2009 19:39

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	combofix ComboFix 09-11-29.06 - Patrik 009.11.30. 19:11.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.36.1038.18.2038.1218 [GMT 1:00] Running from: e:\letöltések\ComboFix.exe AV: ESET NOD32 Antivirus System 2.70 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2190117011-1395424398-397921663-500 c:\$recycle.bin\S-1-5-21-3931642380-1500485832-3417383588-500 . ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 ))))))))))))))))))))))))))))))) . 2009-11-30 18:24 . 2009-11-30 18:24 -------- d-----w- c:\users\Patrik\AppData\Local\temp 2009-11-30 14:55 . 2009-11-30 14:55 -------- d-----w- c:\users\Patrik\AppData\Roaming\Malwarebytes 2009-11-30 14:55 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-30 14:55 . 2009-11-30 14:55 -------- d-----w- c:\programdata\Malwarebytes 2009-11-30 14:55 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-30 14:55 . 2009-11-30 14:55 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-28 18:19 . 2009-11-28 18:19 -------- d-----w- c:\program files\AxBx 2009-11-26 02:03 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 12:51 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 12:51 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 10:38 . 2009-11-25 10:40 -------- d-----w- c:\users\Default\AppData\Local\Adobe 2009-11-21 11:42 . 2009-11-29 18:36 4096 d-----w- c:\users\Patrik\AppData\Local\PokerStars 2009-11-21 11:41 . 2009-11-21 12:02 8192 d-----w- c:\program files\PokerStars 2009-11-18 02:22 . 2009-11-18 02:22 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-18 02:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-18 02:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-18 02:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-18 02:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-18 02:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-18 02:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-11 10:53 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:52 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-07 17:04 . 2009-11-07 17:04 -------- d-----w- c:\programdata\Messenger Plus! 2009-11-07 16:58 . 2009-11-14 18:10 4096 d-----w- c:\program files\Messenger Plus! Live 2009-11-07 13:38 . 2009-11-07 13:38 -------- d-----w- c:\programdata\McAfee Security Scan 2009-11-06 17:43 . 2009-11-06 17:44 -------- d-----w- c:\program files\SweetIM 2009-11-06 17:43 . 2009-11-06 17:43 -------- d-----w- c:\programdata\SweetIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-30 18:16 . 2007-01-16 05:09 607990 ----a-w- c:\windows\system32\perfh00E.dat 2009-11-30 18:16 . 2007-01-16 05:09 142212 ----a-w- c:\windows\system32\perfc00E.dat 2009-11-30 18:01 . 2009-02-22 11:49 4096 d-----w- c:\users\Patrik\AppData\Roaming\Free Download Manager 2009-11-30 17:59 . 2009-02-22 11:50 4096 d-----w- c:\users\Patrik\AppData\Roaming\Software Informer 2009-11-25 19:42 . 2009-02-10 16:54 8192 d-----w- c:\users\Patrik\AppData\Roaming\LimeWire 2009-11-25 10:39 . 2008-02-02 16:45 8192 d-----w- c:\program files\Common Files\Adobe 2009-11-19 15:30 . 2009-05-29 19:28 28672 d-----w- c:\program files\bwin 2009-11-18 18:24 . 2008-07-31 05:16 8192 d-----w- c:\users\Patrik\AppData\Roaming\uTorrent 2009-11-18 02:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-18 02:21 . 2009-11-18 02:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-12 02:23 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 02:08 . 2007-09-03 04:44 8192 d-----w- c:\programdata\Microsoft Help 2009-11-02 19:42 . 2009-10-23 11:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-19 01:05 . 2007-09-03 04:43 28672 d-----w- c:\program files\Microsoft Works 2009-10-07 01:02 . 2009-10-03 16:09 4096 d-----w- c:\program files\Windows Live 2009-10-06 13:34 . 2008-06-13 12:05 4096 d-----w- c:\program files\Google 2009-10-05 15:12 . 2009-10-05 15:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-10-05 15:03 . 2009-10-05 15:02 4096 dcsh--w- c:\program files\Common Files\WindowsLiveInstaller 2009-10-05 15:01 . 2009-10-02 22:05 4096 d-----w- c:\programdata\WLInstaller 2009-10-05 14:53 . 2008-01-14 16:07 114400 ----a-w- c:\users\Patrik\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-02 22:14 . 2009-10-02 22:05 4096 d-----w- c:\programdata\WindowsLiveInstaller 2009-10-01 01:02 . 2009-11-18 02:04 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-18 02:04 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-18 02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-18 02:04 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-18 02:04 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-18 02:04 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-18 02:04 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-18 02:04 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-18 02:04 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-18 02:04 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-18 02:04 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-18 02:04 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10 . 2009-11-18 02:04 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-18 02:04 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-18 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-18 02:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-18 02:04 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-18 02:04 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-18 02:04 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-18 02:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-18 02:04 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-18 02:04 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-18 02:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-18 02:04 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-18 02:04 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-18 02:04 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-18 02:04 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-18 02:04 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-18 02:04 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-18 02:04 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-18 02:04 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-18 02:04 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-18 02:04 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-18 02:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-18 02:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-18 02:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-18 02:04 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-18 02:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-18 02:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-14 09:29 . 2009-10-17 19:47 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-17 20:24 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-28 08:54 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-28 08:54 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-04 11:41 . 2009-10-17 19:48 60928 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727] "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-14 951624] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-05-26 413696] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] "NDSTray.exe"="NDSTray.exe" [BU] c:\users\Patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote-tartalomjegyz‚k.onetoc2 [2008-1-14 3656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ed,d0,89,17,aa,1d,ca,01 R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2008.01.14. 17:56 15160] R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [2006.01.13. 14:00 15872] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [2008.01.14. 15:58 252416] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2008.04.16. 15:26 716272] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009.09.19. 11:40 234888] S2 gupdate1c9b3c681f2b810;Google frissítési szolgáltatás (gupdate1c9b3c681f2b810);c:\program files\Google\Update\GoogleUpdate.exe [2009.04.02. 20:09 133104] S3 FontCache;Windows betűtípus-gyorsítótár szolgáltatás;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008.06.04. 20:17 21504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2009-11-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-02 10:56] 2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 19:08] 2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-02 19:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.Google.com/ uInternet Settings,ProxyOverride = local IE: &Search IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm IE: E&xportálás a Microsoft Excel programba - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?HU IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home FF - ProfilePath - c:\users\Patrik\AppData\Roaming\Mozilla\Firefox\Profiles\o13ud1o3.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - HKCU-Run-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKCU-Run-fsm - (no file) HKLM-Run-Windows Firevall Control C - rundll.exe AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE AddRemove-AdVantage_DAEM - c:\program files\AdVantage\AdVUninst.exe AddRemove-Tweak UI 2.10 - c:\windows\system32\mshta.exe res://c:\windows\system32\TweakUI.exe/uninstall.hta AddRemove-Xilisoft 3GP Video Converter - c:\program files\Xilisoft\3GP Video Converter 3\Uninstall.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-30 19:24 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? scanning hidden files ... c:\users\Patrik\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1949029604-1998075413-3154449116-1000\Software\SecuROM\License information*] "datasecu"=hex:94,2b,36,09,4f,92,84,c0,c9,08,4e,d1,69,37,a7,04,89,a6,d4,64,09, 2a,28,59,14,9c,6b,c5,02,09,c3,98,3d,97,18,91,9a,42,d8,e1,7c,19,16,95,ee,12,\ "rkeysecu"=hex:0d,04,9d,07,1d,0f,0d,46,f2,16,a0,d1,c4,86,e2,92 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2009-11-30 19:27 ComboFix-quarantined-files.txt 2009-11-30 18:27 Pre-Run: 7 001 927 680 bájt szabad Post-Run: 7 867 461 632 bájt szabad - - End Of File - - 48706815F631A587397C54206D321605
hétf. nov. 30, 2009 19:35

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Na latod..mielot kerdezel utana kel nezni it a forumon, mivel a geped eleg csunan megvan fertozve meg futasd a combofixet Idézet: Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes...... Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed es http://download.bleepingcomputer.com/sUBs/ComboFix.exe
hétf. nov. 30, 2009 18:34

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	log Már megtaláltam mi a log. Malwarebytes' Anti-Malware 1.41 Adatbázis verzió: 2775 Windows 6.0.6002 Service Pack 2 2009.11.30. 17:38:43 mbam-log-2009-11-30 (17-38-43).txt Vizsgálat típusa: Teljes vizsgálat (C:\\|E:\\|F:\\|G:\\|) Átvizsgált objektumok: 282107 Eltelt idő: 1 hour(s), 26 minute(s), 13 second(s) Fertőzött memóriafolyamatok: 0 Fertőzött memória modulok: 1 Fertőzött rendszerleíró kulcsok: 80 Fertőzött rendszerleíró értékek: 5 Fertőzött rednszerleíró elemek: 1 Fertőzött mappák: 21 Fertőzött fájlok: 79 Fertőzött memóriafolyamatok: (Nem észleltem rosszindulatú elemeket) Fertőzött memória modulok: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Delete on reboot. Fertőzött rendszerleíró kulcsok: HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{dabf362d-d442-4402-9208-ca9ed70dd01e} (Adware.Advantage) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151} (Adware.Advantage) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17} (Adware.Advantage) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48} (Adware.Advantage) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{602d9049-b4ac-4a25-bf75-a9b54d747cba} (Adware.Advantage) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Fertőzött rendszerleíró értékek: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Fertőzött rednszerleíró elemek: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://postarticles.net) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Fertőzött mappák: C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Fertőzött fájlok: C:\$Recycle.Bin\S-1-5-21-1949029604-1998075413-3154449116-1000\$RFXHJDW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\TR.dll (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.
hétf. nov. 30, 2009 17:48

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	log Bocsánat de nem tudom mi az a "log".Nem vagyok egy Informatikai zseni.
hétf. nov. 30, 2009 17:29

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	udv na mar jol neznenk ki haminden virus miat at kene telepiteni a windowst http://download.bleepingcomputer.com/ma ... -setup.exe letoltod es csinalszkomplet skant,a logot ted ide,
vas. nov. 29, 2009 22:15

Patrik555 vas-tag Csatlakozott: vas. nov. 29, 2009 21:28 Hozzászólások: 6	msn vírus Engem is elkapott az msn vírus.De nálam csak annyi hatása van(eddig) hogy mindenkinek elküldi azt a linket amin a vírus van.Ezt hogyan lehet megszüntetni?Csak úgy lehet megszüntetni ha újra telepítem a windowst?
vas. nov. 29, 2009 21:32

rolika120 vas-tag Csatlakozott: kedd nov. 10, 2009 19:50 Hozzászólások: 1	vágj visza a terjesztőnek sziasztok ha valaki vissza akar vágni akor ezt a linket tegye oda:http://www.hackthat.net/df/ddos/88558/index.hack.
kedd nov. 10, 2009 20:06

nacorvus a fórum lelke Csatlakozott: vas. szept. 12, 2004 18:08 Hozzászólások: 6037 Tartózkodási hely: Usa	Most akkor tulajdonképpen mire gondoltál? Egy levelező kurzusos programozói tanfolyamra,vagy olyan vírusirtóra ami békénhagyja a a vírusos fileodat,esetleg kijavítja? Ennél egyszerűbb,ha letöltöd uu vírusosan és a vírusírtódat jól pofánvágod,hogy miért nem futtatja amikor én akarom!? (ez minden vírusirtóban megadatott lehetőség)...aztán kezdheted a táncot a kályhától!
csüt. jún. 04, 2009 17:41

Rodder vas-tag Csatlakozott: kedd jún. 02, 2009 22:58 Hozzászólások: 2	OK-ok köszi a reakciót.... Igazából arra gondoltam, hogy tudna-e ebben valaki segítséget nyújtani? Mivel a vir kódom sincs meg ill. nem csináltam még ilyet soha.
csüt. jún. 04, 2009 1:56

nacorvus a fórum lelke Csatlakozott: vas. szept. 12, 2004 18:08 Hozzászólások: 6037 Tartózkodási hely: Usa	Hogyne lenne,ha ismered a víruskódot (ez leírja,hogy milyen hosszú és általában hová települ a programon belül),nincs más dolgod,csak meghekkeled az exe filet és törlöd belőle ezt a programrészt. -Ezért általában az irtók nagy többsége nem igazán foglalkozik vele egyszerűen karanténozza,vagy törli a fertőzött filét,hogy a vírus ne tudjon fertőzni tovább.
szer. jún. 03, 2009 20:07

Rodder vas-tag Csatlakozott: kedd jún. 02, 2009 22:58 Hozzászólások: 2	Trojan.Win.32.genome.hpe Szia! Van egy progim aminek a *.exe állomanya fertőzött a témában említett trojaval. Kaspersky antivir. találta meg. Van arra valami lehetőség, hogy a filet megtisztítsuk és utána használható legyen? Köszi...
szer. jún. 03, 2009 10:47
Hozzászólások megjelenítése: Rendezés

Oldal: 3 / 24

[ 1193 hozzászólás ]

Oldal Előző 1, 2, 3, 4, 5, 6 ... 24 Következő

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 3 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség