Megválaszolatlan hozzászólások | Aktív témák Pontos idő: kedd okt. 01, 2024 10:23

Fórum kezdőlap » Terminal.hu » security

Időzóna: UTC + 1 óra




Hozzászólás a témához  Oldal: 15 / 35
  [ 1736 hozzászólás ]  Oldal Előző  1 ... 12, 13, 14, 15, 16, 17, 18 ... 35  Következő
Nyomtatóbarát verzió Előző téma | Következő téma 
Vírus vagy mi lehet??? 
Szerző Üzenet
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
http://www2.gmer.net/mbr/mbr.exe
ted az asztalra futasd rogton ad logot ted ide,
csüt. nov. 05, 2009 17:00
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
szia stell , beledobáltam a comboba amit kell , de amikor elindult a folyamat rootkit aktivitásra hivatkozva újraindította a gépet , majd ismét újraindította és itt a log:


ComboFix 09-11-03.03 - Pali 009.11.05. 16:19.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1023.566 [GMT 1:00]
Running from: c:\documents and settings\Pali\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Pali\Asztal\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091104-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-01 10:04 . 2009-11-01 10:07 -------- d-----w- c:\program files\Duplicate File Cleaner
2009-11-01 09:55 . 2009-11-01 09:58 -------- d-----w- c:\program files\Bigasoft
2009-10-30 10:10 . 2009-10-30 10:15 -------- d-----w- c:\program files\Speed Video Splitter
2009-10-28 08:59 . 2009-10-28 22:50 -------- d-----w- c:\program files\Blaze Media Pro
2009-10-28 08:58 . 2009-10-28 08:58 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\PackageAware
2009-10-28 08:53 . 2009-10-28 08:54 -------- d-----w- c:\program files\Movavi VideoSuite 7
2009-10-24 13:49 . 2009-10-26 08:23 -------- d-----w- C:\Új mappa
2009-10-24 13:30 . 2009-10-24 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2009-10-23 21:09 . 2009-10-25 19:27 -------- d-----w- c:\program files\Common Files\fmm
2009-10-23 20:40 . 2009-10-23 20:40 -------- d-----w- c:\documents and settings\Pali\Application Data\MOVAVI
2009-10-23 20:31 . 2009-10-28 08:27 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Downloaded Installations
2009-10-23 20:23 . 2009-10-23 21:21 -------- d-----w- c:\documents and settings\Pali\Application Data\GeoVid
2009-10-23 20:22 . 2009-10-23 20:22 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-23 20:21 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-10-23 20:21 . 2009-10-24 13:30 -------- d-----w- c:\program files\GeoVid
2009-10-23 11:28 . 2009-10-23 11:28 -------- d-----w- c:\windows\system32\RNBOSENT
2009-10-23 10:31 . 2009-10-23 10:31 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-10-23 10:30 . 2009-10-24 11:05 -------- d-----w- c:\program files\Deskshare
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\Common Files\MWS
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\MediaWare Solutions
2009-10-23 10:10 . 2009-10-23 10:10 -------- d-----w- c:\program files\Cinax
2009-10-23 10:10 . 1997-12-16 22:14 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-10-23 10:09 . 2009-10-23 10:09 -------- d-----w- c:\documents and settings\Pali\WINDOWS
2009-10-23 10:01 . 2009-10-23 10:01 -------- d-----w- c:\program files\Nuclear Coffee
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\documents and settings\Pali\Application Data\AltrixSoft
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\program files\Hard Drive Inspector
2009-10-17 11:14 . 2009-10-17 11:14 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Deployment
2009-10-17 11:11 . 2009-10-17 11:11 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\XenonMKV_Team
2009-10-08 06:39 . 2009-10-08 06:39 -------- d-----w- c:\documents and settings\Pali\Application Data\VitySoft
2009-10-07 22:40 . 2009-10-07 22:41 -------- d-----w- c:\documents and settings\Pali\NTI-Shadow
2009-10-07 22:39 . 2009-10-07 22:39 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\documents and settings\Pali\Application Data\InstallShield
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\program files\Freecom Network Storage Assistant
2009-10-06 23:26 . 2009-10-06 23:26 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:27 -------- d-----w- c:\documents and settings\Pali\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:25 -------- d-----w- c:\program files\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:26 -------- d-----w- c:\program files\Common Files\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 15:27 . 2009-07-19 15:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-05 15:27 . 2009-09-27 08:04 -------- d-----w- c:\program files\cFosSpeed
2009-11-05 11:52 . 2009-07-19 19:59 -------- d-----w- c:\documents and settings\Pali\Application Data\uTorrent
2009-11-04 21:33 . 2009-07-19 18:21 -------- d-----w- c:\documents and settings\Pali\Application Data\Vso
2009-11-04 19:54 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\vlc
2009-11-04 19:45 . 2009-09-27 21:08 -------- d-----w- c:\program files\ClipMate7
2009-11-04 19:39 . 2009-11-04 19:39 0 --sh--w- c:\windows\S7AEB99C1.tmp
2009-11-04 19:02 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\dvdcss
2009-10-30 10:15 . 2009-10-05 23:11 -------- d-----w- c:\documents and settings\Pali\Application Data\Free Download Manager
2009-10-26 06:52 . 2004-08-18 12:00 95264 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-26 06:52 . 2004-08-18 12:00 439262 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-24 09:39 . 2009-07-18 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 19:24 . 2009-07-22 20:41 -------- d-----w- c:\program files\Lx_cats
2009-10-23 11:27 . 2009-07-18 23:39 78216 ----a-w- c:\documents and settings\Pali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 10:25 . 2009-08-30 19:04 -------- d-----w- c:\documents and settings\Pali\Application Data\Pegasys Inc
2009-10-23 10:24 . 2009-08-30 19:02 -------- d-----w- c:\program files\Pegasys Inc
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-23 09:42 . 2009-07-20 09:38 -------- d-----w- c:\program files\EnhanceMovie 2.2
2009-10-23 09:33 . 2009-09-21 20:21 -------- d-----w- c:\program files\DVDPean Pro 5.0.5
2009-10-23 08:53 . 2009-07-25 18:28 -------- d-----w- c:\documents and settings\Pali\Application Data\VideoReDo-TVSuite
2009-10-19 14:24 . 2009-07-19 19:19 -------- d-----w- c:\documents and settings\Pali\Application Data\DVDFab
2009-10-19 14:21 . 2009-09-10 10:11 -------- d-----w- c:\program files\DVDFab 6
2009-10-19 05:22 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Elecard
2009-10-18 09:23 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-10-18 09:23 . 2009-07-24 13:16 -------- d-----w- c:\documents and settings\Pali\Application Data\Solveig Multimedia
2009-10-14 17:49 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3File
2009-10-13 20:23 . 2009-09-19 07:02 -------- d-----w- c:\program files\MediaCoder Audio Edition
2009-10-12 18:41 . 2009-08-26 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 04:59 . 2009-09-23 20:41 -------- d-----w- c:\program files\The FilmMachine
2009-10-10 10:36 . 2009-07-19 18:23 -------- d-----w- c:\program files\MoBiMouse
2009-10-06 07:50 . 2009-09-20 10:10 -------- d-----w- c:\program files\AVIedit
2009-10-06 06:29 . 2009-09-19 05:20 -------- d-----w- c:\program files\Sony
2009-10-06 05:14 . 2009-07-20 09:31 -------- d-----w- c:\documents and settings\Pali\Application Data\ComfortSoftware
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\program files\Free Download Manager
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-03 19:09 . 2009-07-19 22:08 -------- d-----w- c:\program files\Java
2009-10-02 18:44 . 2009-10-01 17:05 -------- d-----w- c:\program files\Hard Disk Sentinel
2009-10-02 06:25 . 2009-10-02 06:25 -------- d-----w- c:\program files\PowerQuest
2009-10-02 06:21 . 2009-10-02 06:21 -------- d-----w- c:\program files\PTDD Group
2009-10-02 05:50 . 2009-10-02 05:50 -------- d-----w- c:\program files\HD Tune Pro
2009-09-30 08:35 . 2009-09-30 08:35 -------- d-----w- c:\program files\HDDGURU LLF Tool
2009-09-30 07:34 . 2009-09-30 07:34 -------- d-----w- c:\program files\HD Tune
2009-09-30 07:33 . 2009-09-30 07:33 -------- d-----w- c:\program files\HDDGURU FreeWipe Tool
2009-09-29 17:19 . 2009-09-29 17:19 -------- d-----w- c:\program files\Clipboard Box
2009-09-28 05:09 . 2009-09-28 05:09 -------- d-----w- c:\program files\Boilsoft Video Joiner
2009-09-27 21:08 . 2009-09-27 21:08 -------- d-----w- c:\documents and settings\Pali\Application Data\Thornsoft Development
2009-09-27 21:05 . 2009-09-27 21:05 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-09-27 20:55 . 2009-09-27 20:55 -------- d-----w- c:\program files\ffdshow
2009-09-27 08:41 . 2009-07-25 16:32 -------- d-----w- c:\program files\ChrisTV PVR
2009-09-24 21:27 . 2009-07-21 11:03 -------- d-----w- c:\program files\Custom Technology
2009-09-24 17:48 . 2009-09-24 17:47 -------- d-----w- c:\program files\Billard-Simulator
2009-09-24 17:30 . 2009-09-24 17:30 -------- d-----w- c:\program files\Google
2009-09-23 20:42 . 2009-07-19 22:05 -------- d-----w- c:\program files\Real Alternative
2009-09-23 20:41 . 2009-07-19 22:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-23 19:59 . 2009-07-25 18:36 -------- d-----w- c:\documents and settings\Pali\Application Data\Thinstall
2009-09-22 18:18 . 2009-09-22 18:18 -------- d-----w- c:\program files\LizardTech
2009-09-22 16:47 . 2009-09-19 05:56 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 21:10 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3Filter
2009-09-21 21:10 . 2009-09-21 17:19 -------- d-----w- c:\program files\TFM Audio Tool
2009-09-21 20:32 . 2009-09-21 20:32 -------- d-----w- c:\program files\XnView
2009-09-21 20:28 . 2009-09-21 20:28 -------- d-----w- c:\program files\DVD2DVDR_Professional
2009-09-21 20:27 . 2009-09-21 20:27 -------- d-----w- c:\program files\DVD2DVD-R
2009-09-21 20:20 . 2009-09-21 20:20 -------- d-----w- c:\documents and settings\Pali\Application Data\AVCutty
2009-09-21 20:19 . 2009-09-21 20:19 -------- d-----w- c:\program files\AVCutty
2009-09-21 20:18 . 2009-09-21 20:18 -------- d-----w- c:\program files\VOB Edit 6
2009-09-21 20:15 . 2009-09-21 20:12 -------- d-----w- c:\program files\ProjectX_0.90.4.00
2009-09-21 20:10 . 2009-09-21 20:10 -------- d-----w- c:\program files\Muxman
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\Teletext
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\TVR
2009-09-21 19:14 . 2009-09-21 19:14 -------- d-----w- c:\program files\Dativus Translator Kft
2009-09-21 19:07 . 2009-09-21 18:57 -------- d-----w- c:\documents and settings\Pali\Application Data\Voipwise
2009-09-21 18:54 . 2009-09-21 18:54 -------- d-----w- c:\program files\Voipwise.com
2009-09-21 18:46 . 2009-09-21 18:46 -------- d-----w- c:\documents and settings\Pali\Application Data\JLC's Software
2009-09-21 18:38 . 2009-09-21 18:38 -------- d-----w- c:\program files\JLC's Software
2009-09-21 18:30 . 2009-09-21 18:29 -------- d-----w- c:\documents and settings\Pali\Application Data\concept design
2009-09-21 18:29 . 2009-09-21 18:29 -------- d-----w- c:\program files\concept design
2009-09-21 18:27 . 2009-09-21 18:27 -------- d-----w- c:\program files\CDisplay
2009-09-21 18:20 . 2009-09-21 18:20 -------- d-----w- c:\documents and settings\Pali\Application Data\COWON
2009-09-21 18:20 . 2009-09-19 06:18 -------- d-----w- c:\program files\JetAudio
2009-09-21 18:12 . 2009-09-21 18:09 -------- d-----w- c:\program files\Sonic Foundry Soft Encode
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-09-21 17:44 . 2009-09-17 20:56 -------- d-----w- c:\program files\Minnetonka Audio Software
2009-09-21 17:43 . 2009-09-21 17:43 -------- d-----w- c:\program files\Rainbow Technologies
2009-09-20 10:39 . 2009-09-20 10:39 -------- d-----w- c:\program files\Bucek
2009-09-20 10:38 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2009-09-20 10:37 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra Video Joiner
2009-09-20 10:32 . 2009-09-19 05:57 -------- d-----w- c:\program files\DivX
2009-09-20 10:28 . 2009-09-20 10:28 -------- d-----w- c:\program files\Cucusoft
2009-09-20 10:26 . 2009-09-20 10:26 -------- d-----w- c:\program files\AVI MPEG Splitter
2009-09-20 10:25 . 2009-09-20 10:25 -------- d-----w- c:\program files\AVI MPEG Cutter
2009-09-20 10:19 . 2009-09-20 10:19 -------- d-----w- c:\program files\bobyte
2009-09-20 10:17 . 2009-09-20 10:17 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-09-20 10:15 . 2009-09-20 10:15 -------- d-----w- c:\program files\Avidemux
2009-09-20 10:15 . 2009-09-20 10:14 -------- d-----w- c:\program files\Avidemux 2.4
2009-09-20 10:07 . 2009-09-20 10:04 -------- d-----w- c:\program files\Ace Video Workshop
2009-09-20 10:04 . 2009-09-20 10:03 -------- d-----w- c:\program files\abcAVI
2009-09-20 10:01 . 2009-09-20 10:00 -------- d-----w- c:\program files\All Media Fixer
2006-05-03 09:06 . 2009-08-30 18:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-30 18:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-30 18:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-18 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-04_15.35.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-04 19:41 . 2009-11-05 15:18 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-24 09:57 . 2009-11-04 15:24 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-05 15:27 . 2009-11-05 15:27 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2009-11-04 19:41 . 2009-11-05 15:18 32768 c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-24 09:57 . 2009-11-04 15:24 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-11-04 19:41 . 2009-11-05 15:18 16384 c:\windows\Temp\Cookies\index.dat
- 2009-07-24 09:57 . 2009-11-04 15:24 16384 c:\windows\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClipMate7"="c:\program files\ClipMate7\ClipMate.exe" [2008-10-03 3760424]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"VC5Player"="c:\program files\HHVcdV5Sys\VC5Play.exe" [2003-03-11 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"RecSche"="c:\program files\TVR\RecSche.exe" [2004-05-10 454656]
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" [2007-03-08 274944]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-09-11 1159496]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Clipboard Box"="c:\program files\Clipboard Box\clipboardbox.exe" [2008-02-15 1461248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-10-17 907659]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-02-03 16116224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"=
"c:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.08.26. 22:38 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009.07.19. 2:04 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007.04.23. 12:03 82200]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009.08.25. 2:37 673920]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [2003.05.07. 10:46 57008]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009.08.25. 2:37 1238344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009.07.19. 2:04 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009.08.25. 2:37 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009.08.25. 2:38 234640]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009.09.19. 8:23 33792]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008.01.25. 10:12 25088]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009.08.25. 2:37 33408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.08.26. 22:34 348752]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\progra~1\MATVAD~1\TNPACKET.SYS [2002.10.09. 12:38 9376]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.t-online.hu/
IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\
FF - prefs.js: browser.search.selectedEngine - OneRiot Social Web Search
FF - prefs.js: browser.startup.homepage - hxxp://hu.start2.mozilla.com/firefox?cl ... u:official
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 458765
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 16:29
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85D09F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85d09f00
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vbev5mp]
"ImagePath"="system32\DRIVERS\vbev5mp.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Virtual CD v5\System\VC5Tray.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lvhidsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Blaze Media Pro\NMSAccess32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HHVcdV5Sys\VC5SecS.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\HDDSvc.exe
c:\windows\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2009-11-05 16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 15:31
ComboFix2.txt 2009-11-04 19:44
ComboFix3.txt 2009-11-04 15:40
ComboFix4.txt 2009-07-24 09:26

Pre-Run: 507 305 984 bájt szabad
Post-Run: 448 430 080 bájt szabad
csüt. nov. 05, 2009 16:45
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
udv
andi epen nemlatok virust de futasd a combofixet es a loglyat ted ide
Idézet:
Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes......
Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed es
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
csüt. nov. 05, 2009 16:31
Profil Privát üzenet küldése Honlap
kataiandi
arany tag

Csatlakozott: szer. dec. 27, 2006 16:11
Hozzászólások: 392
Hozzászólás 
Sziasztok!
Internettel volt problémám...egyes helyeken nem működött illetve nagyon lassan pl. Firefox , máshol pl. utorrenten igen. Azt mondták tuti vírusos a gép. A gépemen NOD Security volt, de nem jelzett semmit.... gyári 30napos koddal.. végigfuttattam a Spybotot is, de ott sincs semmi. Most az Avirát tettem vissza és most az fissít,vizsgál. Tényleg vírus lehet? Felteszem addig a Hijack-ot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:16, on 2009.11.05.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\allsnap.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\RENDSZ~1\LOCALS~1\Temp\RtkBtMnt.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startlap.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe"
O4 - HKLM\..\Run: [Transbar] "C:\WINDOWS\transbar.exe" /s
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Game\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Game\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8143 bytes

Köszi a segítséget előre is!
Andi
csüt. nov. 05, 2009 14:44
Profil Privát üzenet küldése Honlap
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
van e javulas a gepel""
nincsen mit koszonod
udv,
csüt. nov. 05, 2009 9:24
Profil Privát üzenet küldése Honlap
Petrovo
vas-tag

Csatlakozott: vas. szept. 07, 2008 21:38
Hozzászólások: 5
Hozzászólás 
stell írta:
mysql szervert újra kell rakni
hat igen ha irlya akor biztosan ulyra kelesz rakni ezt a programot
start-futatas beirni combofix /uninstall ok
a combofix letelepetitodik a geprol
kipucolni a gepet CCleaneral en masat nem latok


Nagyon köszönöm stell a segítségedet!

Üdv

Pet
csüt. nov. 05, 2009 5:50
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
csak nyugodtan,,en is mar vegzek,mara eleg volt
udv,
szer. nov. 04, 2009 22:03
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
Köszönöm stell , ezt már csak holnap csinálom meg , ha nem jelent hátrányt az ügymenetben...
szer. nov. 04, 2009 22:02
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
:arrow: http://support.microsoft.com/?scid=kb%3 ... 4&x=9&y=20
elmegy erre az oldalra alol kivalasztod a javito konzolat Windows XP Service Pack 2 (SP2).Az op-rendszered szerint >>ne teveszen meg hogy it a masokat irnak letoltod az asztalra es beledobod a combofixbe
Kép
egyez bele a licencioba es a combofix feltelepiti a javito konzolat
csinalsz uj CFScriptet,,es beledobod a combofixbe
Kód:
RESTORE::
c:\windows\system32\drivers\atapi.sys

a loglyat ted ide,
szer. nov. 04, 2009 21:11
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
Megtettem amit írtál.


ComboFix 09-11-03.03 - Pali 009.11.04. 20:31.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1023.566 [GMT 1:00]
Running from: c:\documents and settings\Pali\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Pali\Asztal\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091104-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\S7AEB99C1.tmp"
"c:\windows\system32\ebbfbbe_z.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\instance.dat
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\mia.lib
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1110D383\4B432F4E\640x480.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\13FAFF0F\74AD4AE7\lame_enc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\15FCD408\1D442A03\viscomaudiodata.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1BFDA811\F62D5284\ExControl.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1C419080\387EEA1E\IsDRM.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1E7EFA60\97F5527C\volto_CR5AXQ.lic
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1EAA014C\74AD4AE7\TVE4.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1EB8D3D\5D8C36FC\AffCreatorDLL.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\1F3C49AE\8FD17A8B\Faac.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\20150182\19751891\720x576PAL.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\20A462E5\BE9F39B8\videoformat.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\22108700\19751891\Local Network (256 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\2267BC26\BE9F39B8\viscomflvenc_licenseto_MystikMedia.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\240ECBFB\BE9F39B8\viscomaudioencoder.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\24A1ED17\2302A1E7\SkinBoxer43.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\27C62A2E\19751891\640x480 video.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\2E01768B\1D442A03\viscommpgenc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\30AB743C\BE9F39B8\viscomdata1.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\30EACE10\19751891\Pocket PC (225kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3439E350\8917324D\BMP.exe.manifest
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3775636C\92A79537\videocap.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\39E281B2\A01B9A47\Input32X.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3A539185\E87F2805\VCDBurner.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3D2919A7\32F7A4D1\AdjMmsEng.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3D6B129C\19751891\Local Network (384 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3DA0E39D\1D442A03\viscomdvds.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3E8E1702\1D442A03\videotrans.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F38F085\93213F80\amp3dj.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\Default.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_300K_Broadband.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_512K_BroadbandHigh.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_56K_Modem.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_Audio_128K_BroadbandLow.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_Audio_256K_BroadbandHigh.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_Audio_56K_Modem.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_AudioOnly.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_CD_PerfectQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_Default.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_HighQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_HighQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_Lossless.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_LowQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_LowQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_MediumQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_MediumQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_PerfectQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\FLV_VideoOnly.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_300K_Broadband.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_512K_BroadbandHigh.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_56K_Modem.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_Audio_128K_BroadbandLow.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_Audio_256K_BroadbandHigh.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_Audio_56K_Modem.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_AudioOnly.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_CD_PerfectQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_HighQuality.settings.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_HighQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_LowQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_LowQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_MediumQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_MediumQualityVBR2.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_PerfectQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\ISO_VideoOnly.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\MP3.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\SWF_300K_Broadband.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\SWF_512K_BroadbandHigh.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\SWF_56K_Modem.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\3F9B7BB3\D756E1A8\SWF_CD_PerfectQuality.settings
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\41BBA404\FFFF89BC\wavdest.ax
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\4345E9C9\F4168408\Manipulate.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\45F0CB1D\4B432F4E\1280x1024.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\46DCAF14\431AE4FA\Lame.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\4978668B\BE9F39B8\viscomwave.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\4D743553\1D442A03\videoformat.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\4DE1DBE1\1D442A03\msvcr71.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\503E1922\92A79537\viscomtran.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\511E84A9\BE9F39B8\gdiplus.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\52A13E36\1D442A03\dvdripper.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\55C8DCFE\19751891\LAN, Cable Modem, or xDSL (100 to 768kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\5640A05\BE9F39B8\viscomflvdec_licenseto_MystikMedia.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\59F37AFC\8917324D\BMP.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\5CB83A3B\A730A4AF\asrecmms.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\5E036521\BE9F39B8\viscommpgdec.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\6062BC80\74AD4AE7\Turbine.TVE4.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\63B71039\BE9F39B8\viscomtran.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\63E85F6B\431AE4FA\OggEnc.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\711EE551\4B432F4E\800x600.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\71747601\2302A1E7\memman.vxd
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\75CF61C5\2D911E49\vumeter.ax
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\7C98444B\19751891\720x480NTSC.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\7EC83F15\8917324D\cp.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\8012801F\1D442A03\MFC71.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\85E36AE0\8FD17A8B\mscomctl.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\86784D0\BE9F39B8\viscomdata3.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\879D649D\BE9F39B8\viscomqtenc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\87A7D043\32F7A4D1\Asoedmms.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\89A0310F\8FD17A8B\comdlg32.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\920718B4\A548F52D\ActSoft-Videos.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\92862F82\74AD4AE7\TVE4COM.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\9844C3DB\1D442A03\lame_enc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\98B4DDFD\1D442A03\videocore.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\9955E409\2E9DA2D4\Blazemp.chm
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\A0C8CFD5\39093834\viscomdvdimg.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\A3949050\8917324D\Lyrics.mdb
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\A5327326\BE9F39B8\viscom3gpenc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\AAB07175\19751891\Dial-up Modems (28,8 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\AC55F148\97F5527C\voltoCDX.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\AD299E2E\2D911E49\Media.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\AD38ADA6\BE9F39B8\viscomqtde.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\AFC491F9\AF8C2D79\AudioGenie2.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\B18CBFF8\BE9F39B8\viscomaudiodata.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\B1DE70B1\4B432F4E\1024x768.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\B7C91652\BE9F39B8\viscommpgenc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C_\Programming\ActiveX\NMSDVDX DVD Burning SDK\Bin\Win32\NMSAccess32.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C25E605E\BE9F39B8\videotrans.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C321DE36\19751891\352x288PAL.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C603B618\4CE0045E\erdmpg-6.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C6D94179\7BDB8A9F\WMVProfileEditor.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C7412475\3A450264\VideoInfo.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\C9BFB3EA\4CE0045E\DirectEncode.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\CB705776\19751891\Dial-up Modems (56 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\CCE4E3A6\1AD538CD\comLyricGetter.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\CD4A9BF0\1D139F4\Tab32x30.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\CED1CDE5\F0B0E335\NCTImageFile.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\D0CB705E\4B432F4E\320x240.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\D7552C32\B7886AB6\Uncommon.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\D77A6370\BE9F39B8\videocore.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\D8CABF01\BE9F39B8\VideoEdit.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\D97BCDE2\BE9F39B8\viscomgifenc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\DA06123E\431AE4FA\MSBIND.DLL
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\DA5D83E5\19751891\352x240NTSC.prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\DA6E97FC\BE9F39B8\viscomframe.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\DFB9C1FE\19751891\Dial-up Modems or LAN (28,8 to 100 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E12C82FD\BE9F39B8\viscomdata2.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E27A35DF\5104EFF1\NormalizeDSP.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E4854A4F\19751891\Local Network (100 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E5FB8439\1D442A03\lame_enc.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\mediaplayer01.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\mediaplayer02.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\mediaplayer03.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\mediaplayer04.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\mediaplayer05.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\player.html
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin01.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin02.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin03.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin04.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin05.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin06.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin07.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin08.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin09.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin10.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\skin11.swf
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E75C313E\169E7B3C\video.flv
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E8DCC26C\CDC1F3D7\Unzip32.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\E8F50489\2A09FCDC\NMSDVDX.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\EC3470FD\1D442A03\viscomaudioencoder.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\EF5CA551\1D442A03\viscomwave.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\F4252397\39093834\dvdauthor.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\F664D8C2\E1A92373\etOneOnly.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\F8F2F256\19751891\Local Network (768 kbps).prx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\F9204BA9\1D442A03\MFC71u.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\F9BBCFF0\1D442A03\msvcp71.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\FC440B15\8FD17A8B\MBMsgEx.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\FE0C59A2\431AE4FA\actskn43.ocx
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\OFFLINE\FF4AF513\1D442A03\viscommpgdecrip.dll
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.dat
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.exe
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.lnk
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.msi
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.par
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.res
c:\windows\system32\ebbfbbe_z.dll
c:\windows\S7AEB99C1.tmp . . . . failed to delete

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
--------------- FCopy ---------------

c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-01 10:04 . 2009-11-01 10:07 -------- d-----w- c:\program files\Duplicate File Cleaner
2009-11-01 09:55 . 2009-11-01 09:58 -------- d-----w- c:\program files\Bigasoft
2009-10-30 10:10 . 2009-10-30 10:15 -------- d-----w- c:\program files\Speed Video Splitter
2009-10-28 08:59 . 2009-10-28 22:50 -------- d-----w- c:\program files\Blaze Media Pro
2009-10-28 08:58 . 2009-10-28 08:58 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\PackageAware
2009-10-28 08:53 . 2009-10-28 08:54 -------- d-----w- c:\program files\Movavi VideoSuite 7
2009-10-24 13:49 . 2009-10-26 08:23 -------- d-----w- C:\Új mappa
2009-10-24 13:30 . 2009-10-24 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2009-10-23 21:09 . 2009-10-25 19:27 -------- d-----w- c:\program files\Common Files\fmm
2009-10-23 20:40 . 2009-10-23 20:40 -------- d-----w- c:\documents and settings\Pali\Application Data\MOVAVI
2009-10-23 20:31 . 2009-10-28 08:27 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Downloaded Installations
2009-10-23 20:23 . 2009-10-23 21:21 -------- d-----w- c:\documents and settings\Pali\Application Data\GeoVid
2009-10-23 20:22 . 2009-10-23 20:22 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-23 20:21 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-10-23 20:21 . 2009-10-24 13:30 -------- d-----w- c:\program files\GeoVid
2009-10-23 11:28 . 2009-10-23 11:28 -------- d-----w- c:\windows\system32\RNBOSENT
2009-10-23 10:31 . 2009-10-23 10:31 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-10-23 10:30 . 2009-10-24 11:05 -------- d-----w- c:\program files\Deskshare
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\Common Files\MWS
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\MediaWare Solutions
2009-10-23 10:10 . 2009-10-23 10:10 -------- d-----w- c:\program files\Cinax
2009-10-23 10:10 . 1997-12-16 22:14 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-10-23 10:09 . 2009-10-23 10:09 -------- d-----w- c:\documents and settings\Pali\WINDOWS
2009-10-23 10:01 . 2009-10-23 10:01 -------- d-----w- c:\program files\Nuclear Coffee
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\documents and settings\Pali\Application Data\AltrixSoft
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\program files\Hard Drive Inspector
2009-10-17 11:14 . 2009-10-17 11:14 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Deployment
2009-10-17 11:11 . 2009-10-17 11:11 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\XenonMKV_Team
2009-10-08 06:39 . 2009-10-08 06:39 -------- d-----w- c:\documents and settings\Pali\Application Data\VitySoft
2009-10-07 22:40 . 2009-10-07 22:41 -------- d-----w- c:\documents and settings\Pali\NTI-Shadow
2009-10-07 22:39 . 2009-10-07 22:39 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\documents and settings\Pali\Application Data\InstallShield
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\program files\Freecom Network Storage Assistant
2009-10-06 23:26 . 2009-10-06 23:26 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:27 -------- d-----w- c:\documents and settings\Pali\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:25 -------- d-----w- c:\program files\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:26 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-05 23:11 . 2009-10-30 10:15 -------- d-----w- c:\documents and settings\Pali\Application Data\Free Download Manager
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 19:40 . 2009-07-19 15:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 19:39 . 2009-09-27 08:04 -------- d-----w- c:\program files\cFosSpeed
2009-11-04 19:39 . 2009-11-04 19:39 0 ------w- c:\windows\S7AEB99C1.tmp
2009-11-04 19:19 . 2009-09-27 21:08 -------- d-----w- c:\program files\ClipMate7
2009-11-04 19:15 . 2009-07-19 19:59 -------- d-----w- c:\documents and settings\Pali\Application Data\uTorrent
2009-11-04 19:03 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\vlc
2009-11-04 19:02 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\dvdcss
2009-10-30 08:23 . 2009-07-19 18:21 -------- d-----w- c:\documents and settings\Pali\Application Data\Vso
2009-10-26 06:52 . 2004-08-18 12:00 95264 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-26 06:52 . 2004-08-18 12:00 439262 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-24 09:39 . 2009-07-18 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 19:24 . 2009-07-22 20:41 -------- d-----w- c:\program files\Lx_cats
2009-10-23 11:27 . 2009-07-18 23:39 78216 ----a-w- c:\documents and settings\Pali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 10:25 . 2009-08-30 19:04 -------- d-----w- c:\documents and settings\Pali\Application Data\Pegasys Inc
2009-10-23 10:24 . 2009-08-30 19:02 -------- d-----w- c:\program files\Pegasys Inc
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-23 09:42 . 2009-07-20 09:38 -------- d-----w- c:\program files\EnhanceMovie 2.2
2009-10-23 09:33 . 2009-09-21 20:21 -------- d-----w- c:\program files\DVDPean Pro 5.0.5
2009-10-23 08:53 . 2009-07-25 18:28 -------- d-----w- c:\documents and settings\Pali\Application Data\VideoReDo-TVSuite
2009-10-19 14:24 . 2009-07-19 19:19 -------- d-----w- c:\documents and settings\Pali\Application Data\DVDFab
2009-10-19 14:21 . 2009-09-10 10:11 -------- d-----w- c:\program files\DVDFab 6
2009-10-19 05:22 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Elecard
2009-10-18 09:23 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-10-18 09:23 . 2009-07-24 13:16 -------- d-----w- c:\documents and settings\Pali\Application Data\Solveig Multimedia
2009-10-14 17:49 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3File
2009-10-13 20:23 . 2009-09-19 07:02 -------- d-----w- c:\program files\MediaCoder Audio Edition
2009-10-12 18:41 . 2009-08-26 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 04:59 . 2009-09-23 20:41 -------- d-----w- c:\program files\The FilmMachine
2009-10-10 10:36 . 2009-07-19 18:23 -------- d-----w- c:\program files\MoBiMouse
2009-10-06 07:50 . 2009-09-20 10:10 -------- d-----w- c:\program files\AVIedit
2009-10-06 06:29 . 2009-09-19 05:20 -------- d-----w- c:\program files\Sony
2009-10-06 05:14 . 2009-07-20 09:31 -------- d-----w- c:\documents and settings\Pali\Application Data\ComfortSoftware
2009-10-03 19:09 . 2009-07-19 22:08 -------- d-----w- c:\program files\Java
2009-10-02 18:44 . 2009-10-01 17:05 -------- d-----w- c:\program files\Hard Disk Sentinel
2009-10-02 06:25 . 2009-10-02 06:25 -------- d-----w- c:\program files\PowerQuest
2009-10-02 06:21 . 2009-10-02 06:21 -------- d-----w- c:\program files\PTDD Group
2009-10-02 05:50 . 2009-10-02 05:50 -------- d-----w- c:\program files\HD Tune Pro
2009-09-30 08:35 . 2009-09-30 08:35 -------- d-----w- c:\program files\HDDGURU LLF Tool
2009-09-30 07:34 . 2009-09-30 07:34 -------- d-----w- c:\program files\HD Tune
2009-09-30 07:33 . 2009-09-30 07:33 -------- d-----w- c:\program files\HDDGURU FreeWipe Tool
2009-09-29 17:19 . 2009-09-29 17:19 -------- d-----w- c:\program files\Clipboard Box
2009-09-28 05:09 . 2009-09-28 05:09 -------- d-----w- c:\program files\Boilsoft Video Joiner
2009-09-27 21:08 . 2009-09-27 21:08 -------- d-----w- c:\documents and settings\Pali\Application Data\Thornsoft Development
2009-09-27 21:05 . 2009-09-27 21:05 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-09-27 20:55 . 2009-09-27 20:55 -------- d-----w- c:\program files\ffdshow
2009-09-27 08:41 . 2009-07-25 16:32 -------- d-----w- c:\program files\ChrisTV PVR
2009-09-24 21:27 . 2009-07-21 11:03 -------- d-----w- c:\program files\Custom Technology
2009-09-24 17:48 . 2009-09-24 17:47 -------- d-----w- c:\program files\Billard-Simulator
2009-09-24 17:30 . 2009-09-24 17:30 -------- d-----w- c:\program files\Google
2009-09-23 20:42 . 2009-07-19 22:05 -------- d-----w- c:\program files\Real Alternative
2009-09-23 20:41 . 2009-07-19 22:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-23 19:59 . 2009-07-25 18:36 -------- d-----w- c:\documents and settings\Pali\Application Data\Thinstall
2009-09-22 18:18 . 2009-09-22 18:18 -------- d-----w- c:\program files\LizardTech
2009-09-22 16:47 . 2009-09-19 05:56 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 21:10 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3Filter
2009-09-21 21:10 . 2009-09-21 17:19 -------- d-----w- c:\program files\TFM Audio Tool
2009-09-21 20:32 . 2009-09-21 20:32 -------- d-----w- c:\program files\XnView
2009-09-21 20:28 . 2009-09-21 20:28 -------- d-----w- c:\program files\DVD2DVDR_Professional
2009-09-21 20:27 . 2009-09-21 20:27 -------- d-----w- c:\program files\DVD2DVD-R
2009-09-21 20:20 . 2009-09-21 20:20 -------- d-----w- c:\documents and settings\Pali\Application Data\AVCutty
2009-09-21 20:19 . 2009-09-21 20:19 -------- d-----w- c:\program files\AVCutty
2009-09-21 20:18 . 2009-09-21 20:18 -------- d-----w- c:\program files\VOB Edit 6
2009-09-21 20:15 . 2009-09-21 20:12 -------- d-----w- c:\program files\ProjectX_0.90.4.00
2009-09-21 20:10 . 2009-09-21 20:10 -------- d-----w- c:\program files\Muxman
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\Teletext
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\TVR
2009-09-21 19:14 . 2009-09-21 19:14 -------- d-----w- c:\program files\Dativus Translator Kft
2009-09-21 19:07 . 2009-09-21 18:57 -------- d-----w- c:\documents and settings\Pali\Application Data\Voipwise
2009-09-21 18:54 . 2009-09-21 18:54 -------- d-----w- c:\program files\Voipwise.com
2009-09-21 18:46 . 2009-09-21 18:46 -------- d-----w- c:\documents and settings\Pali\Application Data\JLC's Software
2009-09-21 18:38 . 2009-09-21 18:38 -------- d-----w- c:\program files\JLC's Software
2009-09-21 18:30 . 2009-09-21 18:29 -------- d-----w- c:\documents and settings\Pali\Application Data\concept design
2009-09-21 18:29 . 2009-09-21 18:29 -------- d-----w- c:\program files\concept design
2009-09-21 18:27 . 2009-09-21 18:27 -------- d-----w- c:\program files\CDisplay
2009-09-21 18:20 . 2009-09-21 18:20 -------- d-----w- c:\documents and settings\Pali\Application Data\COWON
2009-09-21 18:20 . 2009-09-19 06:18 -------- d-----w- c:\program files\JetAudio
2009-09-21 18:12 . 2009-09-21 18:09 -------- d-----w- c:\program files\Sonic Foundry Soft Encode
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-09-21 17:44 . 2009-09-17 20:56 -------- d-----w- c:\program files\Minnetonka Audio Software
2009-09-21 17:43 . 2009-09-21 17:43 -------- d-----w- c:\program files\Rainbow Technologies
2009-09-20 10:39 . 2009-09-20 10:39 -------- d-----w- c:\program files\Bucek
2009-09-20 10:38 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2009-09-20 10:37 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra Video Joiner
2009-09-20 10:32 . 2009-09-19 05:57 -------- d-----w- c:\program files\DivX
2009-09-20 10:28 . 2009-09-20 10:28 -------- d-----w- c:\program files\Cucusoft
2009-09-20 10:26 . 2009-09-20 10:26 -------- d-----w- c:\program files\AVI MPEG Splitter
2009-09-20 10:25 . 2009-09-20 10:25 -------- d-----w- c:\program files\AVI MPEG Cutter
2009-09-20 10:19 . 2009-09-20 10:19 -------- d-----w- c:\program files\bobyte
2009-09-20 10:17 . 2009-09-20 10:17 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-09-20 10:15 . 2009-09-20 10:15 -------- d-----w- c:\program files\Avidemux
2009-09-20 10:15 . 2009-09-20 10:14 -------- d-----w- c:\program files\Avidemux 2.4
2009-09-20 10:07 . 2009-09-20 10:04 -------- d-----w- c:\program files\Ace Video Workshop
2009-09-20 10:04 . 2009-09-20 10:03 -------- d-----w- c:\program files\abcAVI
2009-09-20 10:01 . 2009-09-20 10:00 -------- d-----w- c:\program files\All Media Fixer
2009-09-19 22:14 . 2009-09-19 07:35 -------- d-----w- c:\documents and settings\Pali\Application Data\Steinberg
2009-09-19 08:26 . 2009-08-31 17:01 -------- d-----w- c:\program files\ImTOO
2009-09-19 08:03 . 2009-09-19 08:03 -------- d-----w- c:\program files\XRECODE
2006-05-03 09:06 . 2009-08-30 18:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-30 18:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-30 18:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-18 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-04_15.35.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-04 19:40 . 2009-11-04 19:40 16384 c:\windows\Temp\Perflib_Perfdata_454.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClipMate7"="c:\program files\ClipMate7\ClipMate.exe" [2008-10-03 3760424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"VC5Player"="c:\program files\HHVcdV5Sys\VC5Play.exe" [2003-03-11 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"RecSche"="c:\program files\TVR\RecSche.exe" [2004-05-10 454656]
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" [2007-03-08 274944]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-09-11 1159496]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Clipboard Box"="c:\program files\Clipboard Box\clipboardbox.exe" [2008-02-15 1461248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-10-17 907659]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-02-03 16116224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"=
"c:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.08.26. 22:38 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009.07.19. 2:04 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007.04.23. 12:03 82200]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009.08.25. 2:37 673920]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [2003.05.07. 10:46 57008]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009.08.25. 2:37 1238344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009.07.19. 2:04 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009.08.25. 2:37 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009.08.25. 2:38 234640]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009.09.19. 8:23 33792]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008.01.25. 10:12 25088]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009.08.25. 2:37 33408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.08.26. 22:34 348752]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\progra~1\MATVAD~1\TNPACKET.SYS [2002.10.09. 12:38 9376]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.t-online.hu/
IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\
FF - prefs.js: browser.search.selectedEngine - OneRiot Social Web Search
FF - prefs.js: browser.startup.homepage - hxxp://hu.start2.mozilla.com/firefox?cl ... u:official
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 458765
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Blaze Media Pro - c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.exe
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}\setup_blazemp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 20:42
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85E756F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85e756f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vbev5mp]
"ImagePath"="system32\DRIVERS\vbev5mp.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Virtual CD v5\System\VC5Tray.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lvhidsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Blaze Media Pro\NMSAccess32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HHVcdV5Sys\VC5SecS.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\HDDSvc.exe
c:\windows\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2009-11-04 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 19:44
ComboFix2.txt 2009-11-04 15:40
ComboFix3.txt 2009-07-24 09:26

Pre-Run: 657 317 888 bájt szabad
Post-Run: 538 013 696 bájt szabad
szer. nov. 04, 2009 20:51
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
pilaka
:arrow: letoltod az asztalra ezt a programot
http://www2.gmer.net/mbr/mbr.exe
start-futatas masold be ezt a parancsot es klik ok
"%userprofile%\Asztal\mbr" -f [enter]>.restart
:arrow:
Idézet:
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Kód:
KILLALL::
SecCenter::
{043803A3-4F86-4ef6-AFC5-F6E02A79969B}
Folder::
c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
File::
c:\windows\S7AEB99C1.tmp
c:\windows\system32\ebbfbbe_z.dll
FCOPY::
c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
RegNull::
[HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16E57D4A-B9D6-ACF5-F5B7-5532B0EE765F}*]
[HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB3CFC07-21FC-6D3E-AC69-DC23C77D3EB8}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\?•€|˙˙˙˙"•€|ţ»Ów*]
FixCSet::
Reboot::

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide
szer. nov. 04, 2009 19:17
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
petrovo hozzászólása felett ....
szer. nov. 04, 2009 18:47
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
:shock: hol van a combofixed,nemlatom sehol,
szer. nov. 04, 2009 18:42
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
És én ....? :roll:
szer. nov. 04, 2009 18:32
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
mysql szervert újra kell rakni
hat igen ha irlya akor biztosan ulyra kelesz rakni ezt a programot
start-futatas beirni combofix /uninstall ok
a combofix letelepetitodik a geprol
kipucolni a gepet CCleaneral en masat nem latok
szer. nov. 04, 2009 18:25
Profil Privát üzenet küldése Honlap
Petrovo
vas-tag

Csatlakozott: vas. szept. 07, 2008 21:38
Hozzászólások: 5
Hozzászólás 
stell írta:
szed le a geprol a C:\Program Files\Lavasoft\Ad-Aware eleg a spybot,,
futasd le a combofixet
Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes......
Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Üdv!

Sikerült hozzáférnem a géphez és lefuttattam a combofix-et:

ComboFix 09-11-03.03 - Termonivo 009.11.04. 16:59.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1471.991 [GMT 1:00]
Running from: c:\documents and settings\Termonivo\Asztal\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 11:33 . 2009-11-04 11:34 -------- d-----w- C:\rsit
2009-11-03 17:00 . 2009-11-03 17:00 -------- d-----w- c:\documents and settings\Termonivo\Local Settings\Application Data\Temp
2009-11-03 16:59 . 2009-11-03 17:02 -------- d-----w- c:\documents and settings\Termonivo\Local Settings\Application Data\Google
2009-11-03 16:58 . 2009-11-03 16:58 -------- d-----w- c:\documents and settings\Termonivo\Local Settings\Application Data\Deployment
2009-11-03 16:52 . 2009-11-03 16:52 -------- d-----w- C:\ERDNT
2009-11-03 16:51 . 2009-11-03 16:52 -------- d-----w- c:\windows\ERUNT
2009-11-03 16:50 . 2009-11-03 16:50 -------- d-----w- C:\!FixIEDef
2009-11-03 11:01 . 2009-11-03 11:01 -------- d-----w- c:\program files\Trend Micro
2009-11-03 09:39 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-03 09:33 . 2009-11-03 09:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-11-03 09:31 . 2009-11-03 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-03 09:31 . 2009-11-03 09:31 -------- d-----w- c:\program files\Lavasoft
2009-10-19 14:18 . 2009-10-19 14:18 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 14:45 . 2009-01-30 12:52 -------- d-----w- c:\program files\EFOK09
2009-11-03 17:05 . 2007-12-06 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 16:29 . 2007-12-06 13:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-03 08:11 . 2009-01-06 12:51 -------- d-----w- c:\program files\abevjava
2009-11-03 08:09 . 2009-01-06 12:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-31 14:29 . 2008-02-01 13:08 -------- d-----w- c:\program files\EFOK08
2009-10-26 07:12 . 2004-08-18 12:00 449718 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-26 07:12 . 2004-08-18 12:00 100672 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-19 14:35 . 2007-11-15 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 13:10 . 2007-11-19 09:03 -------- d-----w- c:\program files\EFOK07
2009-10-15 13:02 . 2008-01-28 10:00 -------- d-----w- c:\program files\EFOK06
2009-10-15 11:20 . 2007-11-15 14:04 69232 ----a-w- c:\documents and settings\Termonivo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 12:34 . 2007-11-15 13:36 -------- d-----w- c:\program files\Microsoft Works
2009-09-22 10:18 . 2009-09-22 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-22 09:44 . 2009-09-22 09:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-22 09:40 . 2009-09-22 09:40 -------- d-----w- c:\program files\Defraggler
2009-09-22 09:39 . 2009-09-22 09:39 -------- d-----w- c:\program files\CCleaner
2009-09-22 09:36 . 2009-09-22 09:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-22 06:47 . 2009-09-22 06:47 -------- d-----w- c:\documents and settings\Termonivo\Application Data\Malwarebytes
2009-09-22 06:47 . 2009-09-22 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 06:46 . 2009-09-22 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-21 15:44 . 2007-12-08 11:45 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-14 09:04 . 2008-03-03 12:08 -------- d-----w- c:\program files\Symantec
2009-09-14 09:04 . 2009-02-19 15:59 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-14 09:04 . 2009-02-19 15:59 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-14 09:04 . 2009-02-19 15:59 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-14 09:04 . 2009-02-19 15:59 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-11 14:19 . 2004-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-09-22 06:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-22 06:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 06:53 . 2009-09-08 06:53 -------- d-----w- c:\program files\Lavalys
2009-09-04 21:05 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:59 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-18 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 06:32 . 2009-09-14 09:15 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 18:24 . 2007-11-14 14:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2007-11-14 14:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2007-11-14 14:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2007-11-14 14:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2007-11-14 14:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2007-11-15 15:01 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2007-11-15 15:01 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2007-11-14 14:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-01-30 12:52 . 2009-01-30 12:52 49 ----a-w- c:\program files\EFOK09.BAT
2008-02-01 13:09 . 2008-02-01 13:09 461 ----a-w- c:\program files\Parancsikon - EFOK08.lnk
2008-02-01 13:08 . 2008-02-01 13:08 49 ------w- c:\program files\EFOK08.BAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Termonivo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-03 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-06 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2008-1-15 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk
backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Office Sales Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Office Sales Tool.lnk
backup=c:\windows\pss\Office Sales Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007.11.14. 15:20 6016]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009.11.03. 10:39 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [2009.09.09. 8:59 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1007020.00B\BHDrvx86.sys [2009.09.09. 8:59 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [2009.09.09. 8:58 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091102.002\IDSXpx86.sys [2009.10.28. 23:37 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009.07.03. 15:49 1028432]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [2009.09.09. 8:58 117640]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2007.11.14. 16:12 105216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009.08.27. 8:48 102448]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\f:\portable\Rendszer\HW info portable\{app}\HWiNFO32.SYS --> f:\portable\Rendszer\HW info portable\{app}\HWiNFO32.SYS [?]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.19. 9:34 18816]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 09:37]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-484061587-725345543-1003Core.job
- c:\documents and settings\Termonivo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 16:59]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-484061587-725345543-1003UA.job
- c:\documents and settings\Termonivo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startlap.hu/
IE: E&xportálás a Microsoft Excel programba - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {127E4786-A8F8-472B-8180-60110401FCAB} = 195.184.4.1
FF - ProfilePath - c:\documents and settings\Termonivo\Application Data\Mozilla\Firefox\Profiles\zoxx3yda.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Termonivo\Application Data\Mozilla\Firefox\Profiles\zoxx3yda.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 17:09
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"=""c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\SYSTEM32\Ati2evxx.dll
.
Completion time: 2009-11-04 17:13
ComboFix-quarantined-files.txt 2009-11-04 16:13

Pre-Run: 68 706 947 072 bájt szabad
Post-Run: 68 700 647 424 bájt szabad




Második újraindítás után kiírt valamit a gép, hogy a mysql szervert újra kell rakni mert valaminek nem sikerült elindulnia (elfelejtettem leírni pontosan)..
Lehetséges hogy belebarmoltam ezzel a gépbe?
Nem vagyok nagy mágus...

Pet
szer. nov. 04, 2009 17:53
Profil Privát üzenet küldése
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
Stell, a combo mikor elindult , rögtön kiírta , hogy rootkit aktivitást észlel ezért a kis üzenet-ablakot bezárva újraindult a gép ......előtte persze kilőttem az Avastot és az Outpost-ot, mikor viszont , másodszor is újraindult a gép és a combofix készíteni akarta a log-ot , az újrainduló Outpost rengeteg engedélyt kért általam nem ismert alkalmazásokhoz.Mikor a log megvolt , felléptem a netre és az Opera inditása után megint lefagyott a masina....restart .....és most tudok ide írni.



ComboFix 09-11-03.03 - Pali 009.11.04. 16:25.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1023.569 [GMT 1:00]
Running from: c:\documents and settings\Pali\Asztal\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pali\Application Data\Desktopicon
c:\windows\jestertb.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
c:\windows\system32\ssprs.dll

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-01 10:04 . 2009-11-01 10:07 -------- d-----w- c:\program files\Duplicate File Cleaner
2009-11-01 09:55 . 2009-11-01 09:58 -------- d-----w- c:\program files\Bigasoft
2009-10-30 10:10 . 2009-10-30 10:15 -------- d-----w- c:\program files\Speed Video Splitter
2009-10-28 08:59 . 2009-10-28 22:50 -------- d-----w- c:\program files\Blaze Media Pro
2009-10-28 08:58 . 2009-10-28 08:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BE8C01F0-CE6C-40B3-8106-2BB3D87A95F0}
2009-10-28 08:58 . 2009-10-28 08:58 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\PackageAware
2009-10-28 08:53 . 2009-10-28 08:54 -------- d-----w- c:\program files\Movavi VideoSuite 7
2009-10-24 13:49 . 2009-10-26 08:23 -------- d-----w- C:\Új mappa
2009-10-24 13:30 . 2009-10-24 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2009-10-23 21:09 . 2009-10-25 19:27 -------- d-----w- c:\program files\Common Files\fmm
2009-10-23 20:40 . 2009-10-23 20:40 -------- d-----w- c:\documents and settings\Pali\Application Data\MOVAVI
2009-10-23 20:31 . 2009-10-28 08:27 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Downloaded Installations
2009-10-23 20:23 . 2009-10-23 21:21 -------- d-----w- c:\documents and settings\Pali\Application Data\GeoVid
2009-10-23 20:22 . 2009-10-23 20:22 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-23 20:21 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-10-23 20:21 . 2009-10-24 13:30 -------- d-----w- c:\program files\GeoVid
2009-10-23 11:28 . 2009-10-23 11:28 -------- d-----w- c:\windows\system32\RNBOSENT
2009-10-23 10:31 . 2009-10-23 10:31 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-10-23 10:30 . 2009-10-24 11:05 -------- d-----w- c:\program files\Deskshare
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\Common Files\MWS
2009-10-23 10:19 . 2009-10-23 10:19 -------- d-----w- c:\program files\MediaWare Solutions
2009-10-23 10:10 . 2009-10-23 10:10 -------- d-----w- c:\program files\Cinax
2009-10-23 10:10 . 1997-12-16 22:14 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-10-23 10:09 . 2009-10-23 10:09 -------- d-----w- c:\documents and settings\Pali\WINDOWS
2009-10-23 10:01 . 2009-10-23 10:01 -------- d-----w- c:\program files\Nuclear Coffee
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\documents and settings\Pali\Application Data\AltrixSoft
2009-10-19 14:15 . 2009-10-19 14:15 -------- d-----w- c:\program files\Hard Drive Inspector
2009-10-17 11:14 . 2009-10-17 11:14 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Deployment
2009-10-17 11:11 . 2009-10-17 11:11 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\XenonMKV_Team
2009-10-08 06:39 . 2009-10-08 06:39 -------- d-----w- c:\documents and settings\Pali\Application Data\VitySoft
2009-10-07 22:40 . 2009-10-07 22:41 -------- d-----w- c:\documents and settings\Pali\NTI-Shadow
2009-10-07 22:39 . 2009-10-07 22:39 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\documents and settings\Pali\Application Data\InstallShield
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-----w- c:\program files\Freecom Network Storage Assistant
2009-10-06 23:26 . 2009-10-06 23:26 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:27 -------- d-----w- c:\documents and settings\Pali\Application Data\ArcSoft
2009-10-06 23:26 . 2009-10-06 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:25 -------- d-----w- c:\program files\ArcSoft
2009-10-06 23:25 . 2009-10-06 23:26 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-05 23:11 . 2009-10-30 10:15 -------- d-----w- c:\documents and settings\Pali\Application Data\Free Download Manager
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-05 23:11 . 2009-10-05 23:11 -------- d-----w- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 15:35 . 2009-07-19 15:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 15:34 . 2009-09-27 08:04 -------- d-----w- c:\program files\cFosSpeed
2009-11-04 03:19 . 2009-07-19 19:59 -------- d-----w- c:\documents and settings\Pali\Application Data\uTorrent
2009-11-03 22:01 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\vlc
2009-11-03 19:58 . 2009-09-06 07:19 -------- d-----w- c:\documents and settings\Pali\Application Data\dvdcss
2009-11-03 15:07 . 2009-09-27 21:08 -------- d-----w- c:\program files\ClipMate7
2009-10-30 08:23 . 2009-07-19 18:21 -------- d-----w- c:\documents and settings\Pali\Application Data\Vso
2009-10-26 06:52 . 2004-08-18 12:00 95264 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-26 06:52 . 2004-08-18 12:00 439262 ----a-w- c:\windows\system32\perfh00E.dat
2009-10-24 09:39 . 2009-07-18 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-23 19:24 . 2009-07-22 20:41 -------- d-----w- c:\program files\Lx_cats
2009-10-23 11:27 . 2009-07-18 23:39 78216 ----a-w- c:\documents and settings\Pali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 10:25 . 2009-08-30 19:04 -------- d-----w- c:\documents and settings\Pali\Application Data\Pegasys Inc
2009-10-23 10:24 . 2009-08-30 19:02 -------- d-----w- c:\program files\Pegasys Inc
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-23 10:05 . 2009-09-19 06:08 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-23 09:42 . 2009-07-20 09:38 -------- d-----w- c:\program files\EnhanceMovie 2.2
2009-10-23 09:33 . 2009-09-21 20:21 -------- d-----w- c:\program files\DVDPean Pro 5.0.5
2009-10-23 08:53 . 2009-07-25 18:28 -------- d-----w- c:\documents and settings\Pali\Application Data\VideoReDo-TVSuite
2009-10-19 14:24 . 2009-07-19 19:19 -------- d-----w- c:\documents and settings\Pali\Application Data\DVDFab
2009-10-19 14:21 . 2009-09-10 10:11 -------- d-----w- c:\program files\DVDFab 6
2009-10-19 05:22 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Elecard
2009-10-18 09:23 . 2009-07-24 08:51 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-10-18 09:23 . 2009-07-24 13:16 -------- d-----w- c:\documents and settings\Pali\Application Data\Solveig Multimedia
2009-10-14 17:49 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3File
2009-10-13 20:23 . 2009-09-19 07:02 -------- d-----w- c:\program files\MediaCoder Audio Edition
2009-10-12 18:41 . 2009-08-26 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 04:59 . 2009-09-23 20:41 -------- d-----w- c:\program files\The FilmMachine
2009-10-10 10:36 . 2009-07-19 18:23 -------- d-----w- c:\program files\MoBiMouse
2009-10-06 07:50 . 2009-09-20 10:10 -------- d-----w- c:\program files\AVIedit
2009-10-06 06:29 . 2009-09-19 05:20 -------- d-----w- c:\program files\Sony
2009-10-06 05:14 . 2009-07-20 09:31 -------- d-----w- c:\documents and settings\Pali\Application Data\ComfortSoftware
2009-10-03 19:09 . 2009-07-19 22:08 -------- d-----w- c:\program files\Java
2009-10-02 18:44 . 2009-10-01 17:05 -------- d-----w- c:\program files\Hard Disk Sentinel
2009-10-02 06:25 . 2009-10-02 06:25 -------- d-----w- c:\program files\PowerQuest
2009-10-02 06:21 . 2009-10-02 06:21 -------- d-----w- c:\program files\PTDD Group
2009-10-02 05:50 . 2009-10-02 05:50 -------- d-----w- c:\program files\HD Tune Pro
2009-09-30 08:35 . 2009-09-30 08:35 -------- d-----w- c:\program files\HDDGURU LLF Tool
2009-09-30 07:34 . 2009-09-30 07:34 -------- d-----w- c:\program files\HD Tune
2009-09-30 07:33 . 2009-09-30 07:33 -------- d-----w- c:\program files\HDDGURU FreeWipe Tool
2009-09-29 17:19 . 2009-09-29 17:19 -------- d-----w- c:\program files\Clipboard Box
2009-09-28 05:09 . 2009-09-28 05:09 -------- d-----w- c:\program files\Boilsoft Video Joiner
2009-09-27 21:08 . 2009-09-27 21:08 -------- d-----w- c:\documents and settings\Pali\Application Data\Thornsoft Development
2009-09-27 21:05 . 2009-09-27 21:05 -------- d-----w- c:\program files\Boilsoft Video Splitter
2009-09-27 20:55 . 2009-09-27 20:55 -------- d-----w- c:\program files\ffdshow
2009-09-27 08:41 . 2009-07-25 16:32 -------- d-----w- c:\program files\ChrisTV PVR
2009-09-24 21:27 . 2009-07-21 11:03 -------- d-----w- c:\program files\Custom Technology
2009-09-24 17:48 . 2009-09-24 17:47 -------- d-----w- c:\program files\Billard-Simulator
2009-09-24 17:30 . 2009-09-24 17:30 -------- d-----w- c:\program files\Google
2009-09-23 20:42 . 2009-07-19 22:05 -------- d-----w- c:\program files\Real Alternative
2009-09-23 20:41 . 2009-07-19 22:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-23 19:59 . 2009-07-25 18:36 -------- d-----w- c:\documents and settings\Pali\Application Data\Thinstall
2009-09-22 18:18 . 2009-09-22 18:18 -------- d-----w- c:\program files\LizardTech
2009-09-22 16:47 . 2009-09-19 05:56 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-21 21:10 . 2009-09-21 17:20 -------- d-----w- c:\program files\AC3Filter
2009-09-21 21:10 . 2009-09-21 17:19 -------- d-----w- c:\program files\TFM Audio Tool
2009-09-21 20:32 . 2009-09-21 20:32 -------- d-----w- c:\program files\XnView
2009-09-21 20:28 . 2009-09-21 20:28 -------- d-----w- c:\program files\DVD2DVDR_Professional
2009-09-21 20:27 . 2009-09-21 20:27 -------- d-----w- c:\program files\DVD2DVD-R
2009-09-21 20:20 . 2009-09-21 20:20 -------- d-----w- c:\documents and settings\Pali\Application Data\AVCutty
2009-09-21 20:19 . 2009-09-21 20:19 -------- d-----w- c:\program files\AVCutty
2009-09-21 20:18 . 2009-09-21 20:18 -------- d-----w- c:\program files\VOB Edit 6
2009-09-21 20:15 . 2009-09-21 20:12 -------- d-----w- c:\program files\ProjectX_0.90.4.00
2009-09-21 20:10 . 2009-09-21 20:10 -------- d-----w- c:\program files\Muxman
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\Teletext
2009-09-21 19:36 . 2009-07-23 07:41 -------- d-----w- c:\program files\TVR
2009-09-21 19:14 . 2009-09-21 19:14 -------- d-----w- c:\program files\Dativus Translator Kft
2009-09-21 19:07 . 2009-09-21 18:57 -------- d-----w- c:\documents and settings\Pali\Application Data\Voipwise
2009-09-21 18:54 . 2009-09-21 18:54 -------- d-----w- c:\program files\Voipwise.com
2009-09-21 18:46 . 2009-09-21 18:46 -------- d-----w- c:\documents and settings\Pali\Application Data\JLC's Software
2009-09-21 18:38 . 2009-09-21 18:38 -------- d-----w- c:\program files\JLC's Software
2009-09-21 18:30 . 2009-09-21 18:29 -------- d-----w- c:\documents and settings\Pali\Application Data\concept design
2009-09-21 18:29 . 2009-09-21 18:29 -------- d-----w- c:\program files\concept design
2009-09-21 18:27 . 2009-09-21 18:27 -------- d-----w- c:\program files\CDisplay
2009-09-21 18:20 . 2009-09-21 18:20 -------- d-----w- c:\documents and settings\Pali\Application Data\COWON
2009-09-21 18:20 . 2009-09-19 06:18 -------- d-----w- c:\program files\JetAudio
2009-09-21 18:12 . 2009-09-21 18:09 -------- d-----w- c:\program files\Sonic Foundry Soft Encode
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-09-21 17:59 . 2009-09-21 17:59 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-09-21 17:44 . 2009-09-17 20:56 -------- d-----w- c:\program files\Minnetonka Audio Software
2009-09-21 17:43 . 2009-09-21 17:43 -------- d-----w- c:\program files\Rainbow Technologies
2009-09-20 10:39 . 2009-09-20 10:39 -------- d-----w- c:\program files\Bucek
2009-09-20 10:38 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2009-09-20 10:37 . 2009-09-20 10:37 -------- d-----w- c:\program files\Ultra Video Joiner
2009-09-20 10:32 . 2009-09-19 05:57 -------- d-----w- c:\program files\DivX
2009-09-20 10:28 . 2009-09-20 10:28 -------- d-----w- c:\program files\Cucusoft
2009-09-20 10:26 . 2009-09-20 10:26 -------- d-----w- c:\program files\AVI MPEG Splitter
2009-09-20 10:25 . 2009-09-20 10:25 -------- d-----w- c:\program files\AVI MPEG Cutter
2009-09-20 10:19 . 2009-09-20 10:19 -------- d-----w- c:\program files\bobyte
2009-09-20 10:17 . 2009-09-20 10:17 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-09-20 10:15 . 2009-09-20 10:15 -------- d-----w- c:\program files\Avidemux
2009-09-20 10:15 . 2009-09-20 10:14 -------- d-----w- c:\program files\Avidemux 2.4
2009-09-20 10:07 . 2009-09-20 10:04 -------- d-----w- c:\program files\Ace Video Workshop
2009-09-20 10:04 . 2009-09-20 10:03 -------- d-----w- c:\program files\abcAVI
2009-09-20 10:01 . 2009-09-20 10:00 -------- d-----w- c:\program files\All Media Fixer
2009-09-19 22:14 . 2009-09-19 07:35 -------- d-----w- c:\documents and settings\Pali\Application Data\Steinberg
2009-09-19 08:26 . 2009-08-31 17:01 -------- d-----w- c:\program files\ImTOO
2009-09-19 08:03 . 2009-09-19 08:03 -------- d-----w- c:\program files\XRECODE
2009-09-19 07:42 . 2009-09-19 07:42 -------- d-----w- c:\documents and settings\Pali\Application Data\DivX
2009-07-19 19:01 . 2009-07-19 19:01 0 --sh--w- c:\windows\S7AEB99C1.tmp
2009-07-25 18:39 . 2009-07-25 18:39 23 --sha-w- c:\windows\system32\ebbfbbe_z.dll
2006-05-03 09:06 . 2009-08-30 18:08 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-08-30 18:08 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-08-30 18:08 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2004-08-18 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClipMate7"="c:\program files\ClipMate7\ClipMate.exe" [2008-10-03 3760424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"VC5Player"="c:\program files\HHVcdV5Sys\VC5Play.exe" [2003-03-11 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"RecSche"="c:\program files\TVR\RecSche.exe" [2004-05-10 454656]
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" [2007-03-08 274944]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-09-11 1159496]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2008-08-05 435528]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"Clipboard Box"="c:\program files\Clipboard Box\clipboardbox.exe" [2008-02-15 1461248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-10-17 907659]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-02-03 16116224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"=
"c:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009.08.26. 22:38 130936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009.07.19. 2:04 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007.04.23. 12:03 82200]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009.08.25. 2:37 673920]
R1 vbev5mp;vbev5mp;c:\windows\system32\drivers\VBEV5MP.sys [2003.05.07. 10:46 57008]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009.08.25. 2:37 1238344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009.07.19. 2:04 20560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009.08.25. 2:37 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009.08.25. 2:38 234640]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009.09.19. 8:23 33792]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008.01.25. 10:12 25088]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009.08.25. 2:37 33408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009.08.26. 22:34 348752]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\progra~1\MATVAD~1\TNPACKET.SYS [2002.10.09. 12:38 9376]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-21 11:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.t-online.hu/
IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\
FF - prefs.js: browser.search.selectedEngine - OneRiot Social Web Search
FF - prefs.js: browser.startup.homepage - hxxp://hu.start2.mozilla.com/firefox?cl ... u:official
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 458765
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-E.M. HD Video Converter 1.09_is1 - c:\program files\E.M. HD
AddRemove-EASEUS Partition Manager Personal v1.6.4 - c:\windows\EASEUS Partition Manager Personal v1.6.4



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 16:38
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85D43778]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85d43778
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vbev5mp]
"ImagePath"="system32\DRIVERS\vbev5mp.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16E57D4A-B9D6-ACF5-F5B7-5532B0EE765F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oannpmchnbibjoeikcjodmbkfbndfi"=hex:64,61,6e,6c,70,63,6e,6a,00,80
"oabpibimgcddaoepbhgbgmojnpemcc"=hex:6a,61,6d,6c,68,65,66,61,64,65,6e,68,61,6f,
6d,68,6d,63,68,62,00,fd
"nalogckljbpbmlmjppddifknlpni"=hex:6a,61,6d,6c,68,65,66,61,64,65,6e,68,61,6f,
6d,68,6d,63,68,62,00,fd
"eajoicohld"=hex:65,61,70,6e,63,64,69,6c,67,6f,00,77
"cacolp"=hex:6a,62,64,6d,6f,64,6d,6c,63,6d,67,6f,64,62,65,6c,64,6d,68,68,6c,63,
62,62,6b,6c,6a,6b,6c,63,65,6e,6a,6d,67,70,6c,63,65,6d,6e,69,64,6a,67,6b,69,\

[HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB3CFC07-21FC-6D3E-AC69-DC23C77D3EB8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oadpcmlmofoklkinbdpekegmhcageg"=hex:69,61,6f,6b,69,6e,6f,6c,64,6d,6d,65,61,6a,
69,61,70,67,00,00
"nabaejgkhepkicfdadllgmfoghae"=hex:69,61,6f,6b,69,6e,6f,6c,64,6d,6d,65,61,6a,
69,61,70,67,00,00
"gblnajpnopkkdecdegdkfficinnilkfbopobgnjfmemfja"=hex:61,62,65,6f,6b,68,63,66,
62,6e,6f,6e,6b,68,6a,69,69,61,6c,6f,68,70,65,69,65,64,6e,68,67,6c,6a,66,63,\
"bbjfgnblbgkbjoagoojlkboloikkfhicmcla"=hex:6e,61,68,61,6a,63,6f,6b,66,70,62,67,
67,6f,66,6c,6e,6d,70,6b,61,70,6b,61,69,67,61,6d,00,6c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Virtual CD v5\System\VC5Tray.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lvhidsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Blaze Media Pro\NMSAccess32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HHVcdV5Sys\VC5SecS.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\system32\HDDSvc.exe
c:\windows\system32\lxcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-04 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 15:40
ComboFix2.txt 2009-07-24 09:26

Pre-Run: 597 770 240 bájt szabad
Post-Run: 742 510 592 bájt szabad
szer. nov. 04, 2009 17:04
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
szed le a geprol a C:\Program Files\Lavasoft\Ad-Aware eleg a spybot,,
futasd le a combofixet
Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes......
Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartoll befejezi a scent ,csinall combofix .txt,eztett ide teszed
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
szer. nov. 04, 2009 13:02
Profil Privát üzenet küldése Honlap
Petrovo
vas-tag

Csatlakozott: vas. szept. 07, 2008 21:38
Hozzászólások: 5
Hozzászólás 
stell írta:
udv
csinalsz az RSIT programbol logot>>klik_Continue,ad 2-logot,a log.txt az asztalon lesz ide teszed az info.txt a talcan lesz azt is ted ide
http://images.malwareremoval.com/random/RSIT.exe


Meg is van:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Termonivo at 2009-11-04 12:33:37
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 66 GB (82%) free of 80 GB
Total RAM: 1471 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:01, on 2009.11.04.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
P:\Petya\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Termonivo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startlap.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Termonivo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{127E4786-A8F8-472B-8180-60110401FCAB}: NameServer = 195.184.4.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6813 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-484061587-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-484061587-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Termonivo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-10-10 1253376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-13 1128960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Office Sales Tool.lnk]
C:\WINDOWS\Installer\{FBE19B53-354B-4D68-BDFB-D8638BAF4077}\_499CD451A73674B647A3B3.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
Service Manager.lnk - C:\MSSQL7\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2005-03-23 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-11-04 12:33:37 ----D---- C:\rsit
2009-11-03 17:52:06 ----D---- C:\ERDNT
2009-11-03 17:51:17 ----D---- C:\WINDOWS\ERUNT
2009-11-03 17:51:17 ----D---- C:\WINDOWS\ERDNT
2009-11-03 17:50:41 ----D---- C:\!FixIEDef
2009-11-03 12:01:35 ----D---- C:\Program Files\Trend Micro
2009-11-03 10:33:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-11-03 10:31:30 ----D---- C:\Program Files\Lavasoft
2009-11-03 10:31:30 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-22 10:41:17 ----D---- C:\Program Files\Common Files\Adobe
2009-09-22 10:40:53 ----D---- C:\Program Files\Defraggler
2009-09-22 10:39:47 ----D---- C:\Program Files\CCleaner
2009-09-22 10:36:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-22 10:36:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-22 10:30:53 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-22 07:47:17 ----D---- C:\Documents and Settings\Termonivo\Application Data\Malwarebytes
2009-09-22 07:46:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-22 07:46:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-21 17:14:26 ----D---- C:\WINDOWS\ie8updates
2009-09-21 17:07:27 ----HDC---- C:\WINDOWS\ie8
2009-09-21 16:44:02 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-08 07:53:28 ----D---- C:\Program Files\Lavalys
2009-08-24 12:07:27 ----D---- C:\friss
2009-08-17 22:33:52 ----A---- C:\WINDOWS\system32\FM20.DLL
2009-08-10 15:22:55 ----D---- C:\WINDOWS\SxsCaPendDel

======List of files/folders modified in the last 3 months======

2009-11-04 12:33:06 ----D---- C:\WINDOWS\Prefetch
2009-11-04 12:32:14 ----D---- C:\Program Files\EFOK09
2009-11-04 12:13:24 ----D---- C:\WINDOWS\Temp
2009-11-04 10:19:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-04 08:09:59 ----A---- C:\WINDOWS\wincmd.ini
2009-11-03 18:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 17:59:53 ----SD---- C:\WINDOWS\Tasks
2009-11-03 17:51:17 ----D---- C:\WINDOWS
2009-11-03 17:50:41 ----D---- C:\WINDOWS\system32
2009-11-03 17:39:48 ----D---- C:\Program Files\Mozilla Firefox
2009-11-03 17:29:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-03 12:01:35 ----RD---- C:\Program Files
2009-11-03 10:41:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-03 10:39:23 ----HD---- C:\WINDOWS\inf
2009-11-03 10:39:23 ----D---- C:\WINDOWS\system32\drivers
2009-11-03 10:39:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-03 10:33:55 ----SHD---- C:\WINDOWS\Installer
2009-11-03 10:30:44 ----D---- C:\WINDOWS\WinSxS
2009-11-03 09:11:29 ----D---- C:\Program Files\abevjava
2009-10-31 15:29:59 ----D---- C:\Program Files\EFOK08
2009-10-30 08:14:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-29 08:00:40 ----D---- C:\WINDOWS\Help
2009-10-26 08:12:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-21 10:48:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-21 10:48:36 ----RSD---- C:\WINDOWS\assembly
2009-10-19 15:47:34 ----A---- C:\WINDOWS\imsins.BAK
2009-10-19 15:46:53 ----D---- C:\Program Files\Internet Explorer
2009-10-19 15:45:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-19 15:35:19 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-15 14:10:26 ----D---- C:\Program Files\EFOK07
2009-10-15 14:02:37 ----D---- C:\Program Files\EFOK06
2009-10-02 19:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-24 10:31:14 ----D---- C:\Nye08
2009-09-22 13:38:46 ----RSD---- C:\WINDOWS\Fonts
2009-09-22 13:38:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-22 13:34:59 ----D---- C:\Program Files\Microsoft Works
2009-09-22 13:18:57 ----A---- C:\WINDOWS\win.ini
2009-09-22 13:18:51 ----D---- C:\Program Files\Common Files\System
2009-09-22 11:18:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-22 10:47:39 ----D---- C:\Program Files\Adobe
2009-09-22 10:41:17 ----D---- C:\Program Files\Common Files
2009-09-22 10:36:57 ----D---- C:\Documents and Settings\Termonivo\Application Data\Adobe
2009-09-22 02:07:17 ----D---- C:\WINDOWS\system32\hu-hu
2009-09-22 02:07:15 ----D---- C:\WINDOWS\Media
2009-09-21 16:45:35 ----D---- C:\OfficeSalesTool
2009-09-21 16:44:28 ----D---- C:\Program Files\Hewlett-Packard
2009-09-21 16:10:24 ----SH---- C:\boot.ini
2009-09-21 16:10:24 ----D---- C:\WINDOWS\pss
2009-09-21 16:10:24 ----A---- C:\WINDOWS\system.ini
2009-09-14 10:04:33 ----D---- C:\Program Files\Symantec
2009-09-14 10:04:31 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-09-11 15:19:41 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 22:05:39 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 08:59:31 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 08:59:30 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 08:59:28 ----N---- C:\WINDOWS\system32\occache.dll
2009-08-29 08:59:28 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 08:59:23 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 08:59:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 08:59:22 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 08:59:21 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 08:59:19 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 08:59:18 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 08:59:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 11:37:12 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 09:02:14 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-24 11:54:01 ----D---- C:\bérfrissités
2009-08-13 15:14:35 ----D---- C:\Program Files\Outlook Express
2009-08-13 09:04:18 ----D---- C:\totalcmd
2009-08-12 07:39:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-10 15:29:27 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-10 15:29:08 ----D---- C:\WINDOWS\system32\en-us
2009-08-06 19:24:28 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:02 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-05 10:54:38 ----D---- C:\Program Files\EFOK05
2009-08-05 10:01:43 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\ccHPx86.sys [2009-09-10 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091102.002\IDSxpx86.sys []
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1007020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS [2009-08-22 217136]
R1 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-23 1034752]
R3 EMCR;EMCR; C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2006-05-08 105216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091103.022\NAVEX15.SYS []
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-01 594048]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB nyílt állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 HWiNFO32;HWiNFO32 Kernel Driver; \??\F:\Portable\Rendszer\HW info portable\{app}\HWiNFO32.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-23 360448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-03 1028432]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MSSQLServer;MSSQLServer; C:\MSSQL7\binn\sqlservr.exe [2002-04-09 5058832]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-03-22 516096]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET-állapotszolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-10-13 617984]
S3 SQLServerAgent;SQLServerAgent; C:\MSSQL7\binn\sqlagent.exe [2002-04-09 344064]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S4 NetTcpPortSharing;Net.Tcp portmegosztási szolgáltatás; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




info:
info.txt logfile of random's system information tool 1.06 2009-11-04 12:34:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Abev6 (Verzió: 6.5.26)-->C:\Program Files\Abev 2006\uninstall.exe
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI - Szoftver eltávolító-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bér09csere -->C:\Bér1x1csere\ber09\Uninstall.exe
Bullzip PDF Printer 6.0.0.865-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Egyszeres és Kettős könyvvitel - Számlázás - Útnyilvántartás-->C:\WINKONYV\setup\setup.exe
EVEREST Home Edition v1.51-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GPL Ghostscript Lite 8.64-->"C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kulcs-Házi - DEMO 2006. november-->"C:\Program Files\Kulcs-Soft\Házipénztár.Demo\unins000.exe"
LaserJet 1018-->C:\Program Files\Zenographics\{6C497F56-B73E-4C10-80F8-C63C865858A9}\Setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hungarian Language Pack-->MsiExec.exe /X{8FC113D5-64A6-40EE-9A39-DAB4650457A8}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - HUN-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - HUN\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Hungarian Language Pack-->MsiExec.exe /X{701AD638-DF92-43C0-B7D3-F83A5050A770}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET-keretrendszer 3.0 magyar nyelvi csomag-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Hungarian Language Pack\setup.exe
Microsoft Base intelligens kártyás titkosításszolgáltatást nyújtó csomag-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Dynamics NAV 5.0 SP1 CSIDE Client-->MsiExec.exe /I{00000000-0000-5010-5D00-0000836BD2D2}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040E-0000-0000000FF1CE} /uninstall {077B54FF-6531-42E7-9D6A-93B0B029CFA0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040E-0000-0000000FF1CE} /uninstall {B3C14F81-2C4A-400D-9ECE-55A667F8F737}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0015-040E-0000-0000000FF1CE}
Microsoft Office Excel MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0016-040E-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-001A-040E-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0018-040E-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proofing (Hungarian) 2007-->MsiExec.exe /X{90120000-002C-040E-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Publisher MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-0019-040E-0000-0000000FF1CE}
Microsoft Office Shared MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-006E-040E-0000-0000000FF1CE}
Microsoft Office Word MUI (Hungarian) 2007-->MsiExec.exe /X{90120000-001B-040E-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDE-->C:\WINDOWS\IsUninst.exe -fC:\MSSQL7\Uninst.isu -c"C:\MSSQL7\sqlsun.dll" -msql70.mif
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Msxml4 SP2-->MsiExec.exe /I{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{CBDE9C7D-CF52-4558-B23E-B66359CB586A}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{754BE2DB-151F-49D4-8C98-DA89F9A1176E}\Nokia_PC_Suite_BETA_ver_7_1_11_3_eng.exe
Nokia PC Suite-->MsiExec.exe /I{754BE2DB-151F-49D4-8C98-DA89F9A1176E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.7.2.11\InstStub.exe /X
NYE07W-->MsiExec.exe /X{71E07B1B-F58E-4932-8E89-EB3B052877CC}
NYE08W-->MsiExec.exe /X{BBADEB17-F044-41D2-89D6-57F06D1DA5E1}
PC Connectivity Solution-->MsiExec.exe /I{0A16BA04-A7A2-4732-BA46-A24B0A857918}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows illesztőprogram-csomag - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB938127-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB939653-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB942615-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB944533-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB950759-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB953838-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB958215-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB960714-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB963027-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB969897-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB972260-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 gyorsjavítás - KB947864-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB971961-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB972260-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 biztonsági frissítés - KB974455-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8 frissítés - KB973874-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (HUN)-->MsiExec.exe /X{5120ACA7-E196-44FE-B388-F5374C91424D}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation HU Language Pack-->MsiExec.exe /I{D8075290-23E7-448C-A771-576196FEA5DF}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: TERMONIV-F572AE
Event Code: 7035
Message: A(z) IMAPI CD-égető COM-szolgáltatás szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 15937
Source Name: Service Control Manager
Time Written: 20090901091329.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

Computer Name: TERMONIV-F572AE
Event Code: 7036
Message: A(z) Kompatibilitás a gyors felhasználóváltáshoz szolgáltatás állapota: "fut".

Record Number: 15936
Source Name: Service Control Manager
Time Written: 20090901091304.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 7035
Message: A(z) Kompatibilitás a gyors felhasználóváltáshoz szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 15935
Source Name: Service Control Manager
Time Written: 20090901091304.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

Computer Name: TERMONIV-F572AE
Event Code: 7036
Message: A(z) WMI teljesítményadapter szolgáltatás állapota: "leállítva".

Record Number: 15934
Source Name: Service Control Manager
Time Written: 20090901084912.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 7036
Message: A(z) WMI teljesítményadapter szolgáltatás állapota: "fut".

Record Number: 15933
Source Name: Service Control Manager
Time Written: 20090901084911.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: TERMONIV-F572AE
Event Code: 1800
Message: A Windows Biztonsági központ szolgáltatása elindult.

Record Number: 10255
Source Name: SecurityCenter
Time Written: 20090727081321.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 1004
Message:
Record Number: 10254
Source Name: WgaSetup
Time Written: 20090727081317.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 1002
Message:
Record Number: 10253
Source Name: WgaSetup
Time Written: 20090727081317.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 1006
Message:
Record Number: 10252
Source Name: WgaSetup
Time Written: 20090727081317.000000+120
Event Type: információ
User:

Computer Name: TERMONIV-F572AE
Event Code: 35
Message: A(z) 'Norton AntiVirus' szolgáltatás elindult.

Record Number: 10251
Source Name: Norton AntiVirus
Time Written: 20090727081314.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Abev 2006\krtitok;C:\Program Files\PC Connectivity Solution\;C:\Program Files\Abev 2006\krtitok;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\MSSQL7\BINN
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"KRDIR"=C:\Program Files\Abev 2006\eKuldes

-----------------EOF-----------------
szer. nov. 04, 2009 12:42
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
udv
csinalsz az RSIT programbol logot>>klik_Continue,ad 2-logot,a log.txt az asztalon lesz ide teszed az info.txt a talcan lesz azt is ted ide
http://images.malwareremoval.com/random/RSIT.exe
szer. nov. 04, 2009 12:29
Profil Privát üzenet küldése Honlap
Petrovo
vas-tag

Csatlakozott: vas. szept. 07, 2008 21:38
Hozzászólások: 5
Hozzászólás 
Üdv!

Egy olyan problémával fordulok itt a szakértőkhöz, hogy van egy használhatatlan gép (2,4G P4, 512 ram), amit szerintem valamilyen kémprogram zabál..
Az utóbbi fél évben lassult be drasztikusan a cucc... a procit valami folyamatosan terheli és alig lehet vele dolgozni...
Töredezettség mentesítés, CC Cleaner megvolt..
Ad-Aware, Spybot S&D nem talált semmit..
Kapott még 1 GB memót, hát nem lett jelentős változás...
Lefuttattam a HijackThis programot, de tisztítani nem igazán merek vele.
A logfile szövegét viszont bekopizom ide, ha valakinek ez alapján lenne ötlete, azt megköszönném...
Az újratelepítést egyelőre elkerülném, mert céges a gép, sok programmal, macerával stb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:33, on 2009.11.04.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 1915 bytes

Előre is köszönöm, ha valakinek van ötlete!

PEt
szer. nov. 04, 2009 12:23
Profil Privát üzenet küldése
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
Szia stell, rád mindig lehet számítani...holnap megcsinálom....a következő "rendes" fagyás után :(
kedd nov. 03, 2009 22:12
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
udv pilaka,
futasd a combofixet,
kedd nov. 03, 2009 21:41
Profil Privát üzenet küldése Honlap
pilaka
arany tag

Csatlakozott: csüt. jan. 01, 2009 20:34
Hozzászólások: 294
Hozzászólás 
Sziasztok , az a visszatérő problémám (napjában 2x is ) hogy lefagy a gépem nagyon furcsán történik az egész : az egérkurzor mozog , ha mozgatom , de minden odafagy a képernyőre és a billentyűzetre sem reagál. Átnéztem a gépet vírukeresőkkel: Avast , Malwerbytes, Spywaredoctor,Outpust kémprogram védelem.....találtak ezt-azt , ki is lettek törölve , de ugyanúgy fagy rendszeresen .
kedd nov. 03, 2009 21:31
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
udv
Idézet:
Toldsle ezt a combofixett ted az ASZTALRA,mindent bezarsz kapcsold ki a ha van akorr a Spyware Terminator pajzat es +SpybotTeaTimer pajzat is ha van., .Nemfuthatt semmi program,Futatod mint rendszergazda rendesen Windowsba-2x-klik ikona combofix>beleegyezes......
Es mostan csak nezni fogod nembabralni semmitt a gepp sajatt maga restartollhat befejezi a scent ,csinall combofix .txt,eztett ide teszed es
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
szer. okt. 28, 2009 18:02
Profil Privát üzenet küldése Honlap
Dongo1
vas-tag

Csatlakozott: szer. okt. 28, 2009 17:39
Hozzászólások: 1
Tartózkodási hely: Csömör
Hozzászólás 
Sziasztok!

Nagy balgaságot követtem el.
Kaptam egy kamu vírusriasztást és ráklikkeltem. Majdnem pontos mása volt a mi írtónknak. !-( Ő a SECURITY TOOL

A gépen lévő vírusírtókat futtattam: AVG, Skybot, Spyvare

Semmit nem találtak. Telepítettem a Malwarebyes-t és a Trojan Removert.

Az elsőnél úgy látszott megoldódik a probléma (asztal visszajött, exproler futott). Gép újraindít, minden jó.....egy ideig, aztán megint elsötétült minden.
Asztalon megint semmi.

Segítsetek eltüntetni ezt a szemetet...nagyon beette magát :hm:
szer. okt. 28, 2009 17:58
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
okes,nekem ez 5 ott nem a halokartya hibas de megvan fertozve a gep es letiltotak a rendszerfalylot,,de igyis lyo,,
udv :wink:
csüt. okt. 15, 2009 7:56
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
C:\WINDOWS\System32\svchost.exe
ezt a rendszer falylot karantenba helyeztetek a NODAL,,kikel engedni a karantenbol ha fertozot is,,mert ez rendszer falylo es ezert nincsen internet,,aztan majd kigyogyitlyuk a combofixel,


en azt latom hogy nincsen internet,mert a combofix nemirta ki a
Find3M Report -tot
1:letolteni masik gepen az USB kulcsra ezt a programot-futatni es klik-FIX,,restart,utana bealitani a halozati kartyan az ip-cimet,,ha dinamikus akor dinamikusra ha fix ip-akor beirni az ip-cimet a szolgaltototol,
http://www.softpedia.com/get/Tweak/Netw ... kFix.shtml
2:Ugyanugy megcsinalni a CFScriptel a combofixet-usb kulcsra es bedobni a combofixbe
3:job klik az internet kapcsolat ikonjara-megjavitani a kapcsolatot
4:ujbol lefutatni a combofixet a start-futatasba bemasolni ezt a parancsot
"%userprofile%\Filmart\Asztal\ComboFix.exe" /f3m
ok
a combofix megproballya meglyavitani az internet kapcsolatot,majd mind a 2-logot a combofixbol ide teni,,tehat a CFScriptel es a /f3m parancsal,



Nagyon köszönöm, hogy fáradtál vele.
Megjelent ott is egy rendszergazda vett egy hálókártyát :lol: és elvitte a gépet, hogy megcsinálja. :roll:
Így a tanácsaidat nem tudják kipróbálni és rendszergazdira bízzák a gépet. :cry:

Azért köszönöm.

Amúgy az én gépemet az IT-sok nem tudták megjavítani és újratelepítették. Nem olyan okosok mint te :lol: :rulez: :rulez:
szer. okt. 14, 2009 20:18
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
C:\WINDOWS\System32\svchost.exe
ezt a rendszer falylot karantenba helyeztetek a NODAL,,kikel engedni a karantenbol ha fertozot is,,mert ez rendszer falylo es ezert nincsen internet,,aztan majd kigyogyitlyuk a combofixel,


en azt latom hogy nincsen internet,mert a combofix nemirta ki a
Find3M Report -tot
1:letolteni masik gepen az USB kulcsra ezt a programot-futatni es klik-FIX,,restart,utana bealitani a halozati kartyan az ip-cimet,,ha dinamikus akor dinamikusra ha fix ip-akor beirni az ip-cimet a szolgaltototol,
http://www.softpedia.com/get/Tweak/Netw ... kFix.shtml
2:Ugyanugy megcsinalni a CFScriptel a combofixet-usb kulcsra es bedobni a combofixbe
3:job klik az internet kapcsolat ikonjara-megjavitani a kapcsolatot
4:ujbol lefutatni a combofixet a start-futatasba bemasolni ezt a parancsot
"%userprofile%\Filmart\Asztal\ComboFix.exe" /f3m
ok
a combofix megproballya meglyavitani az internet kapcsolatot,majd mind a 2-logot a combofixbol ide teni,,tehat a CFScriptel es a /f3m parancsal,
szer. okt. 14, 2009 12:49
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
KelAki írta:
stell írta:
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a
Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide


Továbbítva, amint lesz infó jeletkezem


Tegnap sajnos későn kapták meg a levelem és ma reggelre az történt, hogy nem tudott csatlakozni a netre a gép.

TCP/IP CP hiba-2 üzenetet kapott.

Két dolgot próbáltam.
1. újra rakni a hálózati kapcsolat ikont.
2. újra rakni a hálózati kártyát. (nem volt telepítő kártya így csak a windows-os telepítést tudtuk használni) és a hálózzati ikon-t.

Ezután nincs kapcsolat vagy korlátozott lett üzenetet kapunk a LAN kártyán és így nem tud csatlakozni az Internet-re

Ezért aztán nem tudják megcsinálni a második lépést sem. :-(

Mi tegyünk :?:
szer. okt. 14, 2009 8:24
Profil Privát üzenet küldése
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a
Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide


Továbbítva, amint lesz infó jeletkezem
kedd okt. 13, 2009 13:49
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet
Kód:
KILLALL::
File::
c:\documents and settings\Filmart\restorer64_a.exe
c:\documents and settings\Filmart\Start Menu\Programs\inditopult\ikowin32.exe
c:\documents and settings\Filmart\Start Menu\Programs\inditopult\rncsys32.exe
C:\WINDOWS\Temp\wpv141254983689.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
restorer64_a"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
Rootkit::
c:\windows\system32\drivers\fda10c9.sys
c:\windows\system32\drivers\tro5687.sys
Driver::
fda10c9
tro5687
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
Reboot::

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide
kedd okt. 13, 2009 10:44
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
van ido,,,es aztan tegyek ide a combofix loglyat,,


Ma lefutott a combofix a másik gépen

ComboFix 09-10-12.03 - Filmart 009.10.13. 9:17.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.479.235 [GMT 2:00]
Running from: c:\documents and settings\Filmart\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus System 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Filmart\LOCALS~1\Temp\cvasds1.dll
c:\documents and settings\Filmart\Application Data\wiaserva.log
c:\documents and settings\Filmart\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\ieuinit.inf
c:\windows\system32\restorer64_a.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WIN32X
-------\Service_win32x


((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-13 06:55 . 2009-10-13 06:55 45056 ----a-w- c:\documents and settings\Filmart\restorer64_a.exe
2009-09-29 09:31 . 2009-09-29 09:31 -------- d-----w- c:\documents and settings\Filmart\Local Settings\Application Data\Help
2009-09-28 10:32 . 2009-09-28 10:32 -------- d-----w- c:\documents and settings\Filmart\Local Settings\Application Data\GHISLER

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"restorer64_a"="c:\documents and settings\Filmart\restorer64_a.exe" [2009-10-13 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-01-07 36972]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-13 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Filmart\Start Menu\Programs\Indˇt˘pult\
ikowin32.exe [2004-8-18 30720]
rncsys32.exe [2004-8-18 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009.05.13. 9:05 15424]
S1 fda10c9;fda10c9;c:\windows\system32\drivers\fda10c9.sys --> c:\windows\system32\drivers\fda10c9.sys [?]
S1 tro5687;tro5687;c:\windows\system32\drivers\tro5687.sys --> c:\windows\system32\drivers\tro5687.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe
HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 09:29
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
.
**************************************************************************
.
Completion time: 2009-10-13 9:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 07:31

Pre-Run: 75 314 696 192 bájt szabad
Post-Run: 76 016 742 400 bájt szabad

104


Ezután a Nod32 újra hibákat dobott

Idő Modul Objektum Név Vírus Akció Felhasználó Információ
2009.10.13. 9:38:36 AMON fájl C:\DOCUME~1\Filmart\LOCALS~1\Temp\BNB.tmp Win32/Kryptik.ASY trójai módosulat karanténba helyezve - törölve FILMART-D3D411B\Filmart A riasztást kiváltó alkalmazás (művelet: fájl-módosítás): C:\WINDOWS\System32\svchost.exe. A fájl karanténba helyezve. Zárja be ezt az ablakot.
 
Idő Modul Objektum Név Vírus Akció Felhasználó Információ
2009.10.13. 9:37:25 AMON fájl C:\WINDOWS\Temp\wpv141254983689.exe Win32/Kryptik.AEX trójai módosulat karanténba helyezve - törölve  A riasztást kiváltó alkalmazás (művelet: fájl-létrehozás): C:\WINDOWS\system32\svchost.exe. A fájl karanténba helyezve. Zárja be ezt az ablakot.
 

Megírjátok, hogy mit tegyen az ismerős.
HiJackThis, OTL, RSIT stb :?:

Nagyon köszi.
Már 3 gépet sikerült javítani a segítségetekkel és ez nagyon jó érzés. Minden tiszteletem a tiétek!!!
kedd okt. 13, 2009 10:06
Profil Privát üzenet küldése
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
MCAFEE ANTIVIRUS
Kép
job klik az egerel -exit

a combofix sokat kitorolt,,meg teszteld le a VIRUSTOTALu

c:\windows\BAT\userupdate.exe
megtalalod kuldod megvarod az eredmenyt,es ide teszed
:arrow: erol a sok letiltasrol tudsz e:
Idézet:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoManageMyComputerVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= %systemroot%\System32\welcome.exe
"2"= ntbackup.exe


McAffe jobb klick letiltva így ezt a gépet majd beadom az IT-ra, hogy ők nézzék meg, ha van baja :-)

A letiltásokat a céges IT-sok végzik én csak néha megpróbálom kikerülni őket :-)
Azt hiszem ezzel a géppel nem fogok foglalkozni, van még 3 legalább arra koncentrálok.
Ha megvan a reggeli gépnek a logja akkor felrakom.
Ma már nem jelentkezem.

Folytatás következik holnap.
hétf. okt. 12, 2009 19:04
Profil Privát üzenet küldése
TargeT
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 6699
Hozzászólás 
KelAki írta:
Ezen fut egy McAfee és az nem engedi save-elni a http://download.bleepingcomputer.com/sU ... fector.exe linked.
Azt mondja rá, hogy vírus. Detected as: Generic.dx.
Mivel nem tudom letiltani a McAffet így ezt linket nem tudom menteni

Ez a nyüves McAfee lassan a legvacakabb vírusirtó lett tele vakriasztással.
Egyes cégek erőltetik, meg erre van licenszük valamiért. Na persze vehettek volna mást.
Na most az milyen, ha egy fórum hozzászólásban smiley van, de csak pl. ilyen, hogy 'kettőspont' 'zárójel', akkor néha aszongya, hogy hoppá malware, coki. Oszt másodjára ismételt küldéssel meg elmegy gond nélkül. :gigalol:
Nagyon bírom ezeket a generic vírusriasztásokat. :P :lol:
hétf. okt. 12, 2009 18:11
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
MCAFEE ANTIVIRUS
Kép
job klik az egerel -exit

a combofix sokat kitorolt,,meg teszteld le a VIRUSTOTALu

c:\windows\BAT\userupdate.exe
megtalalod kuldod megvarod az eredmenyt,es ide teszed
:arrow: erol a sok letiltasrol tudsz e:
Idézet:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoManageMyComputerVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= %systemroot%\System32\welcome.exe
"2"= ntbackup.exe


hétf. okt. 12, 2009 17:46
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
van ido,,,es aztan tegyek ide a combofix loglyat,,


Van egy céges gépem (értsd nem vagyok admin rajta), gondoltam azon megcsinálom a Flash drive tisztítás. Ezen fut egy McAfee és az nem engedi save-elni a http://download.bleepingcomputer.com/sU ... fector.exe linked.
Azt mondja rá, hogy vírus. Detected as: Generic.dx.
Mivel nem tudom letiltani a McAffet így ezt linket nem tudom menteni.
Erre van más megoldás?
Arra gondoltam, hogy lehet ez a gép is vírusos? :?:
Itt a combofix logja (mert azt feltudtam tenni rá)

ComboFix 09-10-11.03 - KelemenA 009.10.12. 17:36.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1033.18.998.539 [GMT 2:00]
Running from: c:\documents and settings\kelemena\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Sygate Security Agent *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\pdk-SYSTEM\14456e6df7b2701dfc6d55fdae80d6ee.dll
c:\windows\TEMP\pdk-SYSTEM\66fefdfa90810a66dd56608bf984dcf7.dll
c:\windows\TEMP\pdk-SYSTEM\6d9847c0e2475f4d9da0541dc15518df.dll
c:\windows\TEMP\pdk-SYSTEM\b594f4cbcf1cff9f4543dd455fca6daf.dll
c:\windows\TEMP\pdk-SYSTEM\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll
c:\windows\TEMP\pdk-SYSTEM\c2e588ce38dbdcdab31a4bde64cd506c.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\recycler\S-1-5-21-2976151614-1698849376-880287768-500
c:\recycler\S-1-5-21-3981953812-447790321-501939001-500
c:\windows\Installer\1a294a.msp
c:\windows\Installer\1a2958.msp
c:\windows\Installer\21fb4baf.msi
c:\windows\Installer\3365b5ba.msi
c:\windows\Installer\503b1de1.msi
c:\windows\Installer\5785ce2.msi
c:\windows\Installer\62a4c5e9.msi
c:\windows\Installer\70c6a9c2.msi
c:\windows\Installer\70c6a9d7.msi
c:\windows\Installer\a122be9.msi
c:\windows\Installer\a122bed.msi
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\a9k.bin
c:\windows\TEMP\pdk-SYSTEM\66fefdfa90810a66dd56608bf984dcf7.dll
c:\windows\TEMP\pdk-SYSTEM\6d9847c0e2475f4d9da0541dc15518df.dll
c:\windows\TEMP\pdk-SYSTEM\b594f4cbcf1cff9f4543dd455fca6daf.dll
c:\windows\TEMP\pdk-SYSTEM\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-09-25 05:10 . 2009-09-25 05:10 -------- d-----w- c:\program files\Western Digital Corp
2009-09-24 23:07 . 2009-09-24 23:07 -------- d-----w- c:\program files\Western Digital Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 09:00 . 2008-02-14 11:42 -------- d-----w- c:\program files\Network Associates
2009-09-15 09:00 . 2008-02-14 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-09-14 16:13 . 2009-04-17 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 09:02 . 2009-09-03 09:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-26 11:17 . 2009-08-26 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-26 11:17 . 2009-08-26 11:17 -------- d-----w- c:\program files\McAfee
2009-08-26 11:17 . 2009-08-26 11:17 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-29 07:51 . 2009-07-21 09:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-08 09:16 . 2009-05-08 09:16 5632 --sha-w- c:\program files\Common Files\Thumbs.db
2005-11-15 13:32 . 2005-11-15 13:32 3638 ----a-r- c:\program files\Common Files\Altiris_Icon.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-01-31 143360]
"Tempfile"="c:\windows\BAT\TEMP.LNK" [2005-09-06 407]
"UsrUpd"="c:\windows\BAT\userupdate.exe" [2006-02-22 3118025]
"SmcService"="c:\progra~1\Sygate\SSA\smc.exe" [2005-03-17 2581728]
"ITMessenger"="c:\program files\\ITMessenger\ITMessenger.exe" [2004-12-09 143360]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-07-17 136512]
"accrdsub"="c:\program files\ActivCard\ActivClient\accrdsub.exe" [2006-06-02 249856]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2006-02-28 143360]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]
"CfgDownload"="c:\program files\IXOS\bin\CfgDownload.exe" [2006-03-11 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-29 181808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\kelemena\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2006-11-11 83360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard ActivClient Agent.lnk - c:\program files\ActivCard\ActivClient\acsagent.exe [2005-5-11 122880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2006-11-11 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoManageMyComputerVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= %systemroot%\System32\welcome.exe
"2"= ntbackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acautsrv]
2006-08-30 15:57 200704 ----a-w- c:\program files\ActivCard\ActivClient\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2005-11-09 18:04 180224 ----a-w- c:\program files\ActivCard\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 23:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 18:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-07-13 21:14 24673 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007.03.02. 18:47 19760]
R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2007.05.29. 18:55 9216]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\ActivCard\ActivClient\acachsrv.exe [2006.08.30. 17:57 90112]
R2 acautsrv;ActivCard Authentication Client Service;c:\program files\ActivCard\ActivClient\acautsrv.exe [2004.11.22. 19:45 176128]
R2 Accoca;ActivCard Middleware Service;c:\program files\Common Files\ActivCard\accoca.exe [2005.03.16. 19:32 159744]
R2 acevents;ActivCard Event Service;c:\program files\ActivCard\ActivClient\acevents.exe [2006.07.17. 9:58 86016]
R2 BAT_Security_Agent;BAT Security Agent;c:\windows\BAT\bat_security_agent\bat_security_agent.exe [2006.01.30. 22:52 1380415]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [2008.02.14. 13:48 17456]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007.08.14. 15:46 10896]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008.02.14. 13:48 670128]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2006.03.24. 10:18 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2006.09.12. 9:07 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007.05.03. 17:10 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2008.02.14. 13:48 10161]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008.02.14. 13:48 2041904]
S2 ASANYe_siebel_local;Adaptive Server Anywhere - siebel_local;c:\progra~1\Siebel\7.7\WEBCLI~1\bin\dbeng8.exe -hvASANYe_siebel_local --> c:\progra~1\Siebel\7.7\WEBCLI~1\bin\dbeng8.exe -hvASANYe_siebel_local [?]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002.08.02. 15:41 47660]
S3 ActivCard USB Reader V3;ActivCard USB Reader V3;c:\windows\system32\drivers\ACTUSBV3_2K.sys [2005.05.13. 14:28 64088]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2008.02.14. 13:48 27008]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\Maga\Maga.exe [2005.03.17. 19:52 323658]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2008.02.14. 13:48 14924]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.17. 17:07 21632]
S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;c:\windows\system32\drivers\SCR24X.sys [2003.08.19. 2:10 47900]
S3 SmartUSB;SmartReader-USB;c:\windows\system32\drivers\SmartUSB.sys [2006.03.24. 10:30 17024]
S4 Siebel QuickStart Service;Siebel QuickStart Service;c:\program files\Siebel\7.7\web client\BIN\siebqsvc.exe [2008.05.21. 12:27 19456]
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-02-15 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://interact
uInternet Settings,ProxyServer = wwwproxy:8080
uInternet Settings,ProxyOverride = 164.*.*.*;10.*.*.*;159.*.*.*;*.batgen.com;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: eta
Trusted Zone: mydas
Trusted Zone: eta
Trusted Zone: mydas
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} - hxxp://hubd798.hu.batgen.com/18379/appl ... Client.cab
DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} - hxxp://hubdv309/econsumersector_enu/183 ... lendar.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
HKCU-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
Notify-netprp - netprp.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 17:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\vrlogon.dll
c:\program files\ActivCard\ActivClient\ackpbsc.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\aclog.dll
c:\windows\system32\acgmp.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\ActivCard\ActivClient\acunlock.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acauth.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\acevtsub.dll

- - - - - - - > 'lsass.exe'(1228)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(3420)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Sygate\SSA\Smc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CCSRVC.exe
c:\program files\Altiris\Carbon Copy\ShellKer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\Altiris\CARBON~1\Client.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ITMessenger\ITMessenger.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-10-12 17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 15:54

Pre-Run: 40 352 436 224 bytes free
Post-Run: 40 300 044 288 bytes free

280 --- E O F --- 2009-09-14 11:02
hétf. okt. 12, 2009 17:24
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
van ido,,,es aztan tegyek ide a combofix loglyat,,
hétf. okt. 12, 2009 10:48
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
igen ez virus,
letoltod ezt a programot,az asztalra teszed es kipucols vele minden flash-drivert
http://download.bleepingcomputer.com/sU ... fector.exe
es a masik geprol futasd a combofixet,,de mint rendszergazda,,es a gephez hoza legyenek kapcsolva a flash driverek,
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Továbbítom az illetékesnek, mert nem tudok a gépéhez ülni és majd jelentkezem.

KÖSZI!!!!
hétf. okt. 12, 2009 10:45
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
igen ez virus,
letoltod ezt a programot,az asztalra teszed es kipucols vele minden flash-drivert
http://download.bleepingcomputer.com/sU ... fector.exe
es a masik geprol futasd a combofixet,,de mint rendszergazda,,es a gephez hoza legyenek kapcsolva a flash driverek,
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
hétf. okt. 12, 2009 10:36
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
stell írta:
egyelore hagy mindent ugy ahogy van,,,es most mi a problem a Gepel??


Jogos :lol: :lol: :oops:
Most épp nincs semmi. Ez azt jelenti, hogy sikerrel jártam a segítségetekkel:?:
Ha igen akkor a következő lépésben meg kell oldanom, hogy a Flash drive-ot is megtisztítom és az össze olyan gépet átnézem a családban amivel érintkezett (4 gép).

Flash drive-re mit tanácsolsz? Mivel tisztogassam?
A családi gépeken NOD-ot használom.

Az egyiken már meg is jelent.

Kép


Köszi és ismét :rulez:


A hozzászólást 1 alkalommal szerkesztették, utoljára KelAki hétf. okt. 12, 2009 10:44-kor.
hétf. okt. 12, 2009 10:09
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
egyelore hagy mindent ugy ahogy van,,,es most mi a problem a Gepel??
hétf. okt. 12, 2009 9:50
Profil Privát üzenet küldése Honlap
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
TargeT írta:
Így első blikkre a O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EUP\LOCALS~1\Temp\herss.exe az trójaiféle.
Ez meg a vonatkozó részei irtandók. (EUP Disney Interactive)

Ezen felül van néhány szerintem feleslegesen induló program.
NeroCheck és NMBgMonitor.exe, a HP cuccai, Adobe Reader sem fontos, meg a dumprep.
Ha nem használod az Intel grafikus vezérlő hotkeyeit, akkor a hkcmd.exe is letiltható.


A herss.exe ma reggelre már nem volt a HijackThis-ben.
Az EUP a gép neve ezért kérdezem, hogy biztos, hogy uninstall-állni kell a Disney progikat? Csak azért kérdezem, mert régi játék és eddig nem volt vele gond. De ha mondjátok akkor leszedem és nem okoskodom :)

OTL pedig itt van

OTL logfile created on: 2009.10.12. 10:15:53 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = c:\Install
Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

1014,11 Mb Total Physical Memory | 649,63 Mb Available Physical Memory | 64,06% Memory free
2,38 Gb Paging File | 2,14 Gb Available in Paging File | 89,95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114,49 Gb Total Space | 49,17 Gb Free Space | 42,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EUP-35528461282
Current User Name: EUP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.10.12 10:11:18 | 00,521,216 | ---- | M] (OldTimer Tools) -- c:\Install\OTL.exe
PRC - [2009.09.11 13:09:05 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.05.28 11:12:12 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.28 11:12:00 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.02.06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008.08.08 07:04:10 | 01,091,768 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.04.14 09:02:18 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008.03.21 05:34:46 | 00,141,848 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2008.03.21 05:34:42 | 00,256,536 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008.03.21 05:34:40 | 00,137,752 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006.10.26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2003.04.06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003.04.06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
PRC - [2003.04.06 00:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.05.28 11:13:28 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009.05.28 11:12:12 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008.04.14 09:02:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007.06.29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006.10.26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
SRV - [2004.08.18 14:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
SRV - [2004.08.11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2003.04.07 21:32:06 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009.07.08 20:02:14 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009.05.28 11:12:34 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2009.05.28 11:12:06 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009.05.28 11:10:44 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2008.07.25 14:09:24 | 00,845,184 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viahduaa.sys -- (VIAHdAudAddService [On_Demand | Running])
DRV - [2008.06.25 18:47:00 | 00,036,864 | R--- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\l1e51x86.sys -- (L1e [On_Demand | Running])
DRV - [2008.04.13 09:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008.04.13 09:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008.03.17 02:45:50 | 05,955,872 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008.02.14 08:12:00 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
DRV - [2005.10.22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004.08.18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004.08.13 12:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2003.04.07 21:32:06 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003.04.07 21:32:04 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome



IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\S-1-5-21-1644491937-2139871995-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.10.04 20:48:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.11 13:09:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.07.07 15:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EUP\Application Data\mozilla\Extensions
[2009.07.07 15:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EUP\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.07.07 15:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EUP\Application Data\mozilla\Firefox\Profiles\p6bhvw8j.default\extensions
[2009.07.07 15:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.09.11 13:09:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.11 13:09:03 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.09.11 13:09:03 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.09.11 13:09:06 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009.02.27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.09.10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008.09.10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.06.24 14:43:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.06.24 14:43:13 | 00,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009.06.24 14:43:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.24 14:43:13 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml
[2009.06.24 14:43:13 | 00,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2009.06.24 14:43:13 | 00,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2009.06.24 14:43:13 | 00,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml

O1 HOSTS File: (687 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.07 14:07:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009.10.11 22:19:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.10.11 23:53:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.10.11 23:43:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.10.11 23:43:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.10.11 23:43:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.10.11 23:43:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.10.11 23:43:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.10.11 23:43:08 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009.10.11 23:41:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.10.11 23:38:11 | 00,000,000 | ---D | C] -- C:\rsit
[2009.10.11 22:18:40 | 00,000,000 | ---D | C] -- C:\Install
[2009.10.03 22:27:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EUP\Dokumentumok\IFO KÉPEK
[2009.09.12 18:03:33 | 00,046,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Picclp16.ocx
[2009.09.12 18:03:26 | 00,027,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\CTL3DV2.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009.10.12 10:15:36 | 00,002,917 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009.10.12 10:15:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.12 10:15:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.12 10:14:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.12 10:14:10 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8D13C954-E0A5-46E4-83B8-5CDF44C5C80F}.job
[2009.10.12 09:58:36 | 00,728,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.12 09:58:36 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.12 09:58:36 | 00,306,940 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat
[2009.10.12 09:58:36 | 00,059,106 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat
[2009.10.12 09:58:36 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.12 00:03:15 | 04,314,854 | -H-- | M] () -- C:\Documents and Settings\EUP\Local Settings\Application Data\IconCache.db
[2009.10.11 23:50:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.10.11 23:39:29 | 03,336,733 | R--- | M] () -- C:\Documents and Settings\EUP\Asztal\ComboFix.exe
[2009.10.11 22:19:33 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\EUP\Asztal\HijackThis.lnk
[2009.10.11 11:31:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.10.09 20:42:32 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1247076137.job
[2009.10.09 07:34:40 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\EUP\Asztal\Microsoft Word.lnk
[2009.09.30 22:54:50 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\EUP\Dokumentumok\önéletrajz angol 2009.doc
[2009.09.27 19:28:30 | 00,002,487 | ---- | M] () -- C:\Documents and Settings\EUP\Asztal\Microsoft Excel.lnk
[2009.09.25 19:21:37 | 00,000,316 | ---- | M] () -- C:\WINDOWS\hegames.ini
[2009.09.24 16:58:01 | 00,916,992 | ---- | M] () -- C:\Documents and Settings\EUP\Dokumentumok\Wedding photo.doc
[2009.09.12 18:03:36 | 00,001,095 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.09.12 18:03:36 | 00,000,073 | ---- | M] () -- C:\WINDOWS\qstart.ini

========== Files - No Company Name ==========
[2009.10.11 23:43:21 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.10.11 23:43:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.10.11 23:43:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.10.11 23:43:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.10.11 23:38:55 | 03,336,733 | R--- | C] () -- C:\Documents and Settings\EUP\Asztal\ComboFix.exe
[2009.10.11 22:19:33 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\EUP\Asztal\HijackThis.lnk
[2009.10.11 11:31:24 | 00,000,227 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.09.30 22:41:16 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\EUP\Dokumentumok\önéletrajz angol 2009.doc
[2009.09.24 16:58:01 | 00,916,992 | ---- | C] () -- C:\Documents and Settings\EUP\Dokumentumok\Wedding photo.doc
[2009.09.12 18:03:36 | 00,000,073 | ---- | C] () -- C:\WINDOWS\qstart.ini
[2009.09.12 18:03:33 | 00,033,888 | ---- | C] () -- C:\WINDOWS\System\Atox4h.oca
[2009.09.12 18:03:33 | 00,028,224 | ---- | C] () -- C:\WINDOWS\System\Mci16.oca
[2009.09.12 18:03:33 | 00,009,104 | ---- | C] () -- C:\WINDOWS\System\Picclp16.oca
[2009.09.10 21:27:48 | 00,000,158 | ---- | C] () -- C:\WINDOWS\QGRAMMAR.INI
[2009.08.09 13:10:59 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\EUP\Local Settings\Application Data\PUTTY.RND
[2009.07.29 20:59:31 | 00,067,680 | ---- | C] () -- C:\Documents and Settings\EUP\Application Data\GDIPFONTCACHEV1.DAT
[2009.07.29 20:25:14 | 00,002,190 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009.07.15 16:26:28 | 00,000,316 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009.07.15 16:13:05 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Edmark.ini
[2009.07.11 13:19:31 | 00,001,420 | ---- | C] () -- C:\Documents and Settings\EUP\Application Data\HPCOM_48BitScanUpdate.log
[2009.07.11 13:19:31 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009.07.08 17:27:04 | 00,000,952 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009.07.08 07:55:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.07.07 22:52:21 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.07 22:52:09 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\EUP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.07 22:01:08 | 00,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.07 15:58:13 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.07 15:58:13 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.07.07 15:58:07 | 02,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.07.07 15:58:07 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.07.07 15:58:07 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.07 15:58:06 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.07.07 15:57:58 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.07.07 15:57:58 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.07.07 15:53:47 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009.07.07 14:27:15 | 00,002,917 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.07.07 14:19:34 | 04,314,854 | -H-- | C] () -- C:\Documents and Settings\EUP\Local Settings\Application Data\IconCache.db
[2009.07.07 14:18:08 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2009.07.07 14:15:12 | 00,020,161 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.07.07 14:15:02 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.07.07 14:14:54 | 00,069,232 | ---- | C] () -- C:\Documents and Settings\EUP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.07.07 14:14:48 | 00,019,844 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.07.07 14:14:47 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.07.07 14:13:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\EUP\Application Data\desktop.ini
[2006.02.09 14:46:56 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2004.08.18 14:00:00 | 00,001,095 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.18 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003.04.07 21:32:14 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2009.07.08 17:27:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009.07.07 15:51:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009.07.07 15:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.07 15:53:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009.09.09 18:33:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\EUP\Application Data
[2009.07.18 15:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EUP\Application Data\Ahead
[2009.09.09 18:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EUP\Application Data\Disney Interactive
[2009.07.07 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009.07.07 14:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2004.08.18 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.09 20:42:32 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1247076137.job
[2009.10.12 10:15:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.10.12 10:14:10 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8D13C954-E0A5-46E4-83B8-5CDF44C5C80F}.job

========== Purity Check ==========


< End of report >


Na erre mit mondtok?? :( :(

Le a kalappal előttetek, hogy így értitek a dolgokat
:potyog: :potyog:
hétf. okt. 12, 2009 9:28
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
udv
ugy ahogy a Targe cimbora irlya,,meg
kikapcsolni a rendszer viszaalitasi pontokat minden meghalyton,,restart,,a combofix logjaban mar nem latok semmit,de ,,ot van a crackolt nod,,is
futasd le az OTLIST2 programot,,bepipazni scan all users,Purity check i Loop check ,es klik scan,,az otlist.txt ted ide,
http://oldtimer.geekstogo.com/OTL.exe
hétf. okt. 12, 2009 8:29
Profil Privát üzenet küldése Honlap
TargeT
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 6699
Hozzászólás 
Így első blikkre a O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EUP\LOCALS~1\Temp\herss.exe az trójaiféle.
Ez meg a vonatkozó részei irtandók. (EUP Disney Interactive)

Ezen felül van néhány szerintem feleslegesen induló program.
NeroCheck és NMBgMonitor.exe, a HP cuccai, Adobe Reader sem fontos, meg a dumprep.
Ha nem használod az Intel grafikus vezérlő hotkeyeit, akkor a hkcmd.exe is letiltható.
hétf. okt. 12, 2009 7:53
Profil Privát üzenet küldése
KelAki
ezüst tag

Csatlakozott: vas. okt. 11, 2009 21:34
Hozzászólások: 10
Hozzászólás 
Szia Stell!

NOD32-öt használok és tegnap egy flash drive csatlakoztatása után kaptam a következő hibaüzeneteket felváltva:

1.
2009.10.10. 21:13:52 Real-time file system protection file C:\autorun.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE.

2.
2009.10.10. 21:13:25 Real-time file system protection file E:\autorun.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE.

Ekkor még csak az általam ismert módszert alkalmaztam, vagyis Safe mode-ban indítottam a Windows-t és úgy futattam scan.
Mivel sokáig futott így nem vártam meg elmentem aludni, de aztán reggelre nem volt már eredmény a képernyőn és a logot se találtam, hogy ellenőrizhettem volna.
Gondoltam lement és örültem, de sajnos ma este újabb üzik jöttek:

3.
2009.10.11. 15:04:06 Real-time file system protection file C:\System Volume Information\_restore{7F7B6401-2DC7-439E-B677-18AED94F2324}\RP91\A0013053.end Win32/TrojanDownloader.Stubby.C trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

4.
2009.10.11. 16:03:51 Real-time file system protection file C:\System Volume Information\_restore{7F7B6401-2DC7-439E-B677-18AED94F2324}\RP91\A0013054.exe a variant of Win32/Adware.BetterInternet application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.

5.
2009.10.11. 17:03:51 Real-time file system protection file C:\System Volume Information\_restore{7F7B6401-2DC7-439E-B677-18AED94F2324}\RP91\A0013055.dll Win32/Adware.SaveNow.R application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.


Gyorsan csináltam egy HiJack logot, mert ahogy olvastam ebből dologzol:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:47, on 2009.10.11.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\EUP\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5081 bytes

Az eset.hu oldal délelőtt még ment, de most már nem jelenik meg így tutti, hogy valami trojai lesz.

Itt a Combofix logja.

ComboFix 09-10-11.01 - EUP 009.10.11. 23:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1014.490 [GMT 2:00]
Running from: c:\documents and settings\EUP\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1229272821-515967899-725345543-1004

.
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-11 21:38 . 2009-10-11 21:38 -------- d-----w- C:\rsit
2009-10-11 21:02 . 2009-10-11 21:02 -------- d-----w- c:\windows\LastGood
2009-10-11 20:19 . 2009-10-11 20:19 -------- d-----w- c:\program files\Trend Micro
2009-10-11 20:18 . 2009-10-11 21:37 -------- d-----w- C:\Install
2009-09-12 16:03 . 1997-02-19 22:00 27632 ----a-w- c:\windows\system\CTL3DV2.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 21:01 . 2004-08-18 12:00 59106 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-11 21:01 . 2004-08-18 12:00 306940 ----a-w- c:\windows\system32\perfh00E.dat
2009-09-12 16:03 . 2009-09-10 19:31 -------- d-----w- c:\program files\QStartE
2009-09-10 19:25 . 2009-09-10 19:08 -------- d-----w- c:\program files\QGROUP
2009-09-09 16:33 . 2009-07-07 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 16:33 . 2009-09-09 16:33 -------- d-----w- c:\documents and settings\EUP\Application Data\Disney Interactive
2009-09-09 16:32 . 2009-07-29 18:25 -------- d-----w- c:\program files\Disney Interactive
2009-09-09 16:32 . 2009-07-07 12:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-05 09:01 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-28 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.28. 11:12 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.05.28. 11:12 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.05.28. 11:12 731840]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009.07.07. 14:23 36864]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009.07.07. 14:21 845184]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004.08.18. 14:00 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8247076137.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{8D13C954-E0A5-46E4-83B8-5CDF44C5C80F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportálás a Microsoft Excel programba - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\EUP\Application Data\Mozilla\Firefox\Profiles\p6bhvw8j.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 23:50
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-11 23:53
ComboFix-quarantined-files.txt 2009-10-11 21:53

Pre-Run: 50 376 544 256 bájt szabad
Post-Run: 50 365 042 688 bájt szabad

109 --- E O F --- 2009-09-08 21:17


Mondd meg kérlek merre menjek tovább???

Köszi
vas. okt. 11, 2009 21:41
Profil Privát üzenet küldése
zoli12
arany tag

Csatlakozott: szer. márc. 31, 2004 17:24
Hozzászólások: 400
Tartózkodási hely: Szolnok
Hozzászólás 
Tudtok erre magyarázatot adni?

http://www.magyarhirlap.hu/hirek.html?r ... 7132&hsz=8

Ezt most valaki meg hekkelte, vagy unatkozik, vagy mi a bánatot csinál?
csüt. szept. 10, 2009 18:43
Profil Privát üzenet küldése
ammi
ezüst tag

Csatlakozott: szomb. dec. 13, 2008 8:33
Hozzászólások: 59
Hozzászólás 
Mégegyszer elindítom, aztán meglátjuk mi lesz..
szomb. aug. 29, 2009 11:39
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás 
hat ez sok,,atol fug hogy mijen nagy a lemez es milyen gyors a gep,,
szomb. aug. 29, 2009 9:19
Profil Privát üzenet küldése Honlap
ammi
ezüst tag

Csatlakozott: szomb. dec. 13, 2008 8:33
Hozzászólások: 59
Hozzászólás 
Üdv Stell. Ennek a töredezésmentesítő programnak mennyi idő alatt kell lefutnia? Több, mint 24 órát ment egyfolytában a gép és nem végzett vele. Ez a normális? Gondolom Te is használod.
szomb. aug. 29, 2009 6:28
Profil Privát üzenet küldése
Hozzászólások megjelenítése:  Rendezés  
Hozzászólás a témához   Oldal: 15 / 35
  [ 1736 hozzászólás ]  Oldal Előző  1 ... 12, 13, 14, 15, 16, 17, 18 ... 35  Következő

Fórum kezdőlap » Terminal.hu » security

Időzóna: UTC + 1 óra


Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 4 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Keresés:
Ugrás:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség