mar igen idegesit ez a terminal forum,,sose tud at ugrani a masik oldalra,,miert nemcsinallyatok meg MODERATOROK,

tényleg

nincsen eltunve ott van job oldalon mert szet huzodod,

leírod a piros text-et? (eltűnt)

ok,valami Moderator majd kitoroli,,tehat csinald vegig es jo lesz,
udv

Most jöttem haza, el kellett gyorsan mennem....... de már nem enged szerkeszteni, így nem tudom leszedni a hosszú sort.. Már is csinálom amit írtál. Hoppá, nem látom a piros text-et.

ok,a combofix nem az asztalon van de mar mindegy,,
letoltod az OTMOVEIT programot a balablakba masold be a piros textet-es klik MOVEIT, a gep restartol es ad logot ted ide
http://oldtimer.geekstogo.com/OTM.exe

azt a hoszu sort torold le a combofix loglyabol
ujbol futasd az OTMOVEIT programot-klik-Cleanup-yes,,yes,,
es utollyara futasd le az AVPTOOL programot
letoltod inen
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
vagy inen
http://ftp.kaspersky.com/devbuilds/AVPTool/
bealitod igy
http://img32.imageshack.us/img32/7604/93809819.gif
es malyd ird meg ha talalt e valamit,

hoppá megint széthúzta az oldalt a oodefrag , megint letöröljem?

Ez lett:

ComboFix 09-11-04.05 - Rendszergazda 009.11.06. 10:40.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1270.853 [GMT 1:00]
Running from: d:\letöltések\ComboFix.exe
Command switches used :: d:\letöltések\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\xa8623203.exe"
"c:\windows\system32\xa8633515.exe"
"c:\windows\system32\xa8636078.exe"
"c:\windows\system32\xa8641421.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\xa8623203.exe
c:\windows\system32\xa8633515.exe
c:\windows\system32\xa8636078.exe
c:\windows\system32\xa8641421.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVERDRV


((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-05 14:38 . 2009-11-05 14:38 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Mozilla-Cache
2009-11-05 13:09 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-05 13:09 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-05 13:09 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-05 13:09 . 2009-11-05 13:09 -------- d-----w- c:\program files\Avira
2009-11-05 10:12 . 2009-11-05 10:12 -------- d-----w- c:\documents and settings\LocalService\Asztal
2009-11-02 15:00 . 2009-11-02 15:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-02 14:39 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-02 14:39 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-02 14:36 . 2009-11-02 14:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-10-28 18:05 . 2009-10-28 18:13 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\SolidDocuments
2009-10-28 18:03 . 2009-10-28 18:04 2686232 ----a-w- c:\documents and settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\Rendszergazda\SolidSFX_Data\components\vcredist_x86.exe
2009-10-28 18:03 . 2009-09-10 05:55 18688 ----a-w- c:\windows\system32\solidlocalui.dll
2009-10-28 18:03 . 2009-09-10 05:55 27392 ----a-w- c:\windows\system32\solidlocalmon.dll
2009-10-28 18:02 . 2009-10-28 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SolidDocuments
2009-10-28 16:54 . 2009-10-28 16:54 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\UDC Profiles
2009-10-28 16:17 . 2009-10-28 16:25 -------- d-----w- c:\program files\Acro Software
2009-10-27 12:17 . 2009-10-27 12:17 -------- d-----w- c:\program files\Findbasic
2009-10-27 12:17 . 2009-10-27 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-10-27 12:17 . 2009-06-30 18:47 54776 ----a-w- c:\documents and settings\All Users\Application Data\Findbasic\findbasic114.exe
2009-10-23 18:07 . 2009-10-23 18:21 -------- d-sh--w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\.#
2009-10-23 14:31 . 2009-10-23 14:31 -------- d-----w- c:\windows\Little Shop - World Traveler
2009-10-20 20:47 . 2009-10-20 20:47 50348 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-20 08:47 . 2009-10-20 08:47 28672 ----a-w- c:\windows\system32\ssconfig.exe
2009-10-20 08:47 . 2009-10-20 08:47 180224 ----a-w- c:\windows\UninstallWSST.exe
2009-10-15 09:18 . 2009-11-03 12:05 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Ashampoo
2009-10-15 09:18 . 2009-10-15 09:18 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\ashampoo
2009-10-15 09:18 . 2009-10-15 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-10-15 08:42 . 2009-10-15 08:53 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\DeepBurner
2009-10-13 15:24 . 2009-10-21 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\ESET
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\ESET
2009-10-12 18:13 . 2009-10-12 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-12 10:12 . 2009-10-12 10:13 -------- d-----w- c:\program files\RealArcade
2009-10-11 20:54 . 2009-10-11 20:54 -------- d--h--w- c:\windows\PIF
2009-10-11 14:21 . 2009-11-03 16:05 77 ---ha-w- c:\windows\popcinfo.dat
2009-10-11 14:17 . 2009-11-04 08:12 113 ----a-w- c:\windows\popcinfot.dat
2009-10-11 14:17 . 2009-10-11 14:17 0 ----a-w- c:\windows\popcreg.dat
2009-10-10 19:12 . 2009-10-17 12:50 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Gold Casual Games
2009-10-10 10:45 . 2009-10-10 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 07:26 . 2008-05-07 01:18 450164 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-06 07:26 . 2008-05-07 01:18 101078 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-05 19:54 . 2009-06-13 08:54 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\utorrent
2009-11-05 17:29 . 2009-09-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-11-05 13:09 . 2009-08-28 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-03 12:49 . 2009-06-17 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 21:03 . 2009-10-02 12:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 15:10 . 2009-06-13 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 14:39 . 2009-06-13 11:58 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\TuneUp Software
2009-11-02 14:39 . 2009-06-13 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-26 20:38 . 2009-06-30 12:41 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\GameHouse
2009-10-23 18:36 . 2009-06-28 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-22 17:53 . 2009-08-09 15:34 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Meridian93
2009-10-15 09:45 . 2009-06-19 13:50 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\PlayFirst
2009-10-15 09:45 . 2009-06-19 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-10-15 09:44 . 2009-08-17 17:45 -------- d-----w- c:\program files\Alawar
2009-10-15 08:37 . 2009-09-23 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-10-15 08:37 . 2009-09-23 20:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Ahead
2009-10-15 08:23 . 2009-09-23 20:42 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-08 18:33 . 2009-06-13 08:54 289072 ----a-w- c:\windows\utorrent.exe
2009-10-02 15:14 . 2009-06-13 08:29 -------- d-----w- c:\program files\Unlocker
2009-10-02 12:11 . 2009-06-13 08:53 -------- d-----w- c:\program files\Windows Live
2009-10-02 12:11 . 2009-10-02 12:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-02 12:10 . 2009-10-02 12:10 -------- d-----w- c:\program files\Microsoft
2009-10-01 21:15 . 2009-09-05 13:25 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\SpinTop Games
2009-09-28 15:30 . 2009-06-22 20:22 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\CyberLink
2009-09-28 15:10 . 2009-09-28 15:10 159928 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe
2009-09-28 13:24 . 2009-09-28 13:11 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\5imyshow.Ltd
2009-09-28 09:00 . 2009-09-28 08:59 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\smc
2009-09-26 09:05 . 2009-09-04 18:35 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\funkitron
2009-09-24 19:07 . 2009-09-24 17:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Tandem Games
2009-09-23 14:26 . 2009-09-23 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-09-23 14:23 . 2009-09-23 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HideAndSecret3
2009-09-23 09:48 . 2009-06-13 10:46 -------- d-----w- c:\program files\The KMPlayer
2009-09-21 16:52 . 2009-09-05 14:03 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Pogo Games
2009-09-21 14:49 . 2009-06-13 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-20 19:06 . 2009-06-13 11:47 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Winamp
2009-09-15 07:44 . 2009-09-15 07:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Little Games Company
2009-09-15 07:44 . 2009-09-15 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-09-11 14:19 . 2008-04-14 09:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-14 09:01 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:59 . 2008-05-07 01:35 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-14 09:02 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-12 16:57 . 2009-08-12 16:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
.

------- Sigcheck -------

[-] 2008-05-07 . 2993C2DF98A2D6D9896E0AB24946F972 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-05-07 01:37 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-05_16.18.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 01:18 . 2009-11-05 16:09 72238 c:\windows\system32\perfc009.dat
+ 2008-05-07 01:18 . 2009-11-06 07:26 72238 c:\windows\system32\perfc009.dat
+ 2008-05-07 01:18 . 2009-11-06 07:26 444362 c:\windows\system32\perfh009.dat
- 2008-05-07 01:18 . 2009-11-05 16:09 444362 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AllSnap"="c:\windows\allsnap.exe" [2006-11-14 81920]
"Transbar"="c:\windows\transbar.exe" [2005-06-01 65536]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"AfterPost"="c:\windows\afterpost.cmd" [2008-07-22 2553]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\Daemon Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\utorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009.11.05. 14:09 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009.10.30. 15:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009.10.14. 7:24 10064]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009.07.22. 11:52 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009.07.22. 11:52 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009.07.22. 11:52 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009.07.22. 11:52 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009.07.22. 11:52 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009.07.22. 11:52 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009.07.22. 11:52 117672]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startlap.hu/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\rendszergazda.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.terminal.hu/viewtopic.php? ... i90&shva=1#inbox
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 10:46
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spic.sys >>UNKNOWN [0x898C0938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DDEB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1004336348-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"=xxx.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\snap_libW.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\docume~1\RENDSZ~1\LOCALS~1\Temp\RtkBtMnt.EXE
.
**************************************************************************
.
Completion time: 2009-11-06 10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-06 09:49
ComboFix2.txt 2009-11-05 16:21

Pre-Run: 27 311 157 248 bájt szabad
Post-Run: 26 905 858 048 bájt szabad

Kivettem azt a sokmindenséget, ami annyira széthúzta az oldalt.
Ha mégis kellene, PÜ!
Moderálva: Hannibal.

igen semmi mas ,,csak a piros text,,az mindegy,,mejik notepad,

Szia
Nekem a sima notepad nem működik (semmire sem nyílik ki) viszont van notepad2, gondolom az is ugyanaz erre a célra is.
Amit elmentek, úgy ahogy leírtál azon a lapon csak az legyen amit te piros textel leírtál..semmi más ugye?
(bocs, csak biztosra akarok menni)

kataiandi
Kinyitod a Notepadot>Start>futatas>beirod notepad
Es bemasolod a piros textet

Mostan>a notepadon elso full-fajl>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejetfajlnev beteszed eztett>CFScript.txt<alatta bealitod >minden fajl<
legfelull>asztall i<klik gomb letenni.Es mostan megcsinalod eztett:

A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide

Szia, szép jó reggelt!

Kíváncsiság miatt csak végig futtattam, de mindig ezt írta ki:
Bigger than max permited size / Mayor del tamaño máximo permitido

ok,hagyd ugy mar ne teszteld,,olvasd az elobbi hozaszolasomat
jo ejt,,

rosszul olvastam el a feladatot és azt leállítottam,

oké!
Akkor holnap jövök! Köszi az eddigi segítséget és előre a holnapit is! Jó éjt!!

ok,ma mar hagyd ugy,,ne is teszteld a nagy falylokat,,majd holnap kitorollyuk oket,,ma vegzek,,azok mind roszak mert nincsen senkinek a vilagon akor neked se kell,
udv

a link epen nem lyo a linket mindig a bongeszo tetelyerol kel masolni
ok,de ha eben nemtalalt mspmsnsv.dll,,akor hol a link legalab az 1-nagy falylorol??

Nem tudom, hogy jól linkelem e be... , de semmit nem talált
https://www.virustotal.com/hu/analisis/f776d2680bd3407307b7072626f78460361fc5bc38623c9e16f394d300ab25de-1257452993

a másikat akkor elindítom újból és várok...

igen mert ezek oriasi nagy falylok,,de ezekbol csak egyet tesztelly le mert igen gyanusak,,es az utolsot,,ok
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8641421.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8636078.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8633515.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8623203.exe
EZTET,
c:\windows\system32\mspmsnsv.dll

létezik hogy egy fájlt több mint negyed óráig vizsgál? vagy talán már félóráig is???

ok,van ido
szia,,

Köszönöm szépen, akkor holnap ezt megcsinálom , szia.

ok,letoltod ezt a programot
http://www.duplexsecure.com/en/downloads
a windows verzioja szerint[32][64]bmmneked 32 bytes
futatod es kivalasztod uninstall
restart
letoltod az AVANGER programot
http://swandog46.geekstogo.com/avenger.exe
futatod -beleegyezes-az ablakba bemasolod a textet-klik-execute-ok-yes,a gep majd bemegy kekhalalba is ezert neijedly meg,,es vagy 2x restartol,,a loglyat ted ide

Persze leszedjük , az uninstall filéje ott van a mappájában azzal is meg lehet próbálni , viszont a Kasperski már 20% -nál van és talált is valamit ....tehát holnap folytatnám a tréninget... ha nem zavarlak.

ok,akor leszedlyuk e a Daemont vagy nem??ha igen irlyal,,es csak aztan futatod az AVPTOOLT,,ok

OK, letiltom ......a Deamont és az alkohol is telepítve van a Deamont kézzel el tudom indítani ...ott van a Program Files között is ...de a telepített programok közt nincs.....

ok,a floppyt a BIOSBAN tilds le
minlyart megnezem a logot hogy mivan ot neked a Daemon vagy az Alcohol

Nincs , sose volt ...viszont ott van a telepített meghajtók között ...

A Deomo tools- al valóban lehet valami probléma , ugyanis nincs a telepitett programok között a Revo uninstaller sem érzékeli...

És mi ez a 3.5" hajlékony lemez?

Ez a floppy [meghalyto]lemez van e ilyen neked??nezd meg,

katalandi
teszteld le a Virustotalon
VIRUSTOTALu
c:\windows\system32\xa8641421.exe
c:\windows\system32\xa8636078.exe
c:\windows\system32\xa8633515.exe
c:\windows\system32\xa8623203.exe
c:\windows\system32\mspmsnsv.dll
klik-prochazet,,metalalod a falylot-kuldes-megvarod a teszt veget es a linket ide teszed,,aztan kuldod a masikat es igy tovab....

megszépült az oldal

igen akasztas,ez a Daemon es az Alcohol minden rendszerben csak bordelt csinal,,hakolas,akaszkodas,,

Csinálom de mi az a bordel?....ütközés?

És mi ez a 3.5" hajlékony lemez?

katalandi,,nem a te hibad,,mindlyart megnezem a logodad,ok
jelenidsd meg ahova oda teted a combofixet szekeszteni es torold ki ezt a hoszu sort,
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E54FCFDBFEB2B053277E29CE8E85D

pilaka,,Rootkitet nem latok de bordelt csinal a DAEMON,,Vagy az Alcoho,es valami virtual cd,,ha nemkelenek leszedni a geprol ezeket a programokat a geprol
szed le a combofixet-start-futatas-beirod -combofix /uninstall ok
ha akarod leszedni a konzolat is malyd ird ide,,pucold ki a gepet CCleaneral
Lefutatod az AVPTOOL programot
letoltod inen
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
vagy inen
http://ftp.kaspersky.com/devbuilds/AVPTool/
bealitod igy
http://img32.imageshack.us/img32/7604/93809819.gif
es malyd ird meg ha talalt e valamit,

bocsi

igen
most latom hogy a kataiandi betete a combofix loglyat es ot az OOdefrag sora szet huzta,,

Stell , neked is extraszélesek a Terminal lapjai ? Az Operával és a Firefoxal is extra széles.

http://leteckaposta.cz/940126449

Nagyon érdekes dolog történt a scan közben , állandóan hibát jelzett egy "I" meghajtóra .....megnéztem ez egy hajlékonylemezes meghajtó , a géphez sosem volt ilyen csatlakoztatva.....

ted fel ide
http://leteckaposta.cz/
klik-prochazet-megtalalod kuldod [poslat]a linket ted ide,

sajnos a log- ot nem tudom elküldeni mert, a Terminal debuggere nem engedi elküldeni ......mit tegyek?

ok,akor visza a windowsba es meg megnezuk a Rootkitokat
http://sites.google.com/site/sysprotantirootkit/
letoltod_futatod-FULL-Log tab__ Write to log-bepipazni mindent-klik-Create Log-varsz egy kicsit -Scan Root Drive-Klik a Startra,,a skan vegen a logot ted ide,

most egy másik gépről írok , a hálozatos csökkentet módot választottam ,de hibajelzéssel nem engedi az ADSL kapcsolatot.....az mbr .logja 5 sort tartalmaz .....a fejléc és a fenti 3 sor most ok.....az 5.sorban az user és a kernel is ok.

Szia!
Avira 10 tróját talált!! Nodot pár évvel ezelőtt használtam, de most nagyon dicsérték, így gondoltam letesztelem...ez lett a vége Internet jóó;) , azért megcsináltam amit mondtál:

ComboFix 09-11-04.05 - Rendszergazda 009.11.05. 17:11.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.1270.822 [GMT 1:00]
Running from: d:\letöltések\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Default User\Application Data\Desktopicon
c:\documents and settings\Rendszergazda\Application Data\.#
c:\documents and settings\Rendszergazda\Application Data\Desktopicon
c:\program files\driver
c:\windows\010112010146118114.lso
c:\windows\msg.exe
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVERDRV
-------\Service_driverdrv


((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 14:38 . 2009-11-05 14:38 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Mozilla-Cache
2009-11-05 13:09 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-05 13:09 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-05 13:09 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-05 13:09 . 2009-11-05 13:09 -------- d-----w- c:\program files\Avira
2009-11-05 10:12 . 2009-11-05 10:12 -------- d-----w- c:\documents and settings\LocalService\Asztal
2009-11-02 15:00 . 2009-11-02 15:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-02 14:39 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-11-02 14:39 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-02 14:36 . 2009-11-02 14:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-10-28 18:05 . 2009-10-28 18:13 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\SolidDocuments
2009-10-28 18:03 . 2009-10-28 18:04 2686232 ----a-w- c:\documents and settings\All Users\Application Data\SolidDocuments\Installer\Solid Converter PDF\Rendszergazda\SolidSFX_Data\components\vcredist_x86.exe
2009-10-28 18:03 . 2009-09-10 05:55 18688 ----a-w- c:\windows\system32\solidlocalui.dll
2009-10-28 18:03 . 2009-09-10 05:55 27392 ----a-w- c:\windows\system32\solidlocalmon.dll
2009-10-28 18:02 . 2009-10-28 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SolidDocuments
2009-10-28 16:54 . 2009-10-28 16:54 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\UDC Profiles
2009-10-28 16:17 . 2009-10-28 16:25 -------- d-----w- c:\program files\Acro Software
2009-10-27 12:17 . 2009-10-27 12:17 -------- d-----w- c:\program files\Findbasic
2009-10-27 12:17 . 2009-10-27 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Findbasic
2009-10-27 12:17 . 2009-06-30 18:47 54776 ----a-w- c:\documents and settings\All Users\Application Data\Findbasic\findbasic114.exe
2009-10-23 18:07 . 2009-10-23 18:21 -------- d-sh--w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\.#
2009-10-23 14:31 . 2009-10-23 14:31 -------- d-----w- c:\windows\Little Shop - World Traveler
2009-10-20 20:47 . 2009-10-20 20:47 50348 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-20 08:47 . 2009-10-20 08:47 28672 ----a-w- c:\windows\system32\ssconfig.exe
2009-10-20 08:47 . 2009-10-20 08:47 180224 ----a-w- c:\windows\UninstallWSST.exe
2009-10-15 09:18 . 2009-11-03 12:05 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Ashampoo
2009-10-15 09:18 . 2009-10-15 09:18 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\ashampoo
2009-10-15 09:18 . 2009-10-15 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-10-15 08:42 . 2009-10-15 08:53 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\DeepBurner
2009-10-13 15:24 . 2009-10-21 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-10-12 20:47 . 2009-10-12 20:47 -------- d-----w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\ESET
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\ESET
2009-10-12 18:13 . 2009-10-12 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-12 10:12 . 2009-10-12 10:13 -------- d-----w- c:\program files\RealArcade
2009-10-11 20:54 . 2009-10-11 20:54 -------- d--h--w- c:\windows\PIF
2009-10-11 14:21 . 2009-11-03 16:05 77 ---ha-w- c:\windows\popcinfo.dat
2009-10-11 14:17 . 2009-11-04 08:12 113 ----a-w- c:\windows\popcinfot.dat
2009-10-11 14:17 . 2009-10-11 14:17 0 ----a-w- c:\windows\popcreg.dat
2009-10-10 19:12 . 2009-10-17 12:50 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Gold Casual Games
2009-10-10 10:45 . 2009-10-10 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\IntDreams

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 16:09 . 2008-05-07 01:18 450164 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-05 16:09 . 2008-05-07 01:18 101078 ----a-w- c:\windows\system32\perfc00E.dat
2009-11-05 13:09 . 2009-08-28 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-05 12:54 . 2009-06-13 08:54 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\utorrent
2009-11-04 15:03 . 2009-09-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-11-03 12:49 . 2009-06-17 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-02 21:03 . 2009-10-02 12:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 15:10 . 2009-06-13 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 14:39 . 2009-06-13 11:58 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\TuneUp Software
2009-11-02 14:39 . 2009-06-13 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-26 20:38 . 2009-06-30 12:41 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\GameHouse
2009-10-23 18:36 . 2009-06-28 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2009-10-22 17:53 . 2009-08-09 15:34 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Meridian93
2009-10-15 09:45 . 2009-06-19 13:50 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\PlayFirst
2009-10-15 09:45 . 2009-06-19 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-10-15 09:44 . 2009-08-17 17:45 -------- d-----w- c:\program files\Alawar
2009-10-15 08:37 . 2009-09-23 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-10-15 08:37 . 2009-09-23 20:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Ahead
2009-10-15 08:23 . 2009-09-23 20:42 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-08 18:33 . 2009-06-13 08:54 289072 ----a-w- c:\windows\utorrent.exe
2009-10-02 15:14 . 2009-06-13 08:29 -------- d-----w- c:\program files\Unlocker
2009-10-02 12:11 . 2009-06-13 08:53 -------- d-----w- c:\program files\Windows Live
2009-10-02 12:11 . 2009-10-02 12:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-02 12:10 . 2009-10-02 12:10 -------- d-----w- c:\program files\Microsoft
2009-10-01 21:15 . 2009-09-05 13:25 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\SpinTop Games
2009-09-28 15:30 . 2009-06-22 20:22 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\CyberLink
2009-09-28 15:10 . 2009-09-28 15:10 159928 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe
2009-09-28 13:24 . 2009-09-28 13:11 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\5imyshow.Ltd
2009-09-28 09:00 . 2009-09-28 08:59 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\smc
2009-09-26 09:05 . 2009-09-04 18:35 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\funkitron
2009-09-24 19:07 . 2009-09-24 17:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Tandem Games
2009-09-23 14:26 . 2009-09-23 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-09-23 14:23 . 2009-09-23 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HideAndSecret3
2009-09-23 09:48 . 2009-06-13 10:46 -------- d-----w- c:\program files\The KMPlayer
2009-09-21 16:52 . 2009-09-05 14:03 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Pogo Games
2009-09-21 14:49 . 2009-06-13 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-20 19:06 . 2009-06-13 11:47 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Winamp
2009-09-15 07:44 . 2009-09-15 07:44 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Little Games Company
2009-09-15 07:44 . 2009-09-15 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Little Games Company
2009-09-11 14:19 . 2008-04-14 09:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-14 09:01 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:59 . 2008-05-07 01:35 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-14 09:02 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8641421.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8636078.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8633515.exe
2009-08-17 19:58 . 2009-08-17 19:58 92849434 ----a-w- c:\windows\system32\xa8623203.exe
2009-08-12 16:57 . 2009-08-12 16:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-07 18:45 . 2009-06-13 08:53 67584 ----a-w- c:\documents and settings\Rendszergazda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-05-07 . 2993C2DF98A2D6D9896E0AB24946F972 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-05-07 01:37 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AllSnap"="c:\windows\allsnap.exe" [2006-11-14 81920]
"Transbar"="c:\windows\transbar.exe" [2005-06-01 65536]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"AfterPost"="c:\windows\afterpost.cmd" [2008-07-22 2553]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceCopyAclwithFile"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\Daemon Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\utorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009.11.05. 14:09 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009.10.30. 15:05 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009.10.14. 7:24 10064]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009.07.22. 11:52 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009.07.22. 11:52 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009.07.22. 11:52 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009.07.22. 11:52 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009.07.22. 11:52 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009.07.22. 11:52 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009.07.22. 11:52 117672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.startlap.hu/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\rendszergazda.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html|hxxp://hu.pokerstrategy.com/forum/usercp.php
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 17:18
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spue.sys >>UNKNOWN [0x898C0938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DDEB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DDEB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1004336348-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,69,31,5f,b6,83,86,47,b0,93,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,69,31,5f,b6,83,86,47,b0,93,09,\

[HKEY_USERS\S-1-5-21-823518204-1004336348-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)


--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WININET.dll
c:\windows\snap_libW.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\docume~1\RENDSZ~1\LOCALS~1\Temp\RtkBtMnt.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-05 17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 16:21

Pre-Run: 27 095 150 592 bájt szabad
Post-Run: 27 104 124 928 bájt szabad

aha latom nemtudja olvasni a MBR
lemegy csokentet modba a halozatall,,es ot csinalsz mbr.exe logot es egyelore maradj is ott,a logot ted ide,

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

ez keves,,adot tobbet nezd meg jol,,es ted ide az egesz logot,

OK , csak leírtam mit tapasztaltam.

a javito konzolat mi telepitetujk fel a combofixel,,majd eltavolitjuk ha zavar,,

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Még annyit , hogy mikor a combo újra restartolt megjelent egy pillanatra a Windows (fekete) indítási lapja , fekinálva a normál illetve javítókonzolos indítást , a kurzor(kijelölt sor) a normál indításon volt , de anélkül , hogy bármit tettem volna egy pillanat múlva már el is tünt.