Terminál Fórum - Téma megtekintése - Vírus vagy mi lehet???

Megválaszolatlan hozzászólások | Aktív témák

Pontos idő: kedd nov. 19, 2024 7:31

Vírus vagy mi lehet???

Moderátorok: Wiki, Moderátorok

Oldal: 9 / 35

[ 1736 hozzászólás ]

Oldal Előző 1 ... 6, 7, 8, 9, 10, 11, 12 ... 35 Következő

Nyomtatóbarát verzió

Előző téma | Következő téma

Vírus vagy mi lehet???

Szerző	Üzenet
stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Így van, semmi vesz.
csüt. jan. 20, 2011 18:51

impulZ ezüst tag Csatlakozott: szomb. jan. 01, 2011 22:57 Hozzászólások: 52	Re: Vírus vagy mi lehet??? akkor nincs vész;)
csüt. jan. 20, 2011 16:02

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Szia, Semivel, ez az Avast hamis riasztása, a combofix szerzojet mar figyelmeztetuk, hogy ertesitse az Avastot, hogy tegy a kivetelbe. udv
csüt. jan. 20, 2011 15:27

impulZ ezüst tag Csatlakozott: szomb. jan. 01, 2011 22:57 Hozzászólások: 52	Re: Vírus vagy mi lehet??? szia stell! netezés közben ilyet kaptam, az AVAST-om jelzett! Web védelem Vizsgálati naplók: url:http://download.bleepingcomputer.com/sUB/ComboFix.exe\|>rar.sfx.script súlyosság:Magas Állapot:Fenygeetés:IRC:Malware-gen Művelet: legördülő menüben találtam törlést, de nem törli Mivel tudnám eltávolítani?
csüt. jan. 20, 2011 15:23

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? udv Az elso lepes hogy megnezuk a virussokat: tedd ide az RSIT logjat: http://virus-stell.blogspot.com/2010/04/rsit.html
vas. júl. 25, 2010 19:37

Slay0828 vas-tag Csatlakozott: vas. júl. 25, 2010 18:46 Hozzászólások: 1	Re: Vírus vagy mi lehet??? Sziasztok. A segítségeteket szeretném kérni abban a problémában, hogy a gépemben a dvd-olvasó nem jelenik meg, de azt írja a gép, hogy megfelelően működik... Nem tudok vele mit csinálni kérlek segítsetek...
vas. júl. 25, 2010 18:52

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Igen,valakinek melozni is kell,,ha minden okes,akkor ha nincsen tuzfalad azt is jo lenne felrakni,,Pldaul a PCTOOLS -tuzfalat. Nincsen mit.
csüt. júl. 01, 2010 20:54

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? Stell, elsodort a melo, bocsanat. Minden ketyeg mint a vekkerora. Avira+Malewarebyte+unhackme+CCleaner-rel megyek tovabb. NAGYON KOSZONOM A SEGITSEGET! quote="stell"]ok,mar jol nez ki, klik-start-klik-ffuttatas-masold be az ablakba combofix /uninstall a combofix letelepitodig a geprol Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza http://virus-stell.blogspot.com/2010/04 ... dszer.html Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral http://virus-stell.blogspot.com/2010/04/ccleaner.html http://virus-stell.blogspot.com/2010/04 ... ztito.html http://www.virus-stell.com/2010/05/temp ... itasa.html aztan csinalj komplet vizsgalatot az Malwarebytes programal amit talal torolni a logjat tedd ide..es ha minden okes keszek lennenk, http://virus-stell.blogspot.com/2010/04 ... lware.html[/quote]
csüt. júl. 01, 2010 17:06

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Nincsen mit. De ettol ne varjal csodat: Total RAM: 126 MB Epen csak anyi Memoriad van hogy az xp csak csusik maszik a gepeden,,ide kell neked be rakni legalab 512 MB-RAM-or
kedd jún. 29, 2010 8:28

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Köszi Stell a segítséged. Megpróbálom újratelepíteni. Próbáltm már a Firefoxot is, de az nagyon lassú volt. Akár csak az IE 7 vagy 8. De, ha nincs más, akkor az lesz. Köszi mégegyszer! Szép napot! amcsi
kedd jún. 29, 2010 8:06

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Ha Internet explorered van torold ki onan mindent es tedd ujra http://windows.microsoft.com/hu-hu/wind ... -favorites de ajanlom feltelepiteni a FireFoxot.
kedd jún. 29, 2010 6:00

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Megcsináltam mindent. Megy most rendesen úgy veszem észre. Csak a kedvencekben lévő dolgokat nem nyit meg, semmit. És az újat sem. Nem értem mitől lehet. Van ötleted Stell?
hétf. jún. 28, 2010 19:15

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Itt a log: All processes killed ========== OTL ========== HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL\| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found. Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found. Registry key HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\999jatekok.hu\www\ deleted successfully. Starting removal of ActiveX control {DE2F0988-E455-48ED-A35D-4D73D333D561} C:\WINDOWS\Downloaded Program Files\sdxformsigner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found. ADS C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xy ->Temp folder emptied: 294912 bytes ->Temporary Internet Files folder emptied: 4835797 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 564 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 768 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 06282010_180446 Files\Folders moved on Reboot... C:\Documents and Settings\xy\Local Settings\Temp\~DFE11.tmp moved successfully. C:\WINDOWS\temp\ZLT01993.TMP moved successfully. Registry entries deleted on Reboot...
hétf. jún. 28, 2010 19:12

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? kedvenceket nembantotuk,de kitisztit csuk es meglatodd: futtasd az OTL-progiy allol az ablakjaba masold be a zold textet es klik RunFix-a logot a restart utan tedd ide Kód: :OTL IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O15 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..Trusted Domains: 999jatekok.hu ([www] https in Trusted sites) O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} https://gate.gov.hu/sdx/SDXFormSigner.cab (Reg Error: Key error.) @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A :commands [emptytemp] [resethosts] [start explorer] [Reboot] Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza http://virus-stell.blogspot.com/2010/04 ... dszer.html Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral http://virus-stell.blogspot.com/2010/04/ccleaner.html http://virus-stell.blogspot.com/2010/04 ... ztito.html http://www.virus-stell.com/2010/05/temp ... itasa.html aztan ird le hogy mukszik a gep,
hétf. jún. 28, 2010 13:58

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? A kedvencek menüben amik elvannak mentve, nem működik semmi este óta. Ezt okozhatta valamelyik program, amik le lettek futtatva? De próbáltam újra elmenteni, pl ezt a fórumot is, nem jó akkor sem.
hétf. jún. 28, 2010 9:35

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Ez meg a másik fele: OTL Extras logfile created on: 2010.06.27. 20:00:36 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\xy\Asztal Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040E \| Country: Magyarország \| Language: HUN \| Date Format: yyyy.MM.dd. 126,00 Mb Total Physical Memory \| 21,00 Mb Available Physical Memory \| 17,00% Memory free 316,00 Mb Paging File \| 61,00 Mb Available in Paging File \| 19,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 9,53 Gb Total Space \| 0,76 Gb Free Space \| 8,00% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OTTHONI Current User Name: xy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "9699:TCP" = 9699:TCP::Enabled:BitComet 9699 TCP "9699:UDP" = 9699:UDP::Enabled:BitComet 9699 UDP "3389:TCP" = 3389:TCP::Disabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe::Enabled:Távsegítség - Windows Messenger és beszédkapcsolat -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{114C7913-FC33-41E7-839B-51042BDF3D9C}" = Windows Live Mail "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{350C97C5-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5D63D27F-09D7-4420-9479-DD247CC31496}" = Windows Live Essentials "{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F}" = Windows Live Messenger "{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}" = Msxml4 SP2 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.6.0 "Foxit Reader" = Foxit Reader "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PhotoScape" = PhotoScape "Recuva" = Recuva "Ricochet Infinity_is1" = Ricochet Infinity "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiváló "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Xvid_is1" = Xvid 1.1.3 final uninstall "ZoneAlarm" = ZoneAlarm ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010.06.27. 10:18:30 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:33:47 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:33:47 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:34:08 \| Computer Name = OTTHONI \| Source = crypt32 \| ID = 131080 Description = Nem sikerült lekérni az automatikus frissítés segítségével a külső féltől származó legfelső szintű listát a következőtől: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>. Hiba: Nem hozható létre kapcsolat a kiszolgálóval. Error - 2010.06.27. 12:16:16 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 12:16:16 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:08:48 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:08:48 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:46:17 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:46:17 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. [ Application Events ] Error - 2010.06.27. 10:18:30 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:33:47 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:33:47 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 11:34:08 \| Computer Name = OTTHONI \| Source = crypt32 \| ID = 131080 Description = Nem sikerült lekérni az automatikus frissítés segítségével a külső féltől származó legfelső szintű listát a következőtől: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>. Hiba: Nem hozható létre kapcsolat a kiszolgálóval. Error - 2010.06.27. 12:16:16 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 12:16:16 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:08:48 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:08:48 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:46:17 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Error - 2010.06.27. 13:46:17 \| Computer Name = OTTHONI \| Source = Userenv \| ID = 1041 Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. [ System Events ] Error - 2010.06.27. 8:33:46 \| Computer Name = OTTHONI \| Source = SRService \| ID = 104 Description = A rendszer-visszaállítás inicializálása nem sikerült. Error - 2010.06.27. 8:33:49 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7023 Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő hibával: %%2 Error - 2010.06.27. 8:41:40 \| Computer Name = OTTHONI \| Source = SRService \| ID = 104 Description = A rendszer-visszaállítás inicializálása nem sikerült. Error - 2010.06.27. 8:41:53 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7000 Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70)) a következő hiba következtében leállt: %%3 Error - 2010.06.27. 8:41:53 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7023 Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő hibával: %%2 Error - 2010.06.27. 10:15:20 \| Computer Name = OTTHONI \| Source = SRService \| ID = 104 Description = A rendszer-visszaállítás inicializálása nem sikerült. Error - 2010.06.27. 10:15:32 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7000 Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70)) a következő hiba következtében leállt: %%3 Error - 2010.06.27. 10:15:32 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7023 Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő hibával: %%2 Error - 2010.06.27. 11:29:19 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7009 Description = Várakozó időkorlát (30000 ms) - a(z) PEVSystemStart szolgáltatás kapcsolódása. Error - 2010.06.27. 11:34:14 \| Computer Name = OTTHONI \| Source = Service Control Manager \| ID = 7000 Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70)) a következő hiba következtében leállt: %%3 < End of report >
hétf. jún. 28, 2010 9:32

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Itt a log: OTL logfile created on: 2010.06.27. 20:00:36 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\xy\Asztal Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040E \| Country: Magyarország \| Language: HUN \| Date Format: yyyy.MM.dd. 126,00 Mb Total Physical Memory \| 21,00 Mb Available Physical Memory \| 17,00% Memory free 316,00 Mb Paging File \| 61,00 Mb Available in Paging File \| 19,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 9,53 Gb Total Space \| 0,76 Gb Free Space \| 8,00% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OTTHONI Current User Name: xy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.27 19:58:08 \| 000,574,464 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe PRC - [2010.04.01 13:33:19 \| 000,267,432 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:31 \| 000,282,792 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:09 \| 000,135,336 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:11:00 \| 000,076,968 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.08.21 21:41:32 \| 002,405,776 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2008.08.21 21:41:32 \| 000,981,904 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2007.06.13 15:23:54 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.06.27 19:58:08 \| 000,574,464 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe MOD - [2006.08.25 17:53:57 \| 001,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004.08.03 23:01:18 \| 000,102,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand \| Stopped] -- -- (gusvc) SRV - File not found [Auto \| Stopped] -- -- (gupdate1ca9828fd274e70) Google frissítési szolgáltatás (gupdate1ca9828fd274e70) SRV - File not found [Disabled \| Stopped] -- -- (CarboniteService) SRV - File not found [On_Demand \| Stopped] -- -- (aspnet_state) SRV - [2010.04.01 13:33:19 \| 000,267,432 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 08:51:54 \| 000,068,000 \| ---- \| M] (NOS Microsystems Ltd.) [On_Demand \| Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.02.24 10:28:09 \| 000,135,336 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.08.21 21:41:32 \| 002,405,776 \| ---- \| M] (Check Point Software Technologies LTD) [Auto \| Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel \| On_Demand \| Running] -- -- (catchme) DRV - [2010.05.22 08:29:52 \| 000,717,296 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.03.01 10:05:24 \| 000,124,784 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 \| 000,060,936 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 12:49:19 \| 000,011,608 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 \| 000,028,520 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.21 21:41:40 \| 000,353,680 \| ---- \| M] (Check Point Software Technologies LTD) [Kernel \| System \| Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2008.04.21 08:19:58 \| 000,051,648 \| ---- \| M] (Check Point Software Technologies LTD) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2004.08.03 23:08:22 \| 000,010,624 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 23:04:34 \| 000,012,672 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2004.08.03 23:03:36 \| 000,088,448 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2004.08.03 22:29:50 \| 000,019,455 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4) DRV - [2004.08.03 22:29:48 \| 000,012,063 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3) DRV - [2004.08.03 22:29:46 \| 000,025,471 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5) DRV - [2004.08.03 22:29:46 \| 000,023,615 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4) DRV - [2004.08.03 22:29:46 \| 000,022,271 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6) DRV - [2004.08.03 22:29:44 \| 000,033,599 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3) DRV - [2004.08.03 22:29:44 \| 000,019,551 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1) DRV - [2004.08.03 22:29:42 \| 000,029,311 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0) DRV - [2004.08.03 22:29:42 \| 000,011,871 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7) DRV - [2004.08.03 22:29:40 \| 000,011,807 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5) DRV - [2004.08.03 22:29:40 \| 000,011,295 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6) DRV - [2004.08.03 22:29:38 \| 000,161,020 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.03 22:29:38 \| 000,012,415 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0) DRV - [2004.08.03 22:29:38 \| 000,012,127 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1) DRV - [2004.08.03 22:29:38 \| 000,011,775 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2) DRV - [2001.10.26 14:00:00 \| 000,063,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001.10.26 14:00:00 \| 000,055,936 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.17 22:19:34 \| 000,040,704 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) DRV - [2001.08.17 22:11:06 \| 000,066,591 \| ---- \| M] (3Com Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/ IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.06.27 18:16:45 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..Trusted Domains: 999jatekok.hu ([www] https in Trusted sites) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object) O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.gamehouse.com/games/SproutLauncher.cab (SproutLauncherCtrl Class) O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} https://gate.gov.hu/sdx/SDXFormSigner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.1.98.182 208.67.220.220 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\xy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\xy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.10.24 14:34:14 \| 000,000,000 \| ---D \| M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm () Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.DLL (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\IYVU9_32.DLL () CREATERESTOREPOINT Restore point Set: OTL Restore Point (56027131116781568) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Documents and Settings\xy\Asztal\CAMN27A5. [2010.06.27 19:57:31 \| 000,574,464 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe [2010.06.27 19:16:26 \| 000,000,000 \| -HSD \| C] -- C:\RECYCLER [2010.06.27 18:29:37 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2010.06.27 14:25:54 \| 000,000,000 \| ---D \| C] -- C:\_OTM [2010.06.27 14:24:13 \| 000,518,656 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTM.exe [2010.06.26 07:30:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\xy\Asztal\Balazs Feco - Erints meg meg egyszer (Best Of) 2009 [2010.06.26 05:05:24 \| 000,000,000 \| ---D \| C] -- C:\Program Files\trend micro [2010.06.26 05:05:05 \| 000,000,000 \| ---D \| C] -- C:\rsit [2010.06.25 14:23:57 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\xy\Recent [2010.06.25 06:50:42 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.25 06:50:19 \| 000,020,952 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.25 06:50:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.06.21 15:51:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2010.06.21 06:39:20 \| 007,010,816 \| ---- \| C] (Foxit Software Company) -- C:\Documents and Settings\xy\Asztal\FoxitReader331_enu_Setup.exe [2010.06.10 06:21:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Recuva [2010.06.08 17:22:58 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\xy\IECompatCache [2010.06.07 19:37:50 \| 000,068,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx [2010.06.07 19:14:53 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\xy\Application Data\PhotoScape [2010.06.07 19:04:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\PhotoScape ========== Files - Modified Within 30 Days ========== File not found -- C:\Documents and Settings\xy\Asztal\CAMN27A5. [2010.06.27 19:58:08 \| 000,574,464 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe [2010.06.27 19:44:00 \| 000,004,212 \| -H-- \| M] () -- C:\WINDOWS\System32\zllictbl.dat [2010.06.27 18:43:50 \| 000,348,371 \| ---- \| M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.06.27 18:18:16 \| 000,000,846 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010.06.27 18:16:45 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.27 17:33:53 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.27 17:33:33 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010.06.27 17:33:29 \| 132,427,776 \| -HS- \| M] () -- C:\hiberfil.sys [2010.06.27 17:31:49 \| 000,000,178 \| -HS- \| M] () -- C:\Documents and Settings\xy\ntuser.ini [2010.06.27 17:31:48 \| 009,961,472 \| ---- \| M] () -- C:\Documents and Settings\xy\ntuser.dat [2010.06.27 16:13:08 \| 003,228,354 \| -H-- \| M] () -- C:\Documents and Settings\xy\Local Settings\Application Data\IconCache.db [2010.06.27 16:11:46 \| 003,721,479 \| R--- \| M] () -- C:\Documents and Settings\xy\Asztal\ComboFix.exe [2010.06.27 14:24:36 \| 000,518,656 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTM.exe [2010.06.27 14:16:08 \| 000,000,181 \| ---- \| M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url [2010.06.27 14:15:45 \| 000,000,901 \| ---- \| M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2010.06.27 14:15:44 \| 000,000,883 \| ---- \| M] () -- C:\Documents and Settings\All Users\Asztal\Foxit Reader.lnk [2010.06.26 05:12:56 \| 000,023,552 \| ---- \| M] () -- C:\Documents and Settings\xy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.26 05:04:49 \| 000,824,681 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\RSIT.exe [2010.06.25 06:51:04 \| 000,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2010.06.24 10:00:31 \| 000,000,386 \| -H-- \| M] () -- C:\WINDOWS\tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job [2010.06.21 07:05:29 \| 000,065,024 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\HVI_lista_2010_03.xls [2010.06.21 06:39:23 \| 007,010,816 \| ---- \| M] (Foxit Software Company) -- C:\Documents and Settings\xy\Asztal\FoxitReader331_enu_Setup.exe [2010.06.19 18:54:11 \| 000,626,694 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\névtelen.bmp [2010.06.18 20:23:23 \| 000,028,309 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\babe.gif [2010.06.10 06:22:50 \| 000,001,512 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\Recuva.lnk [2010.06.10 06:11:28 \| 000,000,779 \| ---- \| M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Az Internet Explorer böngésző indítása.lnk [2010.06.09 21:55:39 \| 000,000,144 \| ---- \| M] () -- C:\WINDOWS\Eudcedit.ini [2010.06.07 19:13:20 \| 000,000,724 \| ---- \| M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk [2010.06.07 19:13:20 \| 000,000,706 \| ---- \| M] () -- C:\Documents and Settings\xy\Asztal\PhotoScape.lnk [2010.06.02 10:35:01 \| 000,000,885 \| ---- \| M] () -- C:\WINDOWS\TB50.INI ========== Files Created - No Company Name ========== [2010.06.27 15:27:53 \| 003,721,479 \| R--- \| C] () -- C:\Documents and Settings\xy\Asztal\ComboFix.exe [2010.06.27 14:16:08 \| 000,000,181 \| ---- \| C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url [2010.06.27 14:15:45 \| 000,000,901 \| ---- \| C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2010.06.27 14:15:44 \| 000,000,883 \| ---- \| C] () -- C:\Documents and Settings\All Users\Asztal\Foxit Reader.lnk [2010.06.26 05:04:26 \| 000,824,681 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\RSIT.exe [2010.06.25 06:51:02 \| 000,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2010.06.21 07:05:27 \| 000,065,024 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\HVI_lista_2010_03.xls [2010.06.19 18:54:10 \| 000,626,694 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\névtelen.bmp [2010.06.18 20:31:01 \| 000,028,309 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\babe.gif [2010.06.10 06:22:50 \| 000,001,512 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\Recuva.lnk [2010.06.09 21:55:38 \| 000,000,144 \| ---- \| C] () -- C:\WINDOWS\Eudcedit.ini [2010.06.07 19:37:50 \| 000,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\ieencode.dll [2010.06.07 19:37:50 \| 000,081,920 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.06.07 19:13:20 \| 000,000,724 \| ---- \| C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk [2010.06.07 19:13:20 \| 000,000,706 \| ---- \| C] () -- C:\Documents and Settings\xy\Asztal\PhotoScape.lnk [2009.09.25 19:15:48 \| 000,000,026 \| ---- \| C] () -- C:\WINDOWS\ulead32.ini [2009.06.17 21:33:57 \| 000,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\IYVU9_32.DLL [2009.03.20 19:31:36 \| 004,425,326 \| ---- \| C] () -- C:\WINDOWS\System32\libavcodec.dll [2009.03.19 23:36:48 \| 000,557,469 \| ---- \| C] () -- C:\WINDOWS\System32\libmplayer.dll [2009.03.02 21:10:48 \| 000,067,584 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.03.02 21:10:22 \| 000,098,304 \| ---- \| C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009.03.02 18:19:36 \| 000,183,296 \| ---- \| C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009.03.02 18:19:30 \| 000,178,688 \| ---- \| C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009.03.02 18:19:14 \| 000,113,152 \| ---- \| C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009.03.02 18:18:46 \| 000,146,944 \| ---- \| C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009.03.02 18:18:32 \| 000,257,024 \| ---- \| C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009.03.02 18:18:28 \| 000,142,848 \| ---- \| C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009.03.02 18:18:18 \| 000,486,400 \| ---- \| C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009.03.02 16:54:20 \| 000,328,334 \| ---- \| C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009.03.02 16:45:14 \| 000,146,098 \| ---- \| C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009.03.02 16:42:54 \| 000,425,040 \| ---- \| C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009.03.02 16:35:56 \| 000,898,465 \| ---- \| C] () -- C:\WINDOWS\System32\ff_x264.dll [2009.02.01 19:31:43 \| 000,765,952 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.01.11 00:17:32 \| 000,163,840 \| ---- \| C] () -- C:\WINDOWS\System32\ts.dll [2009.01.11 00:16:56 \| 000,148,480 \| ---- \| C] () -- C:\WINDOWS\System32\mkx.dll [2009.01.11 00:16:50 \| 000,108,032 \| ---- \| C] () -- C:\WINDOWS\System32\avi.dll [2009.01.11 00:16:14 \| 000,141,312 \| ---- \| C] () -- C:\WINDOWS\System32\mp4.dll [2009.01.11 00:15:54 \| 000,120,832 \| ---- \| C] () -- C:\WINDOWS\System32\ogm.dll [2009.01.11 00:15:44 \| 000,159,744 \| ---- \| C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009.01.11 00:15:32 \| 000,102,400 \| ---- \| C] () -- C:\WINDOWS\System32\avss.dll [2009.01.11 00:15:28 \| 000,246,784 \| ---- \| C] () -- C:\WINDOWS\System32\dxr.dll [2009.01.11 00:15:12 \| 000,097,280 \| ---- \| C] () -- C:\WINDOWS\System32\avs.dll [2009.01.11 00:14:08 \| 000,079,360 \| ---- \| C] () -- C:\WINDOWS\System32\mkzlib.dll [2009.01.11 00:14:06 \| 000,023,552 \| ---- \| C] () -- C:\WINDOWS\System32\mkunicode.dll [2008.12.04 00:11:50 \| 000,180,224 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.11.29 18:40:33 \| 000,000,206 \| ---- \| C] () -- C:\WINDOWS\MPLAYER.INI [2008.11.06 18:37:32 \| 003,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.11.06 18:34:00 \| 000,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.11.06 18:34:00 \| 000,000,416 \| ---- \| C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008.10.27 09:01:07 \| 000,000,885 \| ---- \| C] () -- C:\WINDOWS\TB50.INI [2008.04.15 18:54:28 \| 000,000,048 \| ---- \| C] () -- C:\WINDOWS\mtb30.ini [2008.04.15 18:54:26 \| 000,000,037 \| ---- \| C] () -- C:\WINDOWS\progman.ini [2008.02.29 09:43:20 \| 000,000,082 \| ---- \| C] () -- C:\WINDOWS\System32\ENoSignature.dll [2008.02.12 16:47:41 \| 000,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2008.01.28 18:08:09 \| 000,000,063 \| ---- \| C] () -- C:\WINDOWS\System32\SKVersion.ini [2008.01.28 18:06:17 \| 000,002,368 \| ---- \| C] () -- C:\WINDOWS\System32\sk_bho.ini [2008.01.09 16:01:48 \| 000,000,453 \| ---- \| C] () -- C:\WINDOWS\bdoscandellang.ini [2007.12.25 13:37:20 \| 000,000,049 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2007.12.19 08:50:42 \| 000,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2007.12.02 18:05:13 \| 000,000,248 \| ---- \| C] () -- C:\WINDOWS\phedit.ini [2007.12.01 15:54:22 \| 000,000,018 \| ---- \| C] () -- C:\WINDOWS\gfact.ini [2007.11.27 12:35:16 \| 000,000,256 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2007.11.06 16:37:38 \| 000,010,240 \| ---- \| C] () -- C:\WINDOWS\System32\vidx16.dll [2007.10.31 20:13:29 \| 000,006,213 \| ---- \| C] () -- C:\WINDOWS\cncscore.ini [2007.10.24 23:42:15 \| 000,001,267 \| ---- \| C] () -- C:\WINDOWS\wincmd.ini [2007.10.13 11:30:20 \| 000,000,137 \| ---- \| C] () -- C:\WINDOWS\System32\Registration.ini [2007.07.10 19:10:12 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2005.06.01 01:16:00 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\SpyPryUN.dll [2005.02.22 12:48:21 \| 000,622,113 \| ---- \| C] () -- C:\WINDOWS\System32\List.dll [2002.03.17 02:00:00 \| 000,007,420 \| ---- \| C] () -- C:\WINDOWS\UA000011.DLL [2000.01.07 02:00:00 \| 000,024,448 \| ---- \| C] () -- C:\WINDOWS\sysgtime.dll [2000.01.07 02:00:00 \| 000,024,448 \| ---- \| C] () -- C:\WINDOWS\System32\proclsvr.drv [1999.04.11 22:54:20 \| 000,286,208 \| ---- \| C] () -- C:\WINDOWS\System32\cncs232.dll ========== LOP Check ========== [2007.12.02 09:09:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2007.12.26 08:13:06 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox [2010.04.14 19:16:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.05.22 09:26:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010.06.21 15:51:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2007.12.06 18:34:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2008.01.08 11:16:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed [2008.01.27 18:04:22 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Phenomedia [2009.12.30 10:40:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect [2010.05.21 22:27:36 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007.12.18 22:28:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2007.12.02 09:11:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\ACD Systems [2007.12.26 08:14:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\alawar [2010.04.28 21:02:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Artweaver [2010.05.22 09:28:25 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools [2010.05.22 12:22:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Lite [2010.05.22 12:20:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Pro [2010.03.01 13:50:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Foxit [2010.05.21 09:45:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Foxit Software [2007.10.31 14:45:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\funkitron [2010.01.29 11:52:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\GetRightToGo [2010.03.07 14:13:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\IObit [2008.11.19 18:32:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\mbin.jp [2010.03.21 08:43:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\OpenOffice.org [2010.03.05 22:42:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Opera [2010.06.07 19:23:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\PhotoScape [2010.01.02 15:53:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\PVST Manager [2009.10.31 10:25:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Uniblue [2010.01.01 09:59:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Unity [2010.01.25 14:31:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\VSTT Manager [2010.06.24 10:00:31 \| 000,000,386 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job ========== Purity Check ========== ========== Custom Scans ========== < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s > < c:\windows\. /U > < %SYSTEMDRIVE%\.exe > < %ALLUSERSPROFILE%\Application Data\. > [2007.12.02 09:09:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2009.11.16 14:48:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2007.12.26 08:13:06 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox [2010.04.14 19:16:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.04.30 19:21:07 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Avira [2010.05.22 09:26:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010.06.21 15:51:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2010.06.07 19:12:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Google [2010.01.24 08:20:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009.12.14 18:37:52 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2007.10.30 17:26:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2007.12.06 18:34:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2008.01.08 11:16:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed [2010.05.23 11:07:07 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\NOS [2008.01.27 18:04:22 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Phenomedia [2010.01.19 13:06:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Skype [2009.12.30 10:40:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect [2010.05.16 07:39:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.05.21 22:27:36 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008.07.23 16:09:42 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2007.10.25 16:07:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2007.12.18 22:28:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WinZip < %ALLUSERSPROFILE%\Application Data\.exe /s > < %APPDATA%\. > [2007.12.02 09:11:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\ACD Systems [2010.06.21 16:18:10 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Adobe [2008.01.06 14:49:07 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\AdobeUM [2007.12.26 08:14:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\alawar [2010.02.23 18:03:22 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Apple Computer [2010.04.28 21:02:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Artweaver [2010.04.30 19:34:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Avira [2010.05.22 09:28:25 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools [2010.05.22 12:22:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Lite [2010.05.22 12:20:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Pro [2009.08.13 15:44:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\DivX [2010.03.01 13:50:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Foxit [2010.05.21 09:45:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Foxit Software [2007.10.31 14:45:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\funkitron [2010.01.29 11:52:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\GetRightToGo [2007.11.01 11:21:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Google [2010.04.23 10:12:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Help [2007.10.24 19:29:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Identities [2010.03.07 14:13:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\IObit [2010.06.21 16:18:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Macromedia [2010.01.24 08:21:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Malwarebytes [2008.11.19 18:32:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\mbin.jp [2009.10.20 10:10:33 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\xy\Application Data\Microsoft [2010.03.01 15:36:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Mozilla [2009.01.03 22:26:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\MSN6 [2010.03.21 08:43:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\OpenOffice.org [2010.03.05 22:42:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Opera [2010.06.07 19:23:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\PhotoScape [2010.01.02 15:53:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\PVST Manager [2010.01.19 12:55:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\skypePM [2007.10.31 17:51:06 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Sun [2008.01.22 12:40:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Talkback [2009.10.31 10:25:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Uniblue [2010.01.01 09:59:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\Unity [2010.01.25 14:31:49 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\VSTT Manager [2008.03.02 21:30:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xy\Application Data\WinRAR < %APPDATA%\.exe /s > < MD5 for: AGP440.SYS > [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 \| 000,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys [2004.08.03 23:07:42 \| 000,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004.08.03 23:07:42 \| 000,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004.08.03 23:07:42 \| 000,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2001.10.26 14:00:00 \| 000,086,656 \| ---- \| M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 22:59:44 \| 000,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004.08.03 22:59:44 \| 000,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004.08.03 22:59:44 \| 000,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 22:59:44 \| 000,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: CDROM.SYS > [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2004.08.03 22:59:54 \| 000,049,536 \| ---- \| M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2004.08.03 22:59:54 \| 000,049,536 \| ---- \| M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\dllcache\cdrom.sys [2004.08.03 22:59:54 \| 000,049,536 \| ---- \| M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [2001.10.26 14:00:00 \| 000,047,488 \| ---- \| M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2004.08.03 23:00:14 \| 000,008,192 \| ---- \| M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2004.08.03 23:00:14 \| 000,008,192 \| ---- \| M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys < MD5 for: CRYPTSVC.DLL > [2001.10.26 14:00:00 \| 000,051,200 \| ---- \| M] (Microsoft Corporation) MD5=05259C29C8093E6EE1AE7A8F4DE7B807 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll [2004.08.17 16:46:40 \| 000,060,416 \| ---- \| M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll [2004.08.17 16:46:40 \| 000,060,416 \| ---- \| M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll [2004.08.17 16:46:40 \| 000,060,416 \| ---- \| M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\system32\cryptsvc.dll [2004.08.17 16:46:40 \| 000,060,416 \| ---- \| M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll < MD5 for: EVENTLOG.DLL > [2001.10.26 14:00:00 \| 000,047,616 \| ---- \| M] (Microsoft Corporation) MD5=2DA8D38CF8D86B5C02DFFAC2615FC1C4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004.08.17 16:46:56 \| 000,055,808 \| ---- \| M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004.08.17 16:46:56 \| 000,055,808 \| ---- \| M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004.08.17 16:46:56 \| 000,055,808 \| ---- \| M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.17 16:46:56 \| 000,055,808 \| ---- \| M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2001.10.26 14:00:00 \| 001,003,008 \| ---- \| M] (Microsoft Corporation) MD5=495D8BA14043F4402ECF51C2AB73D8DD -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.17 16:47:58 \| 001,034,240 \| ---- \| M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2004.08.17 16:47:58 \| 001,034,240 \| ---- \| M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:12:07 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) MD5=6CF1696892BE31A2EC25072A99E2E3FF -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 15:23:54 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2007.06.13 15:23:54 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\explorer.exe [2007.06.13 15:23:54 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: HAL.DLL > [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll [2004.08.17 17:02:36 \| 018,786,561 \| ---- \| M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll [2001.10.26 14:00:00 \| 000,078,464 \| ---- \| M] (Microsoft Corporation) MD5=254916581AC499E53EE700E7E5B9E5B5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll [2004.08.03 22:59:08 \| 000,081,280 \| ---- \| M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\HAL.DLL [2004.08.03 22:59:20 \| 000,105,472 \| ---- \| M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll < MD5 for: ISAPNP.SYS > [2001.10.26 14:00:00 \| 000,036,096 \| ---- \| M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\dllcache\isapnp.sys [2001.10.26 14:00:00 \| 000,036,096 \| ---- \| M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\drivers\isapnp.sys < MD5 for: LSASS.EXE > [2004.08.17 16:48:06 \| 000,013,312 \| ---- \| M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\ERDNT\cache\lsass.exe [2004.08.17 16:48:06 \| 000,013,312 \| ---- \| M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe [2004.08.17 16:48:06 \| 000,013,312 \| ---- \| M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\system32\dllcache\lsass.exe [2004.08.17 16:48:06 \| 000,013,312 \| ---- \| M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\system32\lsass.exe [2001.10.26 14:00:00 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=9AAD6A77CDBE6DAA9758A28B9145E580 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe < MD5 for: NDIS.SYS > [2001.10.26 14:00:00 \| 000,161,536 \| ---- \| M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004.08.03 23:14:30 \| 000,182,912 \| ---- \| M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys [2004.08.03 23:14:30 \| 000,182,912 \| ---- \| M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2004.08.03 23:14:30 \| 000,182,912 \| ---- \| M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004.08.03 23:14:30 \| 000,182,912 \| ---- \| M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2004.08.17 16:47:20 \| 000,407,040 \| ---- \| M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2004.08.17 16:47:20 \| 000,407,040 \| ---- \| M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004.08.17 16:47:20 \| 000,407,040 \| ---- \| M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004.08.17 16:47:20 \| 000,407,040 \| ---- \| M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\system32\netlogon.dll [2001.10.26 14:00:00 \| 000,397,824 \| ---- \| M] (Microsoft Corporation) MD5=3D8811CB0A5AE38442BB0966282D7796 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.17 16:47:26 \| 000,185,856 \| ---- \| M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\ERDNT\cache\scecli.dll [2004.08.17 16:47:26 \| 000,185,856 \| ---- \| M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004.08.17 16:47:26 \| 000,185,856 \| ---- \| M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.17 16:47:26 \| 000,185,856 \| ---- \| M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\system32\scecli.dll [2001.10.26 14:00:00 \| 000,179,712 \| ---- \| M] (Microsoft Corporation) MD5=FA3E6E756841725EE113BADECBCB26D9 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: SMSS.EXE > [2004.08.17 16:48:30 \| 000,050,688 \| ---- \| M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe [2004.08.17 16:48:30 \| 000,050,688 \| ---- \| M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\system32\dllcache\smss.exe [2004.08.17 16:48:30 \| 000,050,688 \| ---- \| M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\system32\smss.exe [2001.08.17 23:37:00 \| 000,469,504 \| ---- \| M] (Microsoft Corporation) MD5=C37F36D08F06A7B0CAF8C1EE9E4079A3 -- C:\cmdcons\SYSTEM32\SMSS.EXE [2001.10.26 14:00:00 \| 000,045,568 \| ---- \| M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe < MD5 for: SVCHOST.EXE > [2004.08.17 16:48:32 \| 000,014,336 \| ---- \| M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\ERDNT\cache\svchost.exe [2004.08.17 16:48:32 \| 000,014,336 \| ---- \| M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2004.08.17 16:48:32 \| 000,014,336 \| ---- \| M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\system32\dllcache\svchost.exe [2004.08.17 16:48:32 \| 000,014,336 \| ---- \| M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\system32\svchost.exe [2001.10.26 14:00:00 \| 000,012,800 \| ---- \| M] (Microsoft Corporation) MD5=9D08A7B580F0C829A40D7964E1D7CC68 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe < MD5 for: TCPIP.SYS > [2006.04.20 13:51:50 \| 000,359,808 \| ---- \| M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [2007.10.30 18:53:32 \| 000,360,832 \| ---- \| M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2007.10.30 19:20:55 \| 000,360,064 \| ---- \| M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2007.10.30 19:20:55 \| 000,360,064 \| ---- \| M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\dllcache\tcpip.sys [2007.10.30 19:20:55 \| 000,360,064 \| ---- \| M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\drivers\tcpip.sys [2004.08.03 23:14:42 \| 000,359,040 \| ---- \| M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [2004.08.03 23:14:42 \| 000,359,040 \| ---- \| M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2006.04.20 14:18:35 \| 000,360,576 \| ---- \| M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [2001.10.26 14:00:00 \| 000,327,168 \| ---- \| M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys < MD5 for: USERINIT.EXE > [2001.10.26 14:00:00 \| 000,021,504 \| ---- \| M] (Microsoft Corporation) MD5=969BA3BAC25FB9EB5D652F767B49717C -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004.08.17 16:48:34 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\ERDNT\cache\userinit.exe [2004.08.17 16:48:34 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004.08.17 16:48:34 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.17 16:48:34 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.17 16:48:36 \| 000,504,320 \| ---- \| M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2004.08.17 16:48:36 \| 000,504,320 \| ---- \| M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.17 16:48:36 \| 000,504,320 \| ---- \| M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.17 16:48:36 \| 000,504,320 \| ---- \| M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\system32\winlogon.exe [2001.10.26 14:00:00 \| 000,432,128 \| ---- \| M] (Microsoft Corporation) MD5=E0F2312FB3DE3D83B915BB82CA42F3F0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < MD5 for: WS2_32.DLL > [2004.08.17 16:47:38 \| 000,082,944 \| ---- \| M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll [2004.08.17 16:47:38 \| 000,082,944 \| ---- \| M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll [2004.08.17 16:47:38 \| 000,082,944 \| ---- \| M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\system32\dllcache\ws2_32.dll [2004.08.17 16:47:38 \| 000,082,944 \| ---- \| M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\system32\ws2_32.dll [2001.10.26 14:00:00 \| 000,075,264 \| ---- \| M] (Microsoft Corporation) MD5=F57E0EA4977D1973D1A41B73352F56A2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll < %systemroot%\. /mp /s > < %systemroot%\system32\.dll /lockedfiles > < %systemroot%\Tasks\.job /lockedfiles > < %systemroot%\system32\drivers\.sys /lockedfiles > < %systemroot%\System32\config\.sav > [2007.10.24 16:17:28 \| 000,094,208 \| ---- \| M] () -- C:\WINDOWS\system32\config\default.sav [2007.10.24 16:17:27 \| 000,634,880 \| ---- \| M] () -- C:\WINDOWS\system32\config\software.sav [2007.10.24 16:17:27 \| 000,380,928 \| ---- \| M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\.dll /lockedfiles > < reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON < %systemroot%\system32\drivers\.sys /3 > < %systemroot%\system32\. /3 > [2010.06.27 18:43:50 \| 000,348,371 \| ---- \| M] () -- C:\WINDOWS\system32\vsconfig.xml [2010.06.27 19:44:00 \| 000,004,212 \| -H-- \| M] () -- C:\WINDOWS\system32\zllictbl.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A < End of report >
hétf. jún. 28, 2010 9:30

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	Re: Vírus vagy mi lehet??? stell írta: ... ma mar nem irok ... Kezdődik a meccs.
vas. jún. 27, 2010 19:45

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Rendben Stell, köszönöm. Még fut az OTL program. Akkor holnap. Jó éjt.
vas. jún. 27, 2010 19:34

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? ok,folytasd tovabb ugy ahogy leirtam,,ha ma mar nem irok akkor majd holnap megnezem a logot>
vas. jún. 27, 2010 19:30

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Talán sikerült. Azt hiszem az ismételt elemzésre kellett még kantintanom, ugye? http://www.virustotal.com/hu/analisis/6 ... 1277662584 http://www.virustotal.com/hu/analisis/c ... 1277662836
vas. jún. 27, 2010 19:24

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Nem tudom mit csinálok rosszul. Ugyanezeket adta be megint.
vas. jún. 27, 2010 19:15

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Nem értem. Megpróbálom mégegyszer.
vas. jún. 27, 2010 19:08

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? nezd meg a Virustotalrol a linkekket hogy mit tettel ide,,egyik se az amit irtam.
vas. jún. 27, 2010 19:03

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? http://www.virustotal.com/hu/analisis/c ... 1277567414 A hozzászólást 1 alkalommal szerkesztették, utoljára amcsi vas. jún. 27, 2010 19:35-kor.
vas. jún. 27, 2010 18:58

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Az elsőt sikerült feltöltenem. A másodikat nem találom azon az elérési útvonalon. http://www.virustotal.com/hu/analisis/6 ... 1246249836
vas. jún. 27, 2010 18:55

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? teszteld le a www.virustotal.com c:\documents and settings\All Users\Application Data\GameHouse\FeedingFrenzy\FeedingFrenzy.dll c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcr71.dll a linket a tesztrol tedd ide. tolsds le az asztalra-futtasd-pipazd be, OTL -Scan all users. -Lop check. -Purity check. -v sekciiExtra Registry>potyozd be>Use SafeList -az ablakba Custom Scans/Fixes>vtedd a zold textet es klik Run SCAN aztan tedd ide az -OTL.txt (az asztalon lesz.). - Kód: netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\. /U %SYSTEMDRIVE%\.exe %ALLUSERSPROFILE%\Application Data\. %ALLUSERSPROFILE%\Application Data\.exe /s %APPDATA%\. %APPDATA%\.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys /md5stop %systemroot%\. /mp /s %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\System32\config\.sav %systemroot%\system32\.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c %systemroot%\system32\drivers\.sys /3 %systemroot%\system32\. /3 CREATERESTOREPOINT
vas. jún. 27, 2010 18:29

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Elkészült a ComboFix log: ComboFix 10-06-26.03 - xy 010.06.27. 16:40:05.15.1 - x86 Running from: c:\documents and settings\xy\Asztal\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 ))))))))))))))))))))))))))))))) . 2010-06-21 13:51 . 2010-06-21 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse 2010-06-21 13:51 . 2004-09-17 08:53 753664 ----a-w- c:\documents and settings\All Users\Application Data\GameHouse\FeedingFrenzy\FeedingFrenzy.dll 2010-06-07 17:14 . 2010-06-07 17:23 -------- d-----w- c:\documents and settings\xy\Application Data\PhotoScape . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-27 16:19 . 2008-12-14 10:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-06-27 12:15 . 2010-03-01 11:49 -------- d-----w- c:\program files\Foxit Software 2010-06-27 10:44 . 2010-06-26 03:05 -------- d-----w- c:\program files\trend micro 2010-06-25 04:51 . 2010-06-25 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-17 10:05 . 2010-05-22 10:54 -------- d-----w- c:\program files\Ricochet Infinity 2010-06-10 04:22 . 2010-06-10 04:21 -------- d-----w- c:\program files\Recuva 2010-06-07 17:05 . 2010-06-07 17:04 -------- d-----w- c:\program files\PhotoScape 2010-05-30 12:20 . 2010-05-30 12:20 64580 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_05_30_13_09_41_small.dmp.zip 2010-05-30 11:09 . 2010-05-30 12:20 519680 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2010-05-26 06:55 . 2001-10-26 12:00 331686 ----a-w- c:\windows\system32\perfh00E.dat 2010-05-26 06:55 . 2001-10-26 12:00 73652 ----a-w- c:\windows\system32\perfc00E.dat 2010-05-26 06:48 . 2010-02-18 18:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-26 06:48 . 2007-11-10 14:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-23 09:07 . 2010-05-23 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-23 08:46 . 2010-05-23 08:46 -------- d-----w- c:\program files\NOS 2010-05-22 10:22 . 2010-05-22 06:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools Lite 2010-05-22 10:20 . 2010-05-22 07:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools Pro 2010-05-22 07:28 . 2010-05-22 07:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools 2010-05-22 07:26 . 2010-05-22 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-05-22 07:24 . 2010-05-22 07:24 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-05-22 06:29 . 2010-05-22 06:29 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-05-21 20:27 . 2007-10-31 12:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 07:45 . 2010-05-21 07:45 -------- d-----w- c:\documents and settings\xy\Application Data\Foxit Software 2010-05-16 05:55 . 2010-05-16 05:57 4224512 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2010-05-16 05:29 . 2010-05-16 05:29 503808 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcp71.dll 2010-05-16 05:29 . 2010-05-16 05:29 499712 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\jmc.dll 2010-05-16 05:29 . 2010-05-16 05:29 12800 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-425c7282-n\decora-d3d.dll 2010-05-16 05:29 . 2010-05-16 05:29 61440 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-425c7282-n\decora-sse.dll 2010-05-16 05:29 . 2010-05-16 05:29 348160 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcr71.dll 2010-05-16 05:21 . 2008-12-30 13:06 411368 -c--a-w- c:\windows\system32\deploytk.dll 2010-04-30 17:34 . 2010-04-30 17:34 -------- d-----w- c:\documents and settings\xy\Application Data\Avira 2010-04-30 17:21 . 2010-04-30 17:21 -------- d-----w- c:\program files\Avira 2010-04-30 17:21 . 2010-04-30 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-29 19:13 . 2010-04-29 19:13 3258011 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-04-29 13:39 . 2010-06-25 04:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-06-25 04:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 19:02 . 2010-04-28 19:02 -------- d-----w- c:\documents and settings\xy\Application Data\Artweaver 2010-04-24 18:06 . 2010-04-24 18:06 45 ---h--w- c:\windows\dsez0057.dat 2010-04-14 10:01 . 2007-10-30 15:53 37744 -c--a-w- c:\documents and settings\xy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IERESETATTRIB] %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-17 14:47 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9699:TCP"= 9699:TCP:BitComet 9699 TCP "9699:UDP"= 9699:UDP:BitComet 9699 UDP "3389:TCP"= 3389:TCP::Disabled:@xpsp2res.dll,-22009 S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010.05.22. 8:29 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-24 c:\windows\Tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job - c:\windows\system32\mobsync.exe [2001-10-26 14:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= mLocal Page = mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html Trusted Zone: 999jatekok.hu\www DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} - hxxps://gate.gov.hu/sdx/SDXFormSigner.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-27 18:17 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3616) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2010-06-27 18:29:28 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-27 16:29 ComboFix2.txt 2010-04-29 16:31 Pre-Run: 762 658 816 bájt szabad Post-Run: 818 810 880 bájt szabad - - End Of File - - 46D2CDC375C8B969E0B75A770B9CEF0B
vas. jún. 27, 2010 18:01

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Futtasd a combofixet http://virus-stell.blogspot.com/2010/04/combofix.html
vas. jún. 27, 2010 14:25

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Hát, nem tudom. Sok változást nem vélek felfedezni. A feladkazelőt sem engedte megnyitni, hogy bezárjak egy ablakot. Csak újraindítás után.
vas. jún. 27, 2010 14:03

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"\|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"\|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"\|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"\|dword:00000000 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"\|dword:00000000 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: xy ->Temp folder emptied: 32787290 bytes ->Temporary Internet Files folder emptied: 317045436 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 5244 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1887936 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 144088912 bytes Total Files Cleaned = 473,00 mb Unable to start service SRService! C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version 3.1.12.2 log created on 06272010_142554 Files moved on Reboot... C:\Documents and Settings\xy\Local Settings\Temp\~DFF885.tmp moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\OJOCI4MM\otm[1].html moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\GFATSX8E\CAU7ENU1.g moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\BBPAU2VN\CAKLUFO1.com moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\4GP6G2TS\comment-iframe[2].g moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\13Z5NXZO\CAMNYJA9.com moved successfully. C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\01L74MPN\CAKTQZKL.com moved successfully. C:\WINDOWS\temp\ZLT07f6a.TMP moved successfully. Registry entries deleted on Reboot...
vas. jún. 27, 2010 13:57

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? http://www.virus-stell.com/2010/04/otm.html Tolds le az asztalra-futtasd-a ball ablakjaba masold be a zold textet es klik MOVEIT-a logot a restart utan tedd ide,es ird le hogy viselkedik a gep, Kód: :processes explorer.exe :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 :commands [emptytemp] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot]
vas. jún. 27, 2010 13:19

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Szia. Csak most tudtam megcsinálni. Malwarebytes-t nem zártam még be, amikor írtam, ezért töröltem amit írtál. Most megint lefuttattam. Teljes vizsgálatot csinált. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Adatbázis verzió: 4245 Windows 5.1.2600 Szervizcsomag 2 Internet Explorer 6.0.2900.2180 2010.06.27. 13:22:48 mbam-log-2010-06-27 (13-22-48).txt Vizsgálat típusa: Teljes vizsgálat (C:\\|) Átvizsgált objektumok: 97468 Eltelt idő: 10 perc, 56 másodperc Fertőzött memóriafolyamatok: 0 Fertőzött memória modulok: 0 Fertőzött Rendszerleíró kulcsok: 0 Fertőzött Rendszerleíró értékek: 0 Fertőzött Rendszerleíró adatelemek: 3 Fertőzött mappák: 0 Fertőzött fájlok: 0 Fertőzött memóriafolyamatok: (Nem találhatók rosszindulatú elemek) Fertőzött memória modulok: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró kulcsok: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró értékek: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró adatelemek: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Fertőzött mappák: (Nem találhatók rosszindulatú elemek) Fertőzött fájlok: (Nem találhatók rosszindulatú elemek) Ez pedig az Rsit log: Logfile of random's system information tool 1.07 (written by random/random) Run by xy at 2010-06-27 12:36:19 Microsoft Windows XP Professional Szervizcsomag 2 System drive C: has 313 MB (3%) free of 10 GB Total RAM: 126 MB (11% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:44:38, on 2010.06.27. Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\xy\Asztal\RSIT.exe C:\Program Files\trend micro\xy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások O1 - Hosts: ˙ţ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} - https://gate.gov.hu/sdx/SDXFormSigner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O22 - SharedTaskScheduler: Browseui előbetöltője - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Komponenskategóriák gyorsítótárazási szolgáltatása - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Logikai lemezkezelő felügyeleti szolgáltatás (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Eseménynapló (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google frissítési szolgáltatás (gupdate1ca9828fd274e70) (gupdate1ca9828fd274e70) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: IMAPI CD-égető COM-szolgáltatás (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Távoli asztal súgó-munkamenetének kezelője (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Intelligens kártya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Kötet árnyékmásolata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: A Windows Media Player hálózatmegosztási szolgáltatása (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 6044 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IERESETATTRIB] C:\WINDOWS\system32\cmd.exe [2004-08-17 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoResolveSearch"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe::Enabled:Távsegítség - Windows Messenger és beszédkapcsolat" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe::Enabled:Opera Internet Browser" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-06-27 06:49:34 ----A---- C:\WINDOWS\IE4 Error Log.txt 2010-06-26 05:05:24 ----D---- C:\Program Files\trend micro 2010-06-26 05:05:05 ----D---- C:\rsit 2010-06-25 06:50:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-21 15:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse 2010-06-10 06:21:36 ----D---- C:\Program Files\Recuva 2010-06-09 21:55:38 ----A---- C:\WINDOWS\Eudcedit.ini 2010-06-07 19:37:50 ----A---- C:\WINDOWS\system32\ieencode.dll 2010-06-07 19:14:53 ----D---- C:\Documents and Settings\xy\Application Data\PhotoScape 2010-06-07 19:04:36 ----D---- C:\Program Files\PhotoScape ======List of files/folders modified in the last 1 months====== 2010-06-27 08:02:59 ----D---- C:\WINDOWS\Internet Logs 2010-06-27 07:01:59 ----D---- C:\WINDOWS\Temp 2010-06-27 07:01:51 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-27 06:59:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-27 06:52:20 ----D---- C:\WINDOWS 2010-06-26 18:31:32 ----D---- C:\WINDOWS\Prefetch 2010-06-26 05:05:24 ----D---- C:\Program Files 2010-06-25 14:11:42 ----D---- C:\WINDOWS\system32\NtmsData 2010-06-25 14:10:32 ----D---- C:\WINDOWS\repair 2010-06-25 14:09:55 ----D---- C:\WINDOWS\Registration 2010-06-25 10:01:48 ----D---- C:\WINDOWS\system32\drivers 2010-06-21 16:18:10 ----D---- C:\Documents and Settings\xy\Application Data\Adobe 2010-06-21 16:18:01 ----D---- C:\Documents and Settings\xy\Application Data\Macromedia 2010-06-21 16:17:53 ----D---- C:\WINDOWS\system32\Macromed 2010-06-21 16:14:21 ----D---- C:\WINDOWS\system32\Adobe 2010-06-21 16:13:41 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-06-17 12:05:56 ----D---- C:\Program Files\Ricochet Infinity 2010-06-11 06:48:27 ----D---- C:\WINDOWS\Debug 2010-06-10 17:42:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-06-10 05:57:26 ----HD---- C:\WINDOWS\inf 2010-06-10 05:57:26 ----D---- C:\WINDOWS\system32\hu-HU 2010-06-10 05:57:26 ----D---- C:\WINDOWS\system32 2010-06-10 05:57:26 ----D---- C:\WINDOWS\Help 2010-06-10 05:57:26 ----D---- C:\Program Files\Internet Explorer 2010-06-09 21:54:33 ----RSD---- C:\WINDOWS\Fonts 2010-06-09 21:36:17 ----D---- C:\WINDOWS\WBEM 2010-06-09 21:36:15 ----D---- C:\WINDOWS\Media 2010-06-07 19:15:07 ----SHD---- C:\WINDOWS\Installer 2010-06-07 19:14:24 ----SD---- C:\WINDOWS\Tasks 2010-06-07 19:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2010-06-02 10:35:01 ----AC---- C:\WINDOWS\TB50.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 P3;Intel PentiumIII processzor-illesztőprogram; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-17 46720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibilis átviteli protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-26 63232] R2 NwlnkSpx;NWLink SPX/SPXII protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-26 55936] R3 EL90XBC;3Com EtherLink XL 90XB/C adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591] R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704] R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584] R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 a6ag02bj;a6ag02bj; C:\WINDOWS\system32\drivers\a6ag02bj.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807] S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295] S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471] S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 sr;Rendszer-helyreállító szűrő illesztőprogramja; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73472] S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-26 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 NWCWorkstation;Netware ügyfélszolgáltatás; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776] S2 gupdate1ca9828fd274e70;Google frissítési szolgáltatás (gupdate1ca9828fd274e70); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040] S4 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-06-27 12:44:49 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cole2k Media - Codec Pack (Advanced) 7.6.0-->C:\WINDOWS\system32\C2MP\Uninst.exe Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Msxml4 SP2-->MsiExec.exe /I{955D8242-B99E-4A9A-80C4-3FF7D7587EA3} PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Recuva-->"C:\Program Files\Recuva\uninst.exe" Ricochet Infinity-->"C:\Program Files\Ricochet Infinity\unins000.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{5D63D27F-09D7-4420-9479-DD247CC31496} Windows Live Messenger-->MsiExec.exe /X{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Windows Media Player 11 Gyorsjavítás (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player 6.4 Biztonsági frissítés (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Windows Media Player 9 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Windows Media Player Biztonsági frissítés (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB890046-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB893756-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB896358-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB896423-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB896428-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB899587-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB899591-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB900725-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB901017-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB901190-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB901214-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB902400-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB904706-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB905414-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB905749-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB908519-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB911562-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB911927-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB913580-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB914388-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB914389-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB917344-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB917953-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB918118-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB918439-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB919007-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB920213-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB920670-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB920683-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB920685-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB921503-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB922819-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB923191-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB923414-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB923789-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Windows XP biztonsági frissítés - KB923980-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB924270-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB924496-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB924667-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB925902-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB926255-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB926436-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB927779-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB927802-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB928255-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB928843-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB929123-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB930178-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB931261-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB931784-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB932168-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB933729-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB935839-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB935840-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB936021-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB937894-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB938127-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB938829-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB939653-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB941202-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB941568-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB941644-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB942615-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB943460-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB943485-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Windows XP biztonsági frissítés - KB944653-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Windows XP Biztonsági frissítés (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Windows XP frissítés - KB894391-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Windows XP frissítés - KB898461-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Windows XP frissítés - KB900485-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Windows XP frissítés - KB908531-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Windows XP frissítés - KB910437-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Windows XP frissítés - KB911280-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Windows XP frissítés - KB916595-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Windows XP frissítés - KB920872-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Windows XP frissítés - KB922582-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Windows XP frissítés - KB927891-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Windows XP frissítés - KB930916-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Windows XP frissítés - KB933360-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Windows XP frissítés - KB936357-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Windows XP frissítés - KB938828-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Windows XP frissítés - KB942763-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Windows XP frissítés - KB942840-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Windows XP frissítés - KB946627-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe" Windows XP gyorsjavítás - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP gyorsjavítás - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP gyorsjavítás - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Hosts File====== ::1 localhost ======Security center information====== AV: AntiVir Desktop (outdated) FW: ZoneAlarm Firewall ======System event log====== Computer Name: OTTHONI Event Code: 7036 Message: A(z) Tárcsázó szolgáltatás állapota: "fut". Record Number: 10006 Source Name: Service Control Manager Time Written: 20100527105312.000000+120 Event Type: információ User: Computer Name: OTTHONI Event Code: 7022 Message: A következő szolgáltatás nem indul el: Avira AntiVir Guard. Record Number: 10005 Source Name: Service Control Manager Time Written: 20100527105312.000000+120 Event Type: hiba User: Computer Name: OTTHONI Event Code: 7000 Message: A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70)) a következő hiba következtében leállt: A rendszer nem találja a megadott elérési utat. Record Number: 10004 Source Name: Service Control Manager Time Written: 20100527105117.000000+120 Event Type: hiba User: Computer Name: OTTHONI Event Code: 17 Message: avgntflt.sys version 10.0.2.2 successfully loaded Record Number: 10003 Source Name: avgntflt Time Written: 20100527105036.000000+120 Event Type: információ User: Computer Name: OTTHONI Event Code: 17 Message: avipbb.sys version 10.0.2.6 successfully loaded Record Number: 10002 Source Name: avipbb Time Written: 20100527105036.000000+120 Event Type: információ User: =====Application event log===== Computer Name: OTTHONI Event Code: 1041 Message: A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Record Number: 14927 Source Name: Userenv Time Written: 20100612082643.000000+120 Event Type: hiba User: NT AUTHORITY\SYSTEM Computer Name: OTTHONI Event Code: 1041 Message: A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében. Record Number: 14926 Source Name: Userenv Time Written: 20100612082643.000000+120 Event Type: hiba User: NT AUTHORITY\SYSTEM Computer Name: OTTHONI Event Code: 20 Message: Record Number: 14925 Source Name: Google Update Time Written: 20100612082142.000000+120 Event Type: hiba User: NT AUTHORITY\SYSTEM Computer Name: OTTHONI Event Code: 20 Message: Record Number: 14924 Source Name: Google Update Time Written: 20100612075812.000000+120 Event Type: hiba User: NT AUTHORITY\SYSTEM Computer Name: OTTHONI Event Code: 20 Message: Record Number: 14923 Source Name: Google Update Time Written: 20100612072205.000000+120 Event Type: hiba User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Abev 2006\krtitok;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "KRDIR"=C:\Program Files\Abev 2006\eKuldes "tvdumpflags"=8 -----------------EOF-----------------
vas. jún. 27, 2010 12:32

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Szia Ez Vizsgálat típusa: Gyorsvizsgálat-volt ha meg nem zartad be torold,,es csinalj teljes vizsgalatot,amit tallal torolni,,es ted ide a logjat...es az RSIT logjat is. http://virus-stell.blogspot.com/2010/04/rsit.html
pén. jún. 25, 2010 7:49

amcsi ezüst tag Csatlakozott: kedd dec. 18, 2007 14:05 Hozzászólások: 76	Re: Vírus vagy mi lehet??? Szia Stell! Írnom kell megint, mert a segítségedre van szükségem. Lelassult a gépünk ismét, és többször fagyott is. Lefuttattam a Malwarebytes programot, s talált is valamiket. Nem tudom mik ezek, de egyedül nem törlök semmit. A múltkor volt rajta egy keylogger, úgy emlékszem azt írtad, s most is látom, hogy itt van. Úgy emlékszem, hogy letöröltük. Vagy mégsem? Ideteszem a logot: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Adatbázis verzió: 4236 Windows 5.1.2600 Szervizcsomag 2 Internet Explorer 6.0.2900.2180 2010.06.25. 7:58:42 mbam-log-2010-06-25 (07-58-42).txt Vizsgálat típusa: Gyorsvizsgálat Átvizsgált objektumok: 97169 Eltelt idő: 9 perc, 52 másodperc Fertőzött memóriafolyamatok: 0 Fertőzött memória modulok: 0 Fertőzött Rendszerleíró kulcsok: 1 Fertőzött Rendszerleíró értékek: 0 Fertőzött Rendszerleíró adatelemek: 3 Fertőzött mappák: 0 Fertőzött fájlok: 0 Fertőzött memóriafolyamatok: (Nem találhatók rosszindulatú elemek) Fertőzött memória modulok: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró kulcsok: HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken. Fertőzött Rendszerleíró értékek: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró adatelemek: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Fertőzött mappák: (Nem találhatók rosszindulatú elemek) Fertőzött fájlok: (Nem találhatók rosszindulatú elemek)
pén. jún. 25, 2010 7:12

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? ok,mar jol nez ki, klik-start-klik-ffuttatas-masold be az ablakba combofix /uninstall a combofix letelepitodig a geprol Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza http://virus-stell.blogspot.com/2010/04 ... dszer.html Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral http://virus-stell.blogspot.com/2010/04/ccleaner.html http://virus-stell.blogspot.com/2010/04 ... ztito.html http://www.virus-stell.com/2010/05/temp ... itasa.html aztan csinalj komplet vizsgalatot az Malwarebytes programal amit talal torolni a logjat tedd ide..es ha minden okes keszek lennenk, http://virus-stell.blogspot.com/2010/04 ... lware.html A hozzászólást 1 alkalommal szerkesztették, utoljára stell hétf. jún. 28, 2010 13:57-kor.
szer. jún. 23, 2010 20:04

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? masodik resz: Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752] "TPSMain"="TPSMain.exe" [2008-02-06 271672] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568] "Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824] "BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416] "ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\hplun.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] 2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler] 2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ins\\utorrent\\uTorrent-1.6.1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "c:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\uTorrent185\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528] R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592] R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104] R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144] R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640] R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600] R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800] R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416] R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010.06.18. 19:47 135336] R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704] R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?] R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160] R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272] R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912] R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?] S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456] . . ------- Supplementary Scan ------- . IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - AddRemove-UnHackMe_is1 - c:\program files\UnHackMe\unins000.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-23 20:38 Windows 5.1.2600 Szervizcsomag 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.] "ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4012) c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kilgray\MemoQ\AUClient.exe c:\program files\Kilgray\memoQ40\AUClient.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Raxco\PerfectDisk10\PDEngine.exe c:\windows\system32\TPSMain.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\thpsrv.exe c:\windows\system32\igfxext.exe c:\windows\system32\TPSBattM.exe c:\program files\Jetico\BestCrypt\BCResident.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe . ************************************************************************ . Completion time: 2010-06-23 20:41:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-23 18:41 ComboFix2.txt 2010-06-22 17:24 ComboFix3.txt 2010-06-16 09:27 Pre-Run: 3 741 708 288 bájt szabad Post-Run: 3 707 760 640 bájt szabad - - End Of File - - 8DECA893D19E2469B4E115BD6F01A054
szer. jún. 23, 2010 19:54

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? koszonet! [quote="stell"]Ok,az jo ha van sok melo Az Avira renben van,ez a Antivirus a legjobbak koze tartozik,az utolso idoben talan a legjobb,csak kar hogy a free verzioban nincsen posta vizsgalat, akkor maradhat? Ez a program micsoda??nemismerem c:\program files\ShirusuPad\ShirusuPad.exe ha nem kell,vagy nem hasznalod letelepiteni. artalmatlan kis rezidens napi feljegyzeseket mutat halvanyan a kepernyon Letesztelni a http://www.virustotal.com ezt a fajlt a linket tedd ide a tesztrol: c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll 41-bol 0 iteli veszelyesnek, log ehhez: --További információ File size: 512 bytes MD5...: 7059d6b4cbd6ac0106d2c077c728ecd8 SHA1..: bfbec5d7db221f0331d3d69a1434f1d651898a50 SHA256: be709ab15ec65ec402103312833fb1e46a07ddd7115f0cba06d30732a5ab229b ssdeep: 12:JqWEd8K0tWOvAtWOC64IbecYniAnDQKIiLK3XYAXjK3XYH8Nnt3nZQ6t:FEd8 K0tItSFIb/YTDFtt3nZQ PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned --- Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. ennek a logja: ComboFix 10-06-15.03 - b 010.06.23. 20:35:51.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1548 [GMT 2:00] Running from: c:\documents and settings\b\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\b\Asztal\CFScript.txt AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . - REDUCED FUNCTIONALITY MODE - FILE :: "c:\windows\system32\drivers\Partizan.sys" "c:\windows\system32\Partizan.exe" "c:\windows\winstart.bat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\avg9 c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.10 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.5 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.6 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.7 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.8 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.9 c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock c:\documents and settings\All Users\Application Data\avg9\Log\history.xml c:\documents and settings\All Users\Application Data\avg9\Log\vault.log c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.1 c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000024.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000025.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000026.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000027.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000028.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000029.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000030.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000031.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000032.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000033.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000034.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000035.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000036.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000037.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000038.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000039.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000040.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000041.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000042.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000043.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000044.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000045.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000046.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000047.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000048.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000049.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000050.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000051.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000052.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000053.log c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx c:\documents and settings\All Users\Application Data\avg9\Temp\00a1942b-47bd-47f6-96fc-2bf1d5f2e90d-d4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\015bef39-7cbf-4577-84a4-992c50b8b8ff-d8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\04750077-c00d-4cb9-b8ab-2efe75866252-720-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\0591b428-9f76-4269-b184-331bf6611d22-728-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\0d40b3e7-90f9-46b4-9ac6-965d52cacb3e-728-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\0da3228e-8136-4a54-ab84-cc2e4a6147c1-d4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\14772937-8e33-4973-93b7-ecdb5448c3ff-100-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\15e424c8-60fe-4229-ad83-ceba42b17952-720-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\1bae3fdb-9088-4745-8b26-838e7755dc0f-d8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\1c09faae-ef41-49f7-bf90-4e75d177c2d7-bc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\204194e8-b5dc-4e92-88af-8fa5f7321ff1-c8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\26fe7194-6729-478e-a42f-d9ee250edd40-724-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\2918c291-34cc-4e78-b943-f178a09c40c1-c0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\30e089ce-edb9-4d5a-8502-7b711d5ffd63-270-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\32409f98-5d2e-4d68-a08f-ec8c76865f65-d8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\32c46f7a-a2fd-4107-93ad-92f506d7448c-740-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\34f90193-ce79-4e80-878e-58cce56dca87-ac-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\368f4ce9-0684-4a76-9ccd-00087936c200-90-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\3722267b-49ac-4069-81bf-a96b8d20eda5-e4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\3784c1d1-bc58-4a00-bb72-44dc5fa457e8-c4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\39b8d173-bb8d-440b-a5f7-8f4c760a8907-704-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\3ad1b5bf-6b3d-4c0d-9f89-59eb22e5d319-bc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\44f858f5-5349-4a6e-9b12-6635d57ed8f6-d4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\4f48034c-b4a4-492e-b375-ac408798e8e3-6f4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\53ed6032-6542-4cd0-8154-d55309cb8642-284-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\54893250-d807-4937-8c6e-18590ef5de35-6f8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\5ad54213-48df-4810-8165-c56f04b9af3b-2c4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\5d22d661-bbee-4171-9583-9bdb72da8783-6f8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\6439b092-8983-4403-96fc-1cb088faa6c9-dc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\6a84679a-2022-4c68-ba84-940777be52cd-d0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\73bc10bb-3aeb-4f40-b2aa-ca7e9a4d0e6d-6f0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\73df6524-e4e1-40ed-9d36-9d43b17959c3-7e8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\74186501-15cf-4b2c-a0d2-c1d36de0b2e5-298-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\77d741d5-550d-4d27-99d3-261c177a8733-794-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\793a8992-8a9e-496c-9857-06262a22a394-724-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\7c7a83cc-77d6-463e-aada-1d5074bdf586-6f4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\7f1eaac1-7ac1-43ad-91aa-0248b909e1f3-e9c-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\84c6af56-e892-45a1-be27-e14412b4e098-7fc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\8f07261f-6188-42b6-a274-b09743888b00-124-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\95c44583-b6c7-4e79-a742-f28ee3d5e3fd-6f4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\9871fa90-ec74-4458-b184-67dec51a3214-d0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\99d492b9-13c6-47d6-b04d-e7f90f1d7599-9bc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\a659e930-a5dd-4c99-9f87-90219d12abe7-7c0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\a928138d-1d65-480b-bc00-202b78324e8f-710-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\a92ca03b-baba-4bb5-b066-c4d938b32df0-d4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\ab1e60b9-7f2b-4c9a-a1b8-1f579d70b49c-120-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\ac1ab32a-2f55-40ec-bf66-bebddf8feb80-33c-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\b5514542-2e73-4336-97ae-2b198940fd4e-d4-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\b81081b6-a986-4edd-9fa8-cf0788fa7585-130-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\bb614211-7f15-423d-9932-0c7d627b8845-70c-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\bb7ed1f4-64fe-42cf-add6-c1c0b186baf3-b8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\c948963e-bc52-4143-8d79-0952c1014467-700-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\cc15e951-a285-4dcf-ab20-52f97b03f66a-cc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\cf66cf7a-7193-484c-8ae0-df498653934c-284-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\d32b69d3-57f1-462e-8eb4-1e3815732c75-bc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\d5e38915-2549-4380-8c65-93c912e9fce9-a8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\db8ee059-9131-48b4-a92b-af7522509218-bc-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\ddbfc5e2-6ed6-497f-bbba-15b243054ff6-6f8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\e0f1e449-4ce1-4919-aa96-e8e2125b6064-e0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\e72700d8-9634-4506-994e-148268d619db-33c-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\eb5d88f6-8924-492d-b9d8-218648216989-710-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\ee1eb79f-40ff-4063-85bd-b2aaab9be3f1-6f8-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\f36f1445-03c8-45fe-9a82-018e7fd09e63-7c0-oopp.tmp c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat c:\documents and settings\All Users\Application Data\avg9\update\backup\sb2.dat c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty c:\documents and settings\All Users\Application Data\ESET c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\asdata.dat c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19 c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13 c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00 c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\disk201006a.dat c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\disk201006b.dat c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\net201006a.dat c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\net201006b.dat c:\documents and settings\b\Application Data\ESET c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\productid c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\rkd c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19.lkr1 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13.lkr1 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00.lkr1 c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scdns.bin c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scoffset.bin.full c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scoffset.bin.incr c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scrh.bin.full c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scwh.bin.full c:\documents and settings\b\Application Data\ESET\ESET Smart Security\ekrnSmonEL.dat c:\documents and settings\b\Application Data\ESET\ESET Smart Security\ekrnSmonWL.dat c:\documents and settings\b\Local Settings\Application Data\ESET c:\program files\UnHackMe c:\program files\UnHackMe\database.rdb c:\program files\UnHackMe\GWebUpdate.exe c:\program files\UnHackMe\hackmon.exe c:\program files\UnHackMe\order.txt c:\program files\UnHackMe\readme.txt c:\program files\UnHackMe\reanimator.exe c:\program files\UnHackMe\regrun2.chm c:\program files\UnHackMe\regrun2.cnt c:\program files\UnHackMe\regrun2.hlp c:\program files\UnHackMe\regrunck.exe c:\program files\UnHackMe\regruninfo.db c:\program files\UnHackMe\RegRunInfo.exe c:\program files\UnHackMe\UnHackMe.chm c:\program files\UnHackMe\UnHackMe.cnt c:\program files\UnHackMe\unhackme.err c:\program files\UnHackMe\Unhackme.exe c:\program files\UnHackMe\UnHackMe.hlp c:\program files\UnHackMe\unhackme.ini c:\program files\UnHackMe\unhackme.log c:\program files\UnHackMe\unhackme.zip c:\program files\UnHackMe\unhackme_setup.exe c:\program files\UnHackMe\unhackmedb.unh c:\program files\UnHackMe\UnHackMeDrv.sys c:\program files\UnHackMe\unhackmeschedule.exe c:\program files\UnHackMe\unins000.dat c:\program files\UnHackMe\unins000.exe c:\windows\system32\drivers\Partizan.sys c:\windows\system32\Partizan.exe c:\windows\winstart.bat . ((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 ))))))))))))))))))))))))))))))) . 2010-06-18 17:55 . 2010-06-18 17:55 -------- d-----w- c:\documents and settings\b\Application Data\Avira 2010-06-18 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-18 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-18 17:47 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-18 17:47 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\program files\Avira 2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-18 15:52 . 2010-06-18 15:52 -------- d-----w- c:\windows\$regcmp$ 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-23 15:12 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-23 06:02 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat 2010-06-23 06:02 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat 2010-06-22 16:44 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ 2010-06-22 06:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ 2010-06-17 20:09 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent 2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet 2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series 2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0 2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype 2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX 2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0 2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert 2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack 2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll 2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 512 Created time: 2010-04-12 15:47 Modified time: 2010-04-12 15:47 MD5: 7059D6B4CBD6AC0106D2C077C728ECD8 SHA1: BFBEC5D7DB221F0331D3D69A1434F1D651898A50 ---- Directory of c:\windows\$regcmp$ ---- ((((((((((((((((((((((((((((( SnapShot@2010-06-16_09.25.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2010-06-23 18:38 . 2010-06-23 18:38 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat - 2004-08-18 12:00 . 2010-06-10 04:15 67646 c:\windows\system32\perfc009.dat + 2004-08-18 12:00 . 2010-06-23 06:02 67646 c:\windows\system32\perfc009.dat + 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll + 2009-11-06 23:07 . 2009-11-06 23:07 11600 c:\windows\system32\mui\0409\mscorees.dll + 2010-06-18 17:47 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll + 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll + 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2010-06-23 06:05 . 2010-06-23 06:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll + 2010-06-23 15:26 . 2010-06-23 15:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe + 2010-06-23 06:03 . 2010-06-23 06:03 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll - 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2010-06-10 04:14 . 2010-06-10 04:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-06-23 06:02 . 2010-06-23 06:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2010-06-23 06:02 . 2010-06-23 06:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2010-06-10 04:15 . 2010-06-10 04:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2010-06-23 06:02 . 2010-06-23 06:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2010-06-10 04:14 . 2010-06-10 04:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2010-06-10 04:14 . 2010-06-10 04:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-06-23 06:02 . 2010-06-23 06:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2010-06-23 06:02 . 2010-06-23 06:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-06-10 04:14 . 2010-06-10 04:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2010-06-10 04:14 . 2010-06-10 04:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2010-06-23 06:02 . 2010-06-23 06:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2010-06-23 06:02 . 2010-06-23 06:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2010-06-10 04:14 . 2010-06-10 04:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2010-06-23 06:02 . 2010-06-23 06:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2010-06-10 04:14 . 2010-06-10 04:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2010-06-23 06:02 . 2010-06-23 06:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2010-06-10 04:14 . 2010-06-10 04:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2010-06-10 04:14 . 2010-06-10 04:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2010-06-23 06:02 . 2010-06-23 06:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2010-06-10 04:14 . 2010-06-10 04:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-06-23 06:02 . 2010-06-23 06:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2010-06-23 06:02 . 2010-06-23 06:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2010-06-10 04:14 . 2010-06-10 04:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2010-06-10 04:15 . 2010-06-10 04:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-06-23 06:02 . 2010-06-23 06:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2010-06-23 06:02 . 2010-06-23 06:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-06-10 04:14 . 2010-06-10 04:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2010-06-10 04:14 . 2010-06-10 04:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-06-23 06:02 . 2010-06-23 06:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2010-06-23 06:02 . 2010-06-23 06:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2010-06-10 04:14 . 2010-06-10 04:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - 2004-08-18 12:00 . 2010-06-10 04:15 432690 c:\windows\system32\perfh009.dat + 2004-08-18 12:00 . 2010-06-23 06:02 432690 c:\windows\system32\perfh009.dat + 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll + 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2010-06-18 17:46 . 2010-06-18 17:46 219648 c:\windows\Installer\6eac5b.msi + 2010-06-23 06:05 . 2010-06-23 06:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll + 2010-06-23 06:05 . 2010-06-23 06:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll - 2010-06-10 04:14 . 2010-06-10 04:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2010-06-23 06:02 . 2010-06-23 06:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2010-06-23 06:02 . 2010-06-23 06:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2010-06-10 04:14 . 2010-06-10 04:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2010-06-23 06:02 . 2010-06-23 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2010-06-10 04:14 . 2010-06-10 04:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2010-06-10 04:14 . 2010-06-10 04:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2010-06-23 06:02 . 2010-06-23 06:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2010-06-10 04:14 . 2010-06-10 04:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-06-23 06:02 . 2010-06-23 06:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2010-06-23 06:02 . 2010-06-23 06:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2010-06-10 04:14 . 2010-06-10 04:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2010-06-23 06:02 . 2010-06-23 06:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-06-10 04:14 . 2010-06-10 04:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2010-06-10 04:14 . 2010-06-10 04:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-06-23 06:02 . 2010-06-23 06:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2010-06-23 06:02 . 2010-06-23 06:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2010-06-10 04:14 . 2010-06-10 04:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2010-06-10 04:15 . 2010-06-10 04:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2010-06-23 06:02 . 2010-06-23 06:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2010-06-10 04:15 . 2010-06-10 04:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2010-06-23 06:02 . 2010-06-23 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2010-06-23 06:02 . 2010-06-23 06:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-06-10 04:15 . 2010-06-10 04:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2010-06-10 04:15 . 2010-06-10 04:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-06-23 06:02 . 2010-06-23 06:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2010-06-23 06:02 . 2010-06-23 06:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2010-06-10 04:14 . 2010-06-10 04:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2010-06-23 06:02 . 2010-06-23 06:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2010-06-10 04:14 . 2010-06-10 04:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2010-06-23 06:02 . 2010-06-23 06:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2010-06-10 04:14 . 2010-06-10 04:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2010-06-10 04:14 . 2010-06-10 04:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-06-23 06:02 . 2010-06-23 06:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2010-06-23 06:02 . 2010-06-23 06:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2010-06-10 04:14 . 2010-06-10 04:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2010-06-23 06:02 . 2010-06-23 06:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2010-06-10 04:14 . 2010-06-10 04:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2010-06-10 04:14 . 2010-06-10 04:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2010-06-23 06:02 . 2010-06-23 06:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2010-06-10 04:14 . 2010-06-10 04:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-06-23 06:02 . 2010-06-23 06:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2010-06-23 06:02 . 2010-06-23 06:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2010-06-10 04:14 . 2010-06-10 04:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2010-06-10 04:15 . 2010-06-10 04:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2010-06-23 06:02 . 2010-06-23 06:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll + 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\2cbf475.msp + 2010-06-23 06:03 . 2010-06-23 06:03 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll + 2010-06-23 06:05 . 2010-06-23 06:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll + 2010-06-23 06:05 . 2010-06-23 06:05 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll + 2010-06-23 06:05 . 2010-06-23 06:05 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll + 2010-06-23 06:05 . 2010-06-23 06:05 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll + 2010-06-23 06:03 . 2010-06-23 06:03 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2010-06-10 04:15 . 2010-06-10 04:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2010-06-23 06:02 . 2010-06-23 06:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2010-06-10 04:15 . 2010-06-10 04:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2010-06-23 06:02 . 2010-06-23 06:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2010-06-10 04:14 . 2010-06-10 04:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-06-23 06:02 . 2010-06-23 06:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2010-06-23 06:02 . 2010-06-23 06:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2010-06-10 04:14 . 2010-06-10 04:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2010-06-23 06:03 . 2010-06-23 06:03 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2010-06-23 06:02 . 2010-06-23 06:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2010-06-10 04:14 . 2010-06-10 04:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2010-06-23 06:02 . 2010-06-23 06:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2010-06-10 04:15 . 2010-06-10 04:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2010-01-14 13:38 . 2010-01-14 13:38 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-06-23 06:03 . 2010-06-23 06:03 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2010-06-23 06:02 . 2010-06-23 06:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2010-06-10 04:14 . 2010-06-10 04:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\2cbf482.msp + 2010-06-23 06:04 . 2010-06-23 06:04 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll + 2010-06-23 06:04 . 2010-06-23 06:04 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . .
szer. jún. 23, 2010 19:53

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Ok,az jo ha van sok melo Az Avira renben van,ez a Antivirus a legjobbak koze tartozik,az utolso idoben talan a legjobb,csak kar hogy a free verzioban nincsen posta vizsgalat, Ez a program micsoda??nemismerem c:\program files\ShirusuPad\ShirusuPad.exe ha nem kell,vagy nem hasznalod letelepiteni. Letesztelni a www.virustotal.com ezt a fajlt a linket tedd ide a tesztrol: c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. Kód: KILLALL:: DirLook:: c:\windows\$regcmp$ Folder:: c:\documents and settings\b\Local Settings\Application Data\ESET c:\documents and settings\b\Application Data\ESET c:\documents and settings\All Users\Application Data\ESET c:\documents and settings\All Users\Application Data\avg9 c:\program files\UnHackMe File:: c:\windows\winstart.bat c:\windows\system32\Partizan.exe c:\windows\system32\drivers\Partizan.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "HP Software Update"=- "HP Component Manager"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00 [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor] Driver:: Partizan FileLook:: c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll
szer. jún. 23, 2010 8:43

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? Bocs, sok melo volt. Itt megy a log. Az Aviran ne csodalkozz, nem mertem virusirto nelkul elni. Majd cserelem az Avastra. Szoval a log: most hogyan tovabb? -- ComboFix 10-06-15.03 - b 010.06.22. 18:53:54.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1430 [GMT 2:00] Running from: c:\documents and settings\b\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\b\Asztal\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\hidpp.sys" "c:\windows\Tasks\WGASetup.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\hidpp.sys . ---- Previous Run ------- . c:\windows\Tasks\WGASetup.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HIDPP -------\Legacy_KXUYUA -------\Service_ethewlwj -------\Service_ethhetaa -------\Service_ethjtdvv -------\Service_ethnzesu -------\Service_ethoikjz -------\Service_ethptxyw -------\Service_ethvdnea -------\Service_hidpp -------\Service_kxuyua -------\Service_ltzklvlc -------\Legacy_HIDPP -------\Legacy_KXUYUA -------\Service_hidpp ((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 ))))))))))))))))))))))))))))))) . 2010-06-18 17:55 . 2010-06-18 17:55 -------- d-----w- c:\documents and settings\b\Application Data\Avira 2010-06-18 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-18 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-18 17:47 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-18 17:47 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\program files\Avira 2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-18 15:52 . 2010-06-18 15:52 -------- d-----w- c:\windows\$regcmp$ 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro 2010-06-13 16:26 . 2010-06-13 16:26 -------- d-----w- c:\documents and settings\b\Local Settings\Application Data\ESET 2010-06-13 15:17 . 2010-06-13 15:17 -------- d-----w- c:\documents and settings\b\Application Data\ESET 2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-06-03 08:07 . 2010-06-03 08:07 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-03 08:07 . 2010-06-03 08:07 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-22 16:44 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ 2010-06-22 09:40 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-22 06:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ 2010-06-17 20:09 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-06-17 19:01 . 2009-11-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent 2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet 2010-06-10 04:15 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat 2010-06-10 04:15 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat 2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series 2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0 2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype 2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX 2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0 2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert 2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack 2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 12:15 . 2010-04-17 12:15 2 --shatr- c:\windows\winstart.bat 2010-04-17 12:14 . 2010-04-17 12:14 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-04-17 12:14 . 2010-04-17 12:14 34952 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll 2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp . ((((((((((((((((((((((((((((( SnapShot@2010-06-16_09.25.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2010-06-22 16:57 . 2010-06-22 16:57 16384 c:\windows\temp\Perflib_Perfdata_3b0.dat + 2010-06-18 17:47 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2010-06-18 17:46 . 2010-06-18 17:46 219648 c:\windows\Installer\6eac5b.msi + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752] "TPSMain"="TPSMain.exe" [2008-02-06 271672] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568] "Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824] "BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416] "ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\hplun.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk \0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] 2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler] 2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-27 11:02 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor] 2010-03-23 14:33 594144 ----a-w- c:\program files\UnHackMe\hackmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ins\\utorrent\\uTorrent-1.6.1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "c:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\uTorrent185\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528] R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592] R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104] R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144] R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640] R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600] R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800] R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416] R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010.06.18. 19:47 135336] R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704] R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?] R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160] R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272] R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328] R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010.04.17. 14:14 34952] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912] R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648] S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456] . . ------- Supplementary Scan ------- . IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-22 19:21 Windows 5.1.2600 Szervizcsomag 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.] "ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3680) c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kilgray\MemoQ\AUClient.exe c:\program files\Kilgray\memoQ40\AUClient.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Raxco\PerfectDisk10\PDEngine.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\TPSMain.exe c:\windows\system32\thpsrv.exe c:\windows\system32\igfxext.exe c:\program files\Jetico\BestCrypt\BCResident.exe c:\windows\system32\TPSBattM.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe . ************************************************************************ . Completion time: 2010-06-22 19:24:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-22 17:24 ComboFix2.txt 2010-06-16 09:27 Pre-Run: 3 996 741 632 bájt szabad Post-Run: 3 921 580 032 bájt szabad - - End Of File - - 3999D78EE1CFAE24BE3056E0722B8C49 stell írta: olvasd el figyelmesen hogy irtam le es csinald meg megegyszer a combofixel a CFScript.txt es adig varjal meg nem add logot a minitora,aztan tedd ide a tartalmat. A NOD kituno Antivirus,,tehat jobbat nem tudok ajanlani,,a virus irto nem arra van hogy ismeretlen virusokat keres a gepen,hanem arra hogy vedje a gepet az ismert virusoktol,,ha kitisztitsuk akkor majd vissza rakod,,de nem valami crackolt de legalisat,,ha ingyeneset akkor az Avastot,,,Unhackme,,ezek specialis szoftwerek ,ezert irom hogy felesleges ossze vissza futtatni minden fele programokat,antivirusokat,anti rootkiteket,,mert itt is ugy van mint az orvosnal,,minden betegsegre mast kell hasznalni,,ok Megjedzes:: adig nenyuljal a gephez meg kinem nyilik a jedzettomb a monitoron,mert te felbeszakitotad a torlest es kimasoltad a parancssorbol [kek ablakbol ami oda volt irva],,de hogy hogyan ezt nem tudom.
szer. jún. 23, 2010 8:03

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	Re: Vírus vagy mi lehet??? nbela írta: ... Igen, ezt mindig leírod. Én is mindig válaszolok rá, hogy nekem meg semmi bajom a töréssel ... Szemed mint a sasé. Én kétszer próbáltam meg (régebben), mind a kétszer belehalt. Vagy nem frisstett, vagy kiírta hogy próbaverzió és a teljes verzióhoz meg kell venni. Szóval leszedtem, azóta nincs gondom. Neked valami más (jó) megoldásod lehet. A Serial-t csak meg kell adni, és kész. Vannak oldalak, ahol mindig lehet találni, a NOD32view-val pedig le lehet ellenőrizni, tárolni, stb. Amióta megszívtam, semmi olyat nem futtatok, aminél a Virustotal bejelez. Vagy nagyon megnézem, melyik víruskereső, és mit jelez.
szomb. jún. 19, 2010 14:34

nbela gyémánt tag Csatlakozott: pén. aug. 06, 2004 22:20 Hozzászólások: 3578 Tartózkodási hely: Miskolc	Re: Vírus vagy mi lehet??? Laci_L írta: Nem szabad semmiféle Crack-et használni a NOD-hoz, mert hazavágja, védtelenné teszi, mert a Crack is vírus!! Igen, ezt mindig leírod. Én is mindig válaszolok rá, hogy nekem meg semmi bajom a töréssel: http://forum.terminal.hu/viewtopic.php?p=945028#p945028 Idézet: Kotorásztam utána a neten, de nem találtam bizonyított ártó működést. Ha valaki tud ilyen infót, írja meg és rögtön le is szedem. Nekem eddig nincs vele semmi bajom...
szomb. jún. 19, 2010 12:20

Laci_L a fórum lelke Csatlakozott: szer. márc. 24, 2004 13:43 Hozzászólások: 11960 Tartózkodási hely: Budapest, Solymár	Re: Vírus vagy mi lehet??? stell írta: ... A NOD kituno Antivirus ... de nem valami crackolt de legalisat ... Abszolút így van. Nem szabad semmiféle Crack-et használni a NOD-hoz, mert hazavágja, védtelenné teszi, mert a Crack is vírus!! Ha nem veszi meg a User, lehet a Neten találni legális Serialt. Csak keresni kell (vagy pü). Avval nem lesz gond.
szomb. jún. 19, 2010 8:54

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? olvasd el figyelmesen hogy irtam le es csinald meg megegyszer a combofixel a CFScript.txt es adig varjal meg nem add logot a minitora,aztan tedd ide a tartalmat. A NOD kituno Antivirus,,tehat jobbat nem tudok ajanlani,,a virus irto nem arra van hogy ismeretlen virusokat keres a gepen,hanem arra hogy vedje a gepet az ismert virusoktol,,ha kitisztitsuk akkor majd vissza rakod,,de nem valami crackolt de legalisat,,ha ingyeneset akkor az Avastot,,,Unhackme,,ezek specialis szoftwerek ,ezert irom hogy felesleges ossze vissza futtatni minden fele programokat,antivirusokat,anti rootkiteket,,mert itt is ugy van mint az orvosnal,,minden betegsegre mast kell hasznalni,,ok Megjedzes:: adig nenyuljal a gephez meg kinem nyilik a jedzettomb a monitoron,mert te felbeszakitotad a torlest es kimasoltad a parancssorbol [kek ablakbol ami oda volt irva],,de hogy hogyan ezt nem tudom.
pén. jún. 18, 2010 19:52

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? Koszonom, az unhack me nem talal semmi gyanusat. milyen virusirtot tegyek fel, mert mar a nod-ot is leturtam? itt megy a log: Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double Completed Stage_1 Completed Stage_2 Completed Stage_3 Completed Stage_4 Completed Stage_5 Completed Stage_6 Completed Stage_6A Completed Stage_7 Completed Stage_8 Completed Stage_9 Completed Stage_10 Completed Stage_11 Completed Stage_12 Completed Stage_13 Completed Stage_14 Completed Stage_15 Completed Stage_16 Completed Stage_17 Completed Stage_18 Completed Stage_19 Completed Stage_19B Completed Stage_20 Completed Stage_21 Completed Stage_22 Completed Stage_23 Completed Stage_24 Completed Stage_25 Completed Stage_26 Completed Stage_27 Completed Stage_28 Completed Stage_29 Completed Stage_30 Completed Stage_31 Completed Stage_32 Completed Stage_32A Completed Stage_33 Completed Stage_34 Completed Stage_35 Completed Stage_36 Completed Stage_37 Completed Stage_38 Completed Stage_39 Completed Stage_40 Completed Stage_41 Completed Stage_42 Completed Stage_43 Completed Stage_44 Completed Stage_45 Completed Stage_46 Completed Stage_47 Completed Stage_48 Completed Stage_49 Completed Stage_50 Deleting Files: c:\windows\system32\drivers\hidpp.sys c:\windows\Tasks\WGASetup.job
pén. jún. 18, 2010 18:41

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. Kód: KILLALL:: File:: c:\windows\system32\drivers\hidpp.sys c:\windows\Tasks\WGASetup.job Driver:: ltzklvlc ethewlwj ethhetaa ethjtdvv ethnzesu ethoikjz ethptxyw ethvdnea kxuyua hidpp Rootkit:: c:\windows\system32\drivers\ethewlwj.sys c:\windows\system32\drivers\ethhetaa.sys c:\windows\system32\drivers\ethjtdvv.sys c:\windows\system32\drivers\ethnzesu.sys c:\windows\system32\drivers\ethoikjz.sys c:\windows\system32\drivers\ethptxyw.sys c:\windows\system32\drivers\ethvdnea.sys
pén. jún. 18, 2010 8:46

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? Koszonom a valaszt: - AVG-t lepusztitottam, Kaspersky nincs, Eset van, de azt nem merem torolni. - a virustotalba bemasolni nem lehet, csak a tallozason keresztul. Az elso TC-ben 0.5 mb-s file a feltoltresre, mozgatasra, barmire 'nincs meg a file' uzenetet kuldd. A masodik kettot nem lehet latni, rejtett fileok engedelyezesevel sem. Mindekozben az unhackme 6-7 ilyen eth*.sys filet sorol fel mint potencialisan gyanusat. hogyan tovabb? stell írta: Ossze vissza futtatad a Kasperskyt,AVG-t-es tele szemetelted a rendszert a driverjokel Szed le a geprol az AVG-t,Kasperskyt, Teszteld le http://www.virustotal.com ezeket a linket a tesztrol tedd ide,,,nem muszaj keresni csak masold majd be az ablakba es kuldod az alaomanyt c:\windows\system32\drivers\hidpp.sys c:\windows\system32\drivers\ethewlwj.sys c:\windows\system32\drivers\ethvdnea.sys
csüt. jún. 17, 2010 21:19

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Ossze vissza futtatad a Kasperskyt,AVG-t-es tele szemetelted a rendszert a driverjokel Szed le a geprol az AVG-t,Kasperskyt, Teszteld le www.virustotal.com ezeket a linket a tesztrol tedd ide,,,nem muszaj keresni csak masold majd be az ablakba es kuldod az alaomanyt c:\windows\system32\drivers\hidpp.sys c:\windows\system32\drivers\ethewlwj.sys c:\windows\system32\drivers\ethvdnea.sys
csüt. jún. 17, 2010 7:21

atv72 vas-tag Csatlakozott: vas. jún. 13, 2010 22:41 Hozzászólások: 9	Re: Vírus vagy mi lehet??? Köszönet előre is. Itt megy a log file: --- ComboFix 10-06-15.03 - b 010.06.16. 11:22:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1319 [GMT 2:00] Running from: c:\documents and settings\b\Asztal\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ESET Smart Security 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\b\Application Data\avdrn.dat c:\documents and settings\b\Application Data\inst.exe c:\windows\wiaservim.log . ((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 ))))))))))))))))))))))))))))))) . 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit 2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro 2010-06-13 16:26 . 2010-06-13 16:26 -------- d-----w- c:\documents and settings\b\Local Settings\Application Data\ESET 2010-06-13 15:17 . 2010-06-13 15:17 -------- d-----w- c:\documents and settings\b\Application Data\ESET 2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\program files\ESET 2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-06-03 08:07 . 2010-06-03 08:07 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-03 08:07 . 2010-06-03 08:07 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-16 09:25 . 2010-04-16 06:04 586240 ----a-w- c:\windows\system32\drivers\hidpp.sys 2010-06-16 07:09 . 2009-11-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-16 07:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ 2010-06-15 06:54 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-14 14:41 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ 2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent 2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet 2010-06-10 04:15 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat 2010-06-10 04:15 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat 2010-06-03 08:06 . 2008-12-07 18:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 08:06 . 2008-12-07 18:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard 2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series 2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0 2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype 2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX 2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0 2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert 2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack 2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-17 17:33 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-04-17 12:42 . 2010-04-17 12:14 -------- d-----w- c:\program files\UnHackMe 2010-04-17 12:15 . 2010-04-17 12:15 2 --shatr- c:\windows\winstart.bat 2010-04-17 12:14 . 2010-04-17 12:14 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-04-17 12:14 . 2010-04-17 12:14 34952 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll 2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-23 14:34 . 2010-04-17 12:14 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752] "TPSMain"="TPSMain.exe" [2008-02-06 271672] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568] "Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824] "BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416] "ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-13 07:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\hplun.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk \0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY] 2010-06-03 08:07 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] 2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler] 2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-27 11:02 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor] 2010-03-23 14:33 594144 ----a-w- c:\program files\UnHackMe\hackmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\ins\\utorrent\\uTorrent-1.6.1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "c:\\Program Files\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\uTorrent185\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008.12.07. 20:52 216200] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008.12.07. 20:52 242896] R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592] R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104] R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144] R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640] R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600] R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.14. 15:47 107256] R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416] R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010.03.13. 9:16 308064] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009.05.14. 15:47 731840] R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704] R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?] R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?] R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160] R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272] R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328] R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010.04.17. 14:14 34952] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912] R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000] S0 ltzklvlc;ltzklvlc; [x] S1 ethewlwj;ethewlwj;c:\windows\system32\drivers\ethewlwj.sys --> c:\windows\system32\drivers\ethewlwj.sys [?] S1 ethhetaa;ethhetaa;c:\windows\system32\drivers\ethhetaa.sys --> c:\windows\system32\drivers\ethhetaa.sys [?] S1 ethjtdvv;ethjtdvv;c:\windows\system32\drivers\ethjtdvv.sys --> c:\windows\system32\drivers\ethjtdvv.sys [?] S1 ethnzesu;ethnzesu;c:\windows\system32\drivers\ethnzesu.sys --> c:\windows\system32\drivers\ethnzesu.sys [?] S1 ethoikjz;ethoikjz;c:\windows\system32\drivers\ethoikjz.sys --> c:\windows\system32\drivers\ethoikjz.sys [?] S1 ethptxyw;ethptxyw;c:\windows\system32\drivers\ethptxyw.sys --> c:\windows\system32\drivers\ethptxyw.sys [?] S1 ethvdnea;ethvdnea;c:\windows\system32\drivers\ethvdnea.sys --> c:\windows\system32\drivers\ethvdnea.sys [?] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648] S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416] S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456] S4 kxuyua;kxuyua; [x] --- Other Services/Drivers In Memory --- Deregistered* - hidpp . Contents of the 'Scheduled Tasks' folder 2010-06-13 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-15 20:18] . . ------- Supplementary Scan ------- . IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-16 11:25 Windows 5.1.2600 Szervizcsomag 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.] "ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidpp] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1692) c:\windows\system32\hplun.dll c:\windows\system32\cscdll.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(1748) c:\windows\system32\hplun.dll . Completion time: 2010-06-16 11:27:16 ComboFix-quarantined-files.txt 2010-06-16 09:27 Pre-Run: 2 990 891 008 bájt szabad Post-Run: 4 247 769 088 bájt szabad WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /noexecute=optin /fastdetect - - End Of File - - 543725EFFF20AA3E99DB158F37C49111 -- stell írta: Igen a geped tele van rootkitel meg trojaval,ezert rogton futtatod a combofixet,es megengeded neki feltelepiteni a javito konzolat,,a logjat majd tedd ide, http://virus-stell.blogspot.com/2010/04/combofix.html
szer. jún. 16, 2010 15:44

stell a fórum lelke Csatlakozott: vas. jún. 24, 2007 10:18 Hozzászólások: 6679 Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,	Re: Vírus vagy mi lehet??? Igen a geped tele van rootkitel meg trojaval,ezert rogton futtatod a combofixet,es megengeded neki feltelepiteni a javito konzolat,,a logjat majd tedd ide, http://virus-stell.blogspot.com/2010/04/combofix.html
hétf. jún. 14, 2010 15:41
Hozzászólások megjelenítése: Rendezés

Oldal: 9 / 35

[ 1736 hozzászólás ]

Oldal Előző 1 ... 6, 7, 8, 9, 10, 11, 12 ... 35 Következő

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 1 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség