Erre már van topic. A folytatást oda
Lakat.

Hali nekem nod32 van fen és mindig ijen norton virusirto jön be amikor felse raktam tudna vki segiteni? it egy combofix log

ComboFix 09-04-18.05 - xy 009.04.19. 18:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.1015.582 [GMT 2:00]
Running from: c:\documents and settings\xy\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus System 2.70 *On-access scanning enabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-17 20:01 . 2009-04-17 20:09 -------- d-----w c:\windows\system32\Adobe
2009-04-11 16:47 . 2009-04-11 16:47 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-03-26 14:20 . 2009-03-26 14:20 2321536 ----a-w c:\windows\system32\TUKernel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 16:00 . 2009-04-18 10:51 -------- d-----w c:\program files\Norton Security Scan
2009-04-19 12:45 . 2008-12-06 10:02 301333 ----a-w C:\MDL 2.0 Debug.txt
2009-04-18 17:33 . 2008-11-28 20:12 -------- d-----w c:\documents and settings\xy\Application Data\gtk-2.0
2009-04-18 16:43 . 2008-11-28 19:59 -------- d-----w c:\documents and settings\xy\Application Data\PhotoLine
2009-04-18 10:51 . 2009-04-18 10:51 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-18 08:10 . 2009-02-09 20:27 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-04-18 08:10 . 2009-02-09 20:27 -------- d-----w c:\documents and settings\xy\Application Data\Spyware Terminator
2009-04-18 08:10 . 2009-02-09 20:27 -------- d-----w c:\program files\Spyware Terminator
2009-04-17 20:31 . 2008-11-26 21:06 -------- d-----w c:\documents and settings\xy\Application Data\Free Download Manager
2009-04-17 16:36 . 2008-11-29 20:52 -------- d-----w c:\documents and settings\xy\Application Data\LimeWire
2009-04-12 15:00 . 2008-11-26 20:59 -------- d-----w c:\program files\MessengerDiscovery
2009-04-11 16:49 . 2008-11-26 21:09 -------- d-----w c:\program files\Eset
2009-04-11 16:47 . 2008-11-26 21:09 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-04-11 16:47 . 2008-11-26 21:09 298104 ----a-w c:\windows\system32\imon.dll
2009-04-09 06:04 . 2008-12-26 12:55 268 ---ha-w C:\sqmdata04.sqm
2009-04-09 06:04 . 2008-12-26 12:55 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-02 13:58 . 2008-11-26 19:48 -------- d-----w c:\program files\Java
2009-04-02 13:58 . 2001-10-26 11:00 398800 ----a-w c:\windows\system32\perfh00E.dat
2009-04-02 13:58 . 2001-10-26 11:00 85576 ----a-w c:\windows\system32\perfc00E.dat
2009-03-30 19:00 . 2008-11-26 21:00 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-25 17:32 . 2008-12-26 12:53 268 ---ha-w C:\sqmdata03.sqm
2009-03-25 17:32 . 2008-12-26 12:53 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-24 18:21 . 2009-03-02 14:58 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-24 18:21 . 2009-03-02 14:58 -------- d-----w c:\program files\DVDVideoSoft
2009-03-11 15:10 . 2008-12-26 10:24 268 ---ha-w C:\sqmdata02.sqm
2009-03-11 15:10 . 2008-12-26 10:24 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-11 13:27 . 2008-12-26 10:09 172 ---ha-w C:\sqmnoopt01.sqm
2009-03-11 13:27 . 2008-12-26 10:09 172 ---ha-w C:\sqmdata01.sqm
2009-03-11 10:56 . 2008-12-11 15:22 268 ---ha-w C:\sqmdata00.sqm
2009-03-11 10:56 . 2008-12-11 15:22 244 ---ha-w C:\sqmnoopt00.sqm
2009-03-09 03:19 . 2008-11-26 19:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 15:44 . 2009-03-06 15:44 -------- d-----w c:\documents and settings\xy\Application Data\Malwarebytes
2009-03-06 15:44 . 2009-03-06 15:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-06 15:44 . 2009-03-06 15:44 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 22:47 . 2008-11-26 20:44 -------- d-----w c:\documents and settings\xy\Application Data\uTorrent
2009-02-24 15:14 . 2009-02-24 15:14 268 ---ha-w C:\sqmdata19.sqm
2009-02-24 15:14 . 2009-02-24 15:14 244 ---ha-w C:\sqmnoopt19.sqm
2009-02-24 13:47 . 2009-02-24 13:47 172 ---ha-w C:\sqmnoopt18.sqm
2009-02-24 13:47 . 2009-02-24 13:47 172 ---ha-w C:\sqmdata18.sqm
2009-02-24 12:40 . 2009-02-24 12:40 268 ---ha-w C:\sqmdata17.sqm
2009-02-24 12:40 . 2009-02-24 12:40 244 ---ha-w C:\sqmnoopt17.sqm
2009-02-23 12:24 . 2009-02-23 12:24 172 ---ha-w C:\sqmnoopt16.sqm
2009-02-23 12:24 . 2009-02-23 12:24 172 ---ha-w C:\sqmdata16.sqm
2009-02-23 11:36 . 2009-02-23 11:36 268 ---ha-w C:\sqmdata15.sqm
2009-02-23 11:36 . 2009-02-23 11:36 244 ---ha-w C:\sqmnoopt15.sqm
2009-02-21 19:46 . 2008-11-26 19:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 19:20 . 2009-02-21 19:19 -------- d-----w c:\program files\Maxis
2009-02-21 19:04 . 2008-11-26 20:03 -------- d-----w c:\program files\Common Files\Adobe
2009-02-09 14:19 . 2002-09-20 15:41 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:29 . 2009-02-09 11:29 268 ---ha-w C:\sqmdata14.sqm
2009-02-09 11:29 . 2009-02-09 11:29 268 ---ha-w C:\sqmdata13.sqm
2009-02-09 11:29 . 2009-02-09 11:29 244 ---ha-w C:\sqmnoopt14.sqm
2009-02-09 11:29 . 2009-02-09 11:29 244 ---ha-w C:\sqmnoopt13.sqm
2009-02-08 09:26 . 2009-02-08 09:26 268 ---ha-w C:\sqmdata12.sqm
2009-02-08 09:26 . 2009-02-08 09:26 244 ---ha-w C:\sqmnoopt12.sqm
2009-01-24 17:19 . 2009-01-24 17:19 268 ---ha-w C:\sqmdata11.sqm
2009-01-24 17:19 . 2009-01-24 17:19 244 ---ha-w C:\sqmnoopt11.sqm
2009-01-24 11:36 . 2009-01-24 11:36 172 ---ha-w C:\sqmnoopt10.sqm
2009-01-24 11:36 . 2009-01-24 11:36 172 ---ha-w C:\sqmdata10.sqm
2009-01-24 11:12 . 2009-01-24 11:12 268 ---ha-w C:\sqmdata09.sqm
2009-01-24 11:12 . 2009-01-24 11:12 244 ---ha-w C:\sqmnoopt09.sqm
2009-01-24 11:09 . 2009-01-24 11:09 172 ---ha-w C:\sqmnoopt08.sqm
2009-01-24 11:09 . 2009-01-24 11:09 172 ---ha-w C:\sqmdata08.sqm
2009-01-24 10:53 . 2009-01-24 10:53 268 ---ha-w C:\sqmdata07.sqm
2009-01-24 10:53 . 2009-01-24 10:53 244 ---ha-w C:\sqmnoopt07.sqm
2008-12-13 09:59 . 2008-11-26 19:02 44312 ----a-w c:\documents and settings\xy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_08.18.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 08:16 . 2009-04-19 08:16 16384 c:\windows\Temp\Perflib_Perfdata_520.dat
+ 2009-04-18 10:51 . 2009-04-18 10:51 29184 c:\windows\Installer\{6FF543AB-99B3-4120-902C-70A38314ABD8}\Icon3FADAA191.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-11-26 190024]
"EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-10 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\programok\QuickTime\qttask.exe" [2008-11-26 98304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-11 949376]
"COMODO Firewall Pro"="c:\programok\Comodo\Firewall\CPF.exe" [2008-11-28 1115728]
"Adobe Reader Speed Launcher"="c:\programok\Adobe Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programok\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programok\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-04-11 15424]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-02-09 141312]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]

.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\Norton Security Scan for xy.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.hu/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: Az összes letöltése Free Download Managerrel - file://c:\programok\Free Download Manager\dlall.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Kijelölés letöltése Free Download Managerrel - file://c:\programok\Free Download Manager\dlselected.htm
IE: Letöltés Free Download Managerrel - file://c:\programok\Free Download Manager\dllink.htm
IE: Video letöltése a Free Download Manager-rel - file://c:\programok\Free Download Manager\dlfvideo.htm
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xy\Application Data\Mozilla\Firefox\Profiles\13d0ih1o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.hu
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - component: c:\programok\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\programok\Adobe Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programok\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 18:09
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8210B744-3BCC-7A8F-75B2-5FA361F428D2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oanlglnobdjdgpnahngnbhhnmgdkfo"=hex:6b,61,6a,67,6b,69,68,66,6b,64,63,6e,6c,6e,
6e,66,64,63,65,6f,67,69,00,00
"nahlalaohcknchpkjmnonldcgbdp"=hex:6b,61,6a,67,6b,69,68,66,6b,64,63,6e,6c,6e,
6e,66,64,63,65,6f,67,69,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2508)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-19 18:12
ComboFix-quarantined-files.txt 2009-04-19 16:11

Pre-Run: 12 613 591 040 bájt szabad
Post-Run: 12 642 758 656 bájt szabad

205 --- E O F --- 2009-03-11 21:23