ok,csinald vegig mert it ezen a gepen ugy nez ki hogy a halozati bealitasal van problem,es majd ird meg
jo ejt,

holnap végigjátszom, mer már a gyerek sztrájkol..

Köszönöm a segítséget!
Jóccakát!

ok,nyisd masik gepen es csinald vegig azt ami oda van irva,

a support oldalt nem tudom azon a gépen megnyitni..

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
AviraAntiVirPersonal-FreeAntivirus
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
HijackThis 2.0.2
Java(TM) 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Scan took 158431 seconds.
`````````End of Log```````````

ok meg lefutatod ezt a programot
http://screen317.spywareinfoforum.org/SecurityCheck.exe
checkup.txt-ted ide,
aztan csinald vegig eztet mert ugy nez ki hogy ez mar halozati hiba,
kezd inen
http://support.microsoft.com/?scid=kb%3 ... &x=10&y=12

En is ma mar vegzek,

nem indul még mindig....

részemről lehet, hogy mára feladom. holnapig töltsek le valamit?

Köszi a segítséget!
M.

tolds le ezt a programot futasd le restart-kiprobalni
http://go.microsoft.com/?linkid=9668866

nem indítja el.

start-futatas ted be ezt a parancsot es probald nyitni a terminal forumot

firefox.exe -safe-mode

es ted ide azt a bank linket amit nemtudsz nyitni,

az ie nem tudja megjeleníteni a weblapot... ez is.

cím nem található a firefox nem találja a kiszolgálót a ....helyen
érvénytelen cím - internet explorer

milyen hibat ir ki,,se a FireFoxon nemmegy a terminal??

nem tudom mi a különbség, de a google oldalak, az iwiw, a freemail megy a bankok oldala, a terminal forum nem megy..

de valamilyen oldal megyen e??es mit ir ki ,mijen hibat??

böngészőknél ugyanaz a helyzet, egyiken sem megy például a bank

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\39971b0399296b2ae3757a3bd83da430\BITB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\3d4166983758b672d34d1e7b5bf2955a\BIT41C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\461ba2f833767cfaf442d75215f97a73\BITA.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\70eb489d87fa57ecb22296f81a9fcf00\BITC.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\7c256c7891b426fed1ba46f304fb83fe\BIT46.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\9dbc701d0dfb46d11629c0cb0d264226\BIT41F.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b961d997117bfc4d0ac2ab202ece2aa4\BIT9.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c4d5bbdc723df0ce078668e6ddbb20d0\BIT41D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c6abe233428d63b5c34d20f080b5f918\BIT41A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\e8ae269d8f02a3a0377e0436a1847b5e\BIT41B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\fa0020e49e39427a7fc867772e97dc3f\BIT41E.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
Folder move failed. C:\WINDOWS\system32\Sys scheduled to be moved on reboot.
C:\Program Files\Common Files\Panda Software moved successfully.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
File/Folder C:\DOCUME~1\TULAJD~1\LOCALS~1\Temp\mbr.sys not found.
========== SERVICES/DRIVERS ==========

Service\Driver mbr deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\TULAJD~1\LOCALS~1\Temp\~DFF9F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tulajdonos\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d8c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06142009_213057

http://oldtimer.geekstogo.com/OTM.exe
letoltod az OTMOVEIT programot-futatod es az ablakba masold be a piros[zold]textet.
es klik MOVEIT a restart utan ad logot ted ide,es probald ki a bongeszoket

root log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/14 20:56
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000047
Image Path: \Driver\00000047
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAACC9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF89A2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA3B4000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-2745DDD5.pf
Status: Visible to the Windows API, but not on disk.

Path: c:\program files\mobile partner\log\atrecord.txt
Status: Size mismatch (API: 849063, Raw: 848923)

Path: c:\program files\mobile partner\log\callbalk_trace.txt
Status: Size mismatch (API: 495969, Raw: 495818)

Processes
-------------------
Path: C:\WINDOWS\system32\Sys\lan.exe
PID: 1828 Status: Hidden from the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8b3939e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8b39394

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8b393a3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8b393ad

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf82a084e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf82a0bee

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8b393b2

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf829b090

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8b39380

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8b39385

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf82a0cc6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf82a0b46

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8b393bc

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8b393b7

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8b393a8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8b3938f

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x821db1d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x81957980 Size: 463

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_READ]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_WRITE]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: Udfsȅఅ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x81d21438 Size: 147

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x821dc1d8 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x81e6d2f8 Size: 193

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x81e18980 Size: 228

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x81fa91d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x81fe21d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8216c1d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x81d70980 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x81fb51d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x81eaf980 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_CREATE]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_CLOSE]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_READ]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_CLEANUP]
Process: System Address: 0x81ed9490 Size: 463

Object: Hidden Code [Driver: Cdfsȅ
䵃ȁఅ瑎獆鏐
, IRP_MJ_PNP]
Process: System Address: 0x81ed9490 Size: 463

==EOF==

a két rsit log:

info.txt logfile of random's system information tool 1.06 2009-06-14 11:16:06

======Uninstall list======

-->.
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems AC'97 Modem-->agrsmdel
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
HijackThis 2.0.2-->"G:\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Wireless Assistant 1.01 B2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0xe hpquninst
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
K-Lite Mega Codec Pack 1.64-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040E-6000-11D3-8CFE-0150048383C9}
Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Panda Antivirus + Firewall 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.exe" -l0x9 -removeonly
PC Camera E-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5ACAFB32-6336-4304-9766-B233ACEC0A8F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
Total Commander (Remove or Repair)-->c:\Program Files\Totalcmd\tcuninst.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB938127-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB950759-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB953838-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB956390-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB958215-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB960714-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB961260-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 biztonsági frissítés - KB963027-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 gyorsjavítás - KB947864-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Player 6.4 Biztonsági frissítés (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows Media Player 9 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB890046-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB893756-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896358-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896423-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896428-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB899587-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB899591-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB900725-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901017-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901190-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901214-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB902400-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB905414-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB905749-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB908519-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB911562-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB911927-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB913580-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB914388-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB914389-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB918118-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB918439-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB919007-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920213-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920670-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920683-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920685-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB922819-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923191-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923414-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923561-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923980-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924270-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924496-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924667-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB925902-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB926255-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB926436-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB927779-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB927802-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB928255-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB928843-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB929123-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB930178-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB931261-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB931784-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB932168-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB933729-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB935839-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB935840-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB936021-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938127-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938464-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941202-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941568-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941644-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941693-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB943055-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB943460-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB943485-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB944338-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB944653-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB945553-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB946026-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB946648-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB947864-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB948590-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB948881-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950749-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950760-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950762-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB950974-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951066-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951376-v2-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951698-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB951748-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952004-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB952954-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB953839-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954211-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB954600-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB955069-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956391-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956572-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956802-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956803-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB956841-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957095-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB957097-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958644-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958687-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB958690-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB959426-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960225-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960715-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB960803-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB961373-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP frissítés - KB894391-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP frissítés - KB898461-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows XP frissítés - KB900485-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Windows XP frissítés - KB904942-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Windows XP frissítés - KB908531-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows XP frissítés - KB910437-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Windows XP frissítés - KB911280-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows XP frissítés - KB916595-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Windows XP frissítés - KB920872-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Windows XP frissítés - KB922582-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows XP frissítés - KB927891-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP frissítés - KB930916-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Windows XP frissítés - KB932823-v3-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows XP frissítés - KB936357-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Windows XP frissítés - KB938828-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Windows XP frissítés - KB942763-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Windows XP frissítés - KB951072-v2-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows XP frissítés - KB955839-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows XP frissítés - KB967715-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB952287-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Panda Antivirus + Firewall 2007 (disabled)
FW: Panda Antivirus 2007 Personal Firewall (disabled)

======System event log======

Computer Name: NEMES
Event Code: 7035
Message: A(z) IMAPI CD-égető COM-szolgáltatás szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 12283
Source Name: Service Control Manager
Time Written: 20090330210854.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

Computer Name: NEMES
Event Code: 2800
Message: Antivirus file system filter driver was started successfully.

For more information goto: http://www.pandasoftware.com/support.


Record Number: 12282
Source Name: PAVDRV
Time Written: 20090330210851.000000+120
Event Type: információ
User:

Computer Name: NEMES
Event Code: 7036
Message: A(z) SSDP keresőszolgáltatás szolgáltatás állapota: "fut".

Record Number: 12281
Source Name: Service Control Manager
Time Written: 20090330210847.000000+120
Event Type: információ
User:

Computer Name: NEMES
Event Code: 7035
Message: A(z) SSDP keresőszolgáltatás szolgáltatásnak sikeresen el lett küldve a(z) indítás vezérlő.

Record Number: 12280
Source Name: Service Control Manager
Time Written: 20090330210846.000000+120
Event Type: információ
User: NT AUTHORITY\SYSTEM

Computer Name: NEMES
Event Code: 7036
Message: A(z) Távelérési csatlakozáskezelő szolgáltatás állapota: "fut".

Record Number: 12279
Source Name: Service Control Manager
Time Written: 20090330210845.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: NEMES
Event Code: 0
Message:
Record Number: 4256
Source Name: PNMSRV
Time Written: 20090607084412.000000+120
Event Type: információ
User:

Computer Name: NEMES
Event Code: 4000
Message: The Panda Anti-virus Service has started successfully.

Record Number: 4255
Source Name: Sentinel
Time Written: 20090607084408.000000+120
Event Type: információ
User:

Computer Name: NEMES
Event Code: 1524
Message: A Windows nem tudja eltávolítani a memóriából az osztályregisztrációs fájlt, mivel azt más alkalmazások vagy szolgáltatások használják. A fájl csak akkor távolítható el, ha már nincs használatban.



Record Number: 4254
Source Name: Userenv
Time Written: 20090605210530.000000+120
Event Type: figyelmeztetés
User: NEMES\Tulajdonos

Computer Name: NEMES
Event Code: 1517
Message: A Windows mentette NEMES\Tulajdonos felhasználó rendszerleíró adatbázisát, mert azt a kijelentkezés közben egy másik alkalmazás vagy szolgáltatás is használta. A felhasználó rendszerleíró adatbázisa által használt memória nem lett felszabadítva. A rendszerleíró adatbázis akkor lesz eltávolítva, amikor már nincs használatban.


Ezt a problémát általában felhasználói fiókként futó szolgáltatások okozzák. Próbálja a szolgáltatásokat úgy konfigurálni, hogy a helyi vagy a hálózati szolgáltatásfiókban fussanak.

Record Number: 4253
Source Name: Userenv
Time Written: 20090605210450.000000+120
Event Type: figyelmeztetés
User: NT AUTHORITY\SYSTEM

Computer Name: NEMES
Event Code: 1000
Message: A(z) WmiApRpl szolgáltatás (WmiApRpl) teljesítményszámlálóinak betöltése sikeresen
befejeződött. Az új indexértékeket tartalmazó rekordadat hozzá lett rendelve
a szolgáltatáshoz.

Record Number: 4252
Source Name: LoadPerf
Time Written: 20090605203002.000000+120
Event Type: információ
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tulajdonos at 2009-06-14 20:46:37
Microsoft Windows XP Home Edition Szervizcsomag 2
System drive C: has 3 GB (34%) free of 10 GB
Total RAM: 503 MB (41% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-20 729178]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-14 148888]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2005-04-25 131072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-14 20:46:38 ----D---- C:\Program Files\trend micro
2009-06-14 20:45:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-14 20:45:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-14 20:45:27 ----A---- C:\WINDOWS\system32\java.exe
2009-06-14 20:45:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-14 20:39:29 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\Sun
2009-06-14 18:56:00 ----HDC---- C:\WINDOWS\ie8
2009-06-14 18:55:28 ----D---- C:\Program Files\Google
2009-06-14 18:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-14 18:55:27 ----HD---- C:\WINDOWS\msdownld.tmp
2009-06-14 18:51:44 ----D---- C:\SmitfraudFix
2009-06-14 17:53:49 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-14 17:50:44 ----A---- C:\rapport.txt
2009-06-14 17:48:02 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-14 17:41:11 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\Mozilla
2009-06-14 17:40:55 ----D---- C:\Program Files\Mozilla Firefox
2009-06-14 17:30:59 ----SHD---- C:\RECYCLER
2009-06-14 14:08:53 ----D---- C:\Program Files\Avira
2009-06-14 14:08:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-06-14 12:55:40 ----D---- C:\WINDOWS\temp
2009-06-14 12:55:36 ----A---- C:\ComboFix.txt
2009-06-14 12:50:17 ----A---- C:\WINDOWS\zip.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\SWSC.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\SWREG.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\sed.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\PEV.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-14 12:50:17 ----A---- C:\WINDOWS\grep.exe
2009-06-14 12:50:12 ----SD---- C:\ComboFix
2009-06-14 12:50:12 ----D---- C:\WINDOWS\ERDNT
2009-06-14 12:50:08 ----D---- C:\Qoobox
2009-06-14 11:15:55 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-06-14 20:46:38 ----RD---- C:\Program Files
2009-06-14 20:45:50 ----D---- C:\WINDOWS\Prefetch
2009-06-14 20:45:36 ----SHD---- C:\WINDOWS\Installer
2009-06-14 20:45:34 ----HD---- C:\Config.Msi
2009-06-14 20:45:29 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-06-14 20:45:27 ----D---- C:\WINDOWS\system32
2009-06-14 20:44:36 ----D---- C:\Program Files\Java
2009-06-14 19:22:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-14 19:17:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-14 19:05:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-14 19:02:36 ----D---- C:\WINDOWS
2009-06-14 19:02:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-14 19:02:20 ----D---- C:\WINDOWS\Help
2009-06-14 19:02:20 ----D---- C:\Program Files\Internet Explorer
2009-06-14 18:58:03 ----HD---- C:\WINDOWS\inf
2009-06-14 18:57:41 ----D---- C:\WINDOWS\WBEM
2009-06-14 18:57:41 ----D---- C:\WINDOWS\system32\hu-hu
2009-06-14 18:57:30 ----D---- C:\WINDOWS\Media
2009-06-14 18:35:03 ----A---- C:\WINDOWS\imsins.BAK
2009-06-14 18:35:02 ----D---- C:\WINDOWS\ie7updates
2009-06-14 17:48:33 ----D---- C:\Documents and Settings
2009-06-14 17:36:18 ----D---- C:\Install
2009-06-14 14:09:04 ----D---- C:\WINDOWS\system32\drivers
2009-06-14 14:07:30 ----D---- C:\WINDOWS\WinSxS
2009-06-14 14:07:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-14 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-14 13:26:33 ----D---- C:\Program Files\Common Files\Panda Software
2009-06-14 12:54:18 ----A---- C:\WINDOWS\system.ini
2009-06-14 12:52:41 ----D---- C:\WINDOWS\AppPatch
2009-06-14 12:52:37 ----D---- C:\Program Files\Common Files
2009-06-13 21:40:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-09 19:28:48 ----SHD---- C:\WINDOWS\system32\Sys
2009-06-08 23:18:00 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\Skype
2009-06-08 21:38:42 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\skypePM
2009-05-24 07:53:45 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-14 28520]
R1 WmiAcpi;Microsoft Windows ACPI kezelő felület; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 CmBatt;Microsoft ACPI vezérlési módú telep illesztőprogramja; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-07-05 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-20 190400]
R3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB nyílt állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
S3 catchme;catchme; \??\C:\DOCUME~1\TULAJD~1\LOCALS~1\Temp\catchme.sys []
S3 hidusb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\TULAJD~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 usbaudio;USB audio-illesztőprogram (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-14 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-14 185089]
R2 hpqddsvc;HP CUE DeviceDiscovery szolgáltatás; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-14 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-03-04 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


A többit is csinálom...

klassz.... már a firefox sem megy...
ok,nyugodtan csinald meg mindent amit irtam,utana>>
Megnezuk a Rootkitokat
letoltod a Rootrepeal programot
http://rootrepeal.googlepages.com/RootRepeal.zip
futatod-RootRepeal.exe-klik-Report-klik -Scan-bepipazod-Select ALL-klik OK>>a scan utan klik-Save Report es a logot ted ide..

1000 bocsiiii!
CSinálom!!!

miert nemcsinalod aztat amit irok
1:meg mindig a regi java van febt C:\Program Files\Java\jre1.5.0\
eztet irtam


2:Aztat irtam hogy futasd aaz RSIT programot megegyszer es add a talcara is logot info.txt es a monitora log.txt ted ide
mind a 2-tot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:51, on 2009/6/14
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Stell\RSIT.exe
G:\Stell\RSIT.exe
G:\Tulajdonos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Service ... mplcache=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: HP Vágókönyv - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligens kijelölés - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F45B7D4D-2CCD-42C5-BFA4-4CF0C7E8D064}: NameServer = 193.225.153.17 194.149.0.157
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5940 bytes

futasd megegyszer az RSIT programot>>le az Talcara ad logot info.txt ted ide.

klassz.... már a firefox sem megy...

neeeeeem

megpróbáltam felmenni a bank honlapjára és nem éri el. a google, iwiw, freemail megy a forum.terminal nem. ???
valami szervereket nem enged? vagy miiiii????

Köszi

igen volt

Igen most akor mar mukszik az IE-is-mert frisiteted,igen??

SmitFraudFix v2.422

Scan done at 19:10:16,07, V 2009/06/14
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [verzi˘sz m: 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Az ie még mindig nem vette be a többi oldalt, a firefoxnak sikerült.
most frissítem az ie-t, mert apósom azt szokta meg..

Volt valaki a gépben, vagy csak el lett valami állítva?

Köszi!!

G:\Stell\SmitfraudFix
a smitfraud programot egyenesen a C:\meghajtora kel tened es inen futatnod,,okes
csinald meg a tobbi lepest is es ird le mi a helyzet,

SmitFraudFix v2.422

Scan done at 17:50:44,62, V 2009/06/14
Run from G:\Stell\SmitfraudFix
OS: Microsoft Windows XP [verzi˘sz m: 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

ez meg a Panda maradeka ha jol nezem
Tolds le a SFF-programot-
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

lemegy csokentet modba>nyisd ki a smitfraudfix mapat-2x-klik-smitfraudfix.cmd>>kivalasztod a [ 2 ]lehetoseget-[enter] yes[enter]...yes..[enter].a gep restartol a windowsban-ted ide az C:\rapport.txt.
start-vezerlo pult-az internet lehetosege-torold ezeket
Temporary Internet Files.
Offline
Cookies Temporary Internet Files
klik-programok>alol klik gomb megujitani a web bealitasat>.ok,,ok,hasznalni
Frisids fel a javat-letoltod ezt a programot
http://mesh.dl.sourceforge.net/sourcefo ... JavaRa.zip
kicsomagolod-futatod-klik-Remove Older Versions>>>>
Utana letoltod az uj javat es feltelepited
Java SE Runtime Environment (JRE) 6 Update 14 - http://java.sun.com/javase/downloads/index.jsp
Kiprobalni es leirni mi a hejzet,

lefuttattam a vírusirtót és az eredmény:


viruses or unwanted programs:
Object:T2007esd_00.exe
Detection: ADSPY/Dropper.Ardamax.Gen

+ repair...

buta kérdés: írjam be a parancssorba.... Hová?

Köszi,

a parancssorba ird be ipconfig /flushdns [enter]
telepitsd fel a Firefoxot,

van olyan oldal ami bejön, van ami nem pl. a bank oldalak nem jönnek be. ???

hm,meg nemtudom van e javulas e ,tehat a helyzetet,lehet a Panda tuzfala is,tehat szedle es ird le mi a helyzet,

Majd rakd fell az AVIRAT
http://www.free-av.com/

OK. leszedem. biztos, ami biztos..

Mit tegyek helyette és szerinted mi okozta a galibát?

van e valami valtozas???
Ez a Panda megvan veve??,mert ha nem akor lekel szedni a geprol mert ez igen gengecske,,

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

és

ComboFix 09-06-13.09 - Tulajdonos 2009/06/14 12:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1038.18.503.211 [GMT 2:00]
Running from: c:\documents and settings\Tulajdonos\Asztal\ComboFix.exe
AV: Panda Antivirus + Firewall 2007 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
FW: Panda Antivirus 2007 Personal Firewall *disabled* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tulajdonos\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus + Firewall 2007.lnk
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-14 09:15 . 2009-06-14 09:16 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:14 . 2004-08-18 12:00 58134 ----a-w- c:\windows\system32\perfc00E.dat
2009-06-14 09:14 . 2004-08-18 12:00 303934 ----a-w- c:\windows\system32\perfh00E.dat
2009-06-14 09:12 . 2008-03-24 16:58 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-06-14 09:10 . 2008-03-24 16:58 192952 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-06-08 21:18 . 2008-11-01 18:50 -------- d-----w- c:\documents and settings\Tulajdonos\Application Data\Skype
2009-06-08 19:38 . 2008-11-01 18:52 -------- d-----w- c:\documents and settings\Tulajdonos\Application Data\skypePM
2009-05-24 06:00 . 2008-03-24 17:43 158847 ----a-w- c:\windows\hpoins14.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2008-03-24 36972]
"APVXDWIN"="c:\program files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" [2006-09-13 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2005-09-27 11:13 45056 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 netflt;Panda Net Driver [NDIS Layer];c:\windows\system32\drivers\netflt.sys [2008/3/24 18:58 141312]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008/3/24 18:58 44544]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008/3/24 18:58 36864]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008/3/24 18:58 9216]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008/3/24 18:58 185472]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\netfltdi.sys [2008/3/24 18:58 103936]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [2008/3/24 18:54 26752]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008/3/24 18:58 23296]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008/3/24 18:58 16256]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008/3/24 18:58 16640]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008/3/24 18:54 165120]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/Service ... mplcache=2
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\panda software\panda antivirus + firewall 2007\pavlsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 12:54
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\avldr.dll
.
Completion time: 2009-06-14 12:55
ComboFix-quarantined-files.txt 2009-06-14 10:55

Pre-Run: 3 037 569 024 bájt szabad
Post-Run: 3 614 887 936 bájt szabad

108 --- E O F --- 2009-05-13 13:41


Köszi

igen
http://www2.gmer.net/mbr/mbr.exe
ted az asztalra-futasd-rogton ad logot ted ide

Szia Stell!

Így gondoltad?

Köszi,
M

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tulajdonos at 2009-06-14 11:15:55
Microsoft Windows XP Home Edition Szervizcsomag 2
System drive C: has 3 GB (29%) free of 10 GB
Total RAM: 503 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:03, on 2009/6/14
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
G:\RSIT.exe
G:\Tulajdonos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Service ... mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Documents and Settings\Tulajdonos\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: HP Vágókönyv - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligens kijelölés - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F45B7D4D-2CCD-42C5-BFA4-4CF0C7E8D064}: NameServer = 193.225.153.17 194.149.0.157
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7577 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-08-24 88363]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-20 729178]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-25 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-25 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-25 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2008-03-24 36972]
"APVXDWIN"=C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE [2006-09-13 311296]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"zzz_ImInstaller_IncrediMail"=C:\Documents and Settings\Tulajdonos\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe [2008-07-22 554208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2005-09-27 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-25 131072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Tulajdonos\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Tulajdonos\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b87c878-07b2-11dd-86aa-847cc2c4554b}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b87c87b-07b2-11dd-86aa-ad7ab1dc4c62}]
shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b87c87c-07b2-11dd-86aa-ad7ab1dc4c62}]
shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3298b650-0667-11dd-86a2-f19353c67d4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3298b651-0667-11dd-86a2-f19353c67d4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507b57ae-065d-11dd-86a1-9d4adf575a4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507b57b1-065d-11dd-86a1-9d4adf575a4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eff59a3-f903-11dc-8681-b3bd80325c48}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eff59a6-f903-11dc-8681-b3bd80325c48}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bed5386-07e9-11dd-86ac-ff836e89274b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b75d182-095d-11dd-86ae-edbf54e0d71b}]
shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b75d183-095d-11dd-86ae-edbf54e0d71b}]
shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d5e7652-07aa-11dd-86a7-f74e4668aef9}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dc6d2a-0740-11dd-86a6-f68345e7db4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5dc6d2d-0740-11dd-86a6-f68345e7db4b}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec421892-f9c1-11dc-8685-001560b081b3}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-06-14 11:15:55 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2009-06-14 11:15:48 ----D---- C:\WINDOWS\Prefetch
2009-06-14 11:15:28 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-06-14 11:14:15 ----D---- C:\WINDOWS\system32
2009-06-14 11:14:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-14 11:12:45 ----D---- C:\WINDOWS\system32\drivers
2009-06-14 11:09:57 ----RD---- C:\Program Files
2009-06-14 11:09:48 ----D---- C:\WINDOWS\Temp
2009-06-13 22:50:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-13 21:47:57 ----HD---- C:\WINDOWS\inf
2009-06-13 21:47:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-13 21:40:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-09 19:28:48 ----SHD---- C:\WINDOWS\system32\Sys
2009-06-08 23:18:00 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\Skype
2009-06-08 21:38:42 ----D---- C:\Documents and Settings\Tulajdonos\Application Data\skypePM
2009-05-24 07:53:45 ----A---- C:\WINDOWS\win.ini
2009-05-24 07:53:44 ----SHD---- C:\WINDOWS\Installer
2009-05-24 07:53:44 ----HD---- C:\Config.Msi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 40320]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 26752]
R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []
R1 WmiAcpi;Microsoft Windows ACPI kezelő felület; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R1 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 16640]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2006-02-22 71552]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-08-24 1268204]
R3 Arp1394;1394 ARP ügyfélprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 CmBatt;Microsoft ACPI vezérlési módú telep illesztőprogramja; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-07-05 101120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-25 889628]
R3 NIC1394;1394 hálózati illesztőprogram; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-20 190400]
R3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB nyílt állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
S3 hidusb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 usbaudio;USB audio-illesztőprogram (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hpqddsvc;HP CUE DeviceDiscovery szolgáltatás; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe [2006-07-21 159744]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2005-07-25 32768]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe [2006-08-08 151552]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 PNMSRV;Panda Network Manager; c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE [2008-03-24 811008]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe [2006-07-04 102400]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-03-04 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------