Terminál Fórum https://forum.technokrata.hu/forum/ |
|
Vírus vagy mi lehet??? https://forum.technokrata.hu/forum/viewtopic.php?f=15&t=20774 |
Oldal: 1 / 35 |
Szerző: | stell [ hétf. jún. 17, 2013 15:29 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sziasztok. Nem tuntem ell Lacikam, hanem nem volt internetem, a bageral szet szakitotak a foldbe asott telefon kabelt, es az itt nallunk egy hettig tartot meg megcsinaltak. Igen futasd le a combofixet, es naplojat latnom kenne. |
Szerző: | Laci_L [ szomb. jún. 15, 2013 14:03 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Tron írta: ... Várom a további 5leteket ... Ki tudja meddig fog tartani, mert stell eltűnt már egy hónapja. Én is írtam neki néhány napja, arra sincs válasz. Addig annyit tudok tanácsolni, hogy futtasd a Combofix-et. Script-et nem tudok hozzá írni a log fájl alapján, de egy hasonló esetben csak a futtatás már önmagában csodát tett egy haverom gépén. Próbáld meg. ComboFix 13.6.13.1 http://www.softexia.com/anti-spyware/combofix/ |
Szerző: | Tron [ szomb. jún. 15, 2013 9:07 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Üdv! Sajna nem sok a javulás. Igaz, már nem azonnal a kezdőlappal, de pár perc múlva még mindig bejön. Pedig futtattam többször a progit, elsőre volt is mit takarítania. Várom a további 5leteket, mert szeretném megúszni az újratelepítést. |
Szerző: | Tron [ pén. máj. 24, 2013 6:14 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Üdv Stell! Sejtettem, hogy lesz valami ötleted. Kipróbálom, az eredményről beszámolok. nbela! Az egyik gépen csak IE van, a másikon rámászott az izé a Firefoxra és az Operára is. |
Szerző: | stell [ csüt. máj. 23, 2013 19:03 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Udv A megoldas egyszeru, ez beepiti magat tobb helyre is. 1:Lefuttatni ezeket a programokat: http://www.viruskasino.com/2012/09/adwcleaner.html Nyomni a gombot DELETE. 2: http://www.viruskasino.com/2010/12/prog ... moval-tool Ha veletlenul nem viszi ki akkor irjal. |
Szerző: | nbela [ csüt. máj. 23, 2013 18:28 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Valami hasonló volt a lányomnál is. Firefoxot használ, az csinálta, az IE nem. TeamViewer rá mentem. A kiegészítők között találtam valami bővítményt vagy kiterjesztést amit nem én telepítettem. Ráklikkelt valamire és betelepült. Sima eltávolítás után rendben. |
Szerző: | Tron [ csüt. máj. 23, 2013 17:05 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Üdv! Hátha valaki már összefutott a dologgal és tudja a megoldást: Az elmúlt napokban 2 gépnél is jártam, amik gyakorlatilag bármilyen oldal megnyitásakor felnyitnak egy reklám ablakot. Változó, hogy sima kép, vagy flash animáció, szépen beúszik. Mindig szigorúan a bal alsó sarokba és gond nélkül be lehet zárni. AVG, Malwarebytes, Spybot nem talál semmit. Erősen zavarja a felhasználókat, amit teljesen megértek. Memóriadumpokat és különböző programok riportjait ne kérjétek, mert eléggé messze vannak tőlem a masinák. Előre is kösz az östleteket! |
Szerző: | nbela [ vas. feb. 17, 2013 16:47 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
kizso92 írta: Az hogy lehet, hogy ők azt állítják, minden rendben, miközben - mint írjátok - elég szépen megfertőzött. |
Szerző: | kizso92 [ vas. feb. 17, 2013 14:49 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Köszönöm a válaszokat. Az hogy lehet, hogy ők azt állítják, minden rendben, miközben - mint írjátok - elég szépen megfertőzött. Ezt nem lehet kiírtani, vagy mit néznek be? |
Szerző: | stell [ vas. feb. 17, 2013 13:46 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Udv igen ez az oldal Fertőzőt JS/Agent.GO.23 Java script virus Es a szamitogepet is megfertozi. Kód: Type: File Source: C:\RECYCLER\S-1-5-.........\Dc3.htm Status: Infected Quarantine object: 527c6484.qua Restored: NO Uploaded to Avira: NO Operating System: Windows 2000/XP/VISTA Workstation Search engine: 8.02.10.250 Virus definition file: 7.11.61.24 Detection: Contains recognition pattern of the JS/Agent.GO.23 Java script virus Date/Time: 17.2.2013, 12:56 Ahogy latni lehet Rögtön beírja magát az számítógépre. Igen csak ajanlom kitisztitani a gepet az, Roguekiller, USBFIX, ADWcleaner, Malwarebytes programal. Kitisztitani a TEMP, mappakat az TFCleaner programmal. http://www.viruskasino.com/2010/12/prog ... are-z.html |
Szerző: | nbela [ vas. feb. 17, 2013 12:08 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Leszedtem a kezdőlapot. A NOD32 nekem is egyből lenyomta. A virustotalon 02.12-én volt utoljára ellenőrizve a kód. Akkor 8/46 szavazatot kapott. Most pedig 15/46. Én hagynám a csudába azt a lapot... |
Szerző: | kizso92 [ vas. feb. 17, 2013 10:42 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Üdvözletem! Korábban nyitottam egy topicot, csak a helyet kicsit elnéztem. A történet: (Én nem vagyok se adminisztrátor, se szervertulajos, csak egy mezei odaíró fórumozó, aki szeretne valamit evvel kezdeni, mert idegesíti az egész.) Szóval van az Eurosport fóruma, ami kb. 1,5 hete mindenkinél vírust jelez. Lettek értesítve a helyiek, de mára már esküdnek arra, hogy semmi gond nincs. Viszont a gond továbbra is fenn áll, ezt dobja ki: http://i46.tinypic.com/do6zax.jpg Valami ötlet? Én - mint e téren egyáltalán nem professzor - csak nekiálltam a forráskódját nézni a fórumnak, s azon találtam magam, hogy a </html> után van egy <script>, ami nekem furcsa... Ez a script nem lett kiszedve... Nem nagyon bő leírás, behatárolási lehetőség, tudom, de lehet evvel valamit kezdeni, vagy nem? |
Szerző: | stell [ kedd máj. 22, 2012 11:25 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nemáš začo. |
Szerző: | yakovlev999 [ kedd máj. 22, 2012 10:37 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
tökéletesen működik challenge completed! ďakujem! |
Szerző: | stell [ kedd máj. 22, 2012 8:39 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Na , akkor most mi van?? rendben minden?? |
Szerző: | yakovlev999 [ hétf. máj. 21, 2012 18:56 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP konfiguráció A DNS-feloldási gyorsítótár kiürítése sikeresen megtörtént. D:\Documents and Settings\Gábor\Asztal\cmd.bat deleted successfully. D:\Documents and Settings\Gábor\Asztal\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point D:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Gábor ->Temp folder emptied: 2760247 bytes ->Temporary Internet Files folder emptied: 410706 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 599057860 bytes ->Google Chrome cache emptied: 58121165 bytes ->Flash cache emptied: 8281875 bytes User: Gábor User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352076 bytes %systemroot%\System32 .tmp files removed: 2855 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36915 bytes RecycleBin emptied: 26911 bytes Total Files Cleaned = 640,00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05212012_195046 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Szerző: | Laci_L [ hétf. máj. 21, 2012 18:40 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell írta: Lacikam ez parancs sor , vagyis command ... Köszi, értem. Azért kérdeztem, mert az ipconfig Help-jében nem találtam erre utaló konkrét leírást. És inkább kérdezek, mint hallgatok. |
Szerző: | stell [ hétf. máj. 21, 2012 18:06 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Lacikam ez parancs sor , vagyis command . Vagyis ez olyan mint ha a parancssorba beadnád ipconfig /flushdns Vagyis ebben a programba be van epitve hogy a parancsokkat beadhatot igy. ipconfig /flushdns /c echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c es igy tovabb, |
Szerző: | Laci_L [ hétf. máj. 21, 2012 17:26 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell írta: ... ipconfig /flushdns /c ... Áruld el légyszíves, hogy a /c mit jelent? |
Szerző: | stell [ hétf. máj. 21, 2012 13:59 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ok, rendben vannak. tolds le az asztalra az otl programot http://oldtimer.geekstogo.com/OTL.exe futtasd, az allyan az ablakjaba masold be a scriptet. Kód: :Files ipconfig /flushdns /c :Commands [clearallrestorepoints] [resethosts] [emptytemp] Klikelj az RUNFIX gombra, a logjat tedd ide, es keszen vagyunk. |
Szerző: | yakovlev999 [ hétf. máj. 21, 2012 10:50 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
d:\windows\system32\es.dll https://www.virustotal.com/file/8905367 ... 337591591/ d:\windows\system32\mspmsnsv.dll https://www.virustotal.com/file/f776d26 ... 337591893/ d:\windows\system32\ntkrnlpa.exe https://www.virustotal.com/file/f7eaafb ... 337592376/ d:\windows\system32\ntoskrnl.exe https://www.virustotal.com/file/0a9f03a ... 337592776/ d:\windows\W7FBC\dll.dll https://www.virustotal.com/file/c746414 ... 337593029/ |
Szerző: | stell [ hétf. máj. 21, 2012 7:01 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ok a combofix gyanusnak nezi ezeket a fajlokat: Idézet: d:\windows\system32\es.dll d:\windows\system32\mspmsnsv.dll d:\windows\system32\ntkrnlpa.exe d:\windows\system32\ntoskrnl.exe d:\windows\W7FBC\dll.dll Ezert teszteld le oket az www.virustotal.com Ha kiirja hogy mar volt tesztelve akkor klik REANALYSE, megvarod a teszt veget es ide teszed a linet a tesztrol, aztan teszteled a masikat es ugyanugy ide rakni a linkeket. |
Szerző: | yakovlev999 [ vas. máj. 20, 2012 18:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
kicsit megkésve de itt van, bocsánat nem voltam netközelben a hétvégén ComboFix 12-05-17.08 - Gábor 012.05.20. 19:08:30.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.767.257 [GMT 4,5:30] Running from: d:\documents and settings\Gábor\Asztal\ComboFix.exe Command switches used :: d:\documents and settings\Gábor\Asztal\CFScript.txt AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\windows\system32\es.dll . . . is infected!! . d:\windows\system32\mspmsnsv.dll . . . is infected!! . d:\windows\system32\ntkrnlpa.exe . . . is infected!! . d:\windows\system32\ntoskrnl.exe . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_76248134 . . ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 ))))))))))))))))))))))))))))))) . . 2012-05-18 05:11 . 2012-05-18 05:11 -------- d-----w- d:\windows\system32\xircom 2012-05-18 05:11 . 2012-05-18 05:11 -------- d-----w- d:\windows\system32\wbem\snmp 2012-05-18 05:11 . 2012-05-18 05:11 -------- d-----w- d:\program files\microsoft frontpage 2012-05-18 03:43 . 2012-05-18 03:43 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI 2012-05-18 03:39 . 2012-05-18 03:39 188548 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-05-18 03:39 . 2003-11-10 13:44 729088 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-05-18 03:39 . 2003-11-10 13:43 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-05-18 03:39 . 2003-11-10 13:42 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-05-18 03:39 . 2003-11-10 13:42 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-05-18 03:39 . 2003-11-10 13:41 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-05-18 03:39 . 2003-11-10 13:40 32768 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-05-18 03:39 . 2012-05-18 03:39 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-05-18 03:39 . 2010-02-10 16:50 593920 ------w- d:\windows\system32\ati2sgag.exe 2012-05-18 03:24 . 2012-05-18 03:24 -------- d-----w- d:\windows\system32\wbem\Framework 2012-05-18 03:24 . 2012-05-18 03:24 -------- d-----w- d:\program files\GPU Temp 2012-05-17 17:07 . 2012-05-17 17:07 -------- d-----w- d:\program files\Mozilla Maintenance Service 2012-05-17 13:36 . 2012-05-17 13:36 -------- d-----w- D:\TDSSKiller_Quarantine 2012-05-10 16:50 . 2012-05-10 16:50 -------- d-----w- d:\documents and settings\Gábor\Application Data\DDMSettings 2012-05-10 10:56 . 2012-05-10 10:56 -------- d-sh--w- d:\windows\ftpcache 2012-05-09 12:43 . 2012-05-09 12:43 -------- d-----w- d:\documents and settings\Gábor\Application Data\DivX 2012-05-08 15:06 . 2012-05-08 15:19 -------- d-----w- d:\program files\Common Files\DivX Shared 2012-05-08 15:06 . 2012-05-08 15:19 -------- d-----w- d:\program files\DivX 2012-05-08 14:59 . 2012-05-08 15:19 -------- d-----w- d:\documents and settings\All Users\Application Data\DivX 2012-05-04 05:58 . 2012-05-04 05:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ElectricSheep 2012-05-04 05:58 . 2012-05-04 05:58 -------- d-----w- d:\program files\Electric Sheep 2012-05-04 05:40 . 2012-05-04 05:37 155648 ----a-w- d:\windows\system32\matrix_sw65v08.scr 2012-05-02 13:11 . 2012-05-02 13:11 -------- d-----w- d:\program files\Unlocker 2012-04-25 11:32 . 2012-04-25 11:32 -------- d-----w-or d:\docume~1\G??bor 2012-04-23 17:12 . 2012-04-26 13:09 -------- d-----w- d:\documents and settings\Gábor\Application Data\gtk-2.0 2012-04-23 17:12 . 2012-04-23 17:12 -------- d-----w- d:\documents and settings\Gábor\.thumbnails 2012-04-23 17:10 . 2012-04-26 14:38 -------- d-----w- d:\documents and settings\Gábor\.gimp-2.7 2012-04-23 16:02 . 2012-04-23 16:04 -------- d-----w- d:\program files\GIMP 2.7 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-10 02:46 . 2012-04-17 08:06 419488 ----a-w- d:\windows\system32\FlashPlayerApp.exe 2012-05-10 02:46 . 2012-01-27 09:42 70304 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-20 10:11 . 2012-04-20 10:12 73728 ----a-w- d:\windows\system32\javacpl.cpl 2012-04-20 10:11 . 2012-02-06 02:51 472808 ----a-w- d:\windows\system32\deployJava1.dll 2012-03-22 08:15 . 2012-02-02 15:08 22328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys 2012-03-22 08:15 . 2012-02-02 15:08 103736 ----a-w- d:\windows\system32\PnkBstrB.exe 2012-03-07 12:08 . 2012-03-07 12:08 1449991 ----a-w- d:\windows\unfearhun.exe 2012-03-07 12:07 . 2012-03-07 12:07 127488 ----a-w- d:\windows\system32\nzMedia.dll 2012-03-06 13:52 . 2012-03-06 13:52 98304 ----a-w- d:\windows\system32\CmdLineExt.dll 2012-03-22 09:32 . 2012-03-01 10:52 97208 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-12-18 23:45 . B654958AAD9C242B48F42B9B7B621EB7 . 253952 . . [2001.12.4414.706] . . d:\windows\system32\es.dll . [-] 2008-12-18 23:40 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . d:\windows\system32\mspmsnsv.dll . [-] 2008-12-18 . A20C3C07C83DF69EA6E38BD91A957BE4 . 2067456 . . [5.1.2600.5657] . . d:\windows\system32\ntkrnlpa.exe . [-] 2008-12-18 . 17E742C7E0990F75DA8DBB3071231DCA . 2190592 . . [5.1.2600.5657] . . d:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( SnapShot@2012-05-18_04.21.51 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-20 14:54 . 2012-05-20 14:54 16384 d:\windows\temp\Perflib_Perfdata_62c.dat - 2008-04-15 11:00 . 2012-05-18 03:55 75350 d:\windows\system32\perfc009.dat + 2008-04-15 11:00 . 2012-05-20 14:15 75350 d:\windows\system32\perfc009.dat + 2008-04-15 11:00 . 2012-05-20 14:15 461290 d:\windows\system32\perfh00E.dat - 2008-04-15 11:00 . 2012-05-18 03:55 461290 d:\windows\system32\perfh00E.dat - 2008-04-15 11:00 . 2012-05-18 03:55 455376 d:\windows\system32\perfh009.dat + 2008-04-15 11:00 . 2012-05-20 14:15 455376 d:\windows\system32\perfh009.dat + 2008-04-15 11:00 . 2012-05-20 14:15 108900 d:\windows\system32\perfc00E.dat - 2008-04-15 11:00 . 2012-05-18 03:55 108900 d:\windows\system32\perfc00E.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2008-10-16 124928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "d:\windows\W7FBC\dll.dll" [2012-03-06 184320] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "d:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Documents and Settings\\Gábor\\Dokumentumok\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\TmUnitedForever\\TmForever.exe"= "c:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [2012.01.31. 15:52 232512] R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2011.08.04. 9:20 118104] R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2011.08.04. 9:20 103112] R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011.09.22. 12:03 974944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010.03.18. 13:16 130384] S2 gupdate;Google frissítés Szolgáltatás (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2012.03.05. 16:55 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.17. 12:36 257696] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [2012.03.05. 16:55 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.17. 21:37 129976] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010.03.18. 13:16 753504] . Contents of the 'Scheduled Tasks' folder . 2012-05-20 d:\windows\Tasks\Adobe Flash Player Updater.job - d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 02:46] . 2012-05-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 12:25] . 2012-05-20 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 12:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - d:\program files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} IE: {{EC113164-2692-482c-A70D-C60DA5C92546} - {B2DBFB0F-C253-4051-85FB-01A9419D3A59} - TCP: DhcpNameServer = 192.168.168.254 195.199.255.4 195.199.255.57 FF - ProfilePath - d:\documents and settings\Gábor\Application Data\Mozilla\Firefox\Profiles\dwjav4f6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/ FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Wvzuzq - d:\documents and settings\Gábor\Application Data\Wvzuzq.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-20 19:24 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-842925246-162531612-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7f,4e,0d,e3,3f,64,72,fe,2e,31,01,8d,b2,63,3a,77,6c,cb,1c,4b,9d,0c,4f, 61,06,f7,07,42,8f,0c,5c,5b,1d,5e,91,25,26,e2,48,41,03,b6,13,2b,1d,c7,bc,62,\ "??"=hex:0c,c9,49,4f,9a,d6,3b,6d,a4,cc,5b,47,aa,3c,c8,0d . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(700) d:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(636) d:\progra~1\WINDOW~2\wmpband.dll d:\windows\system32\msi.dll d:\windows\system32\wpdshserviceobj.dll d:\windows\system32\portabledevicetypes.dll d:\windows\system32\portabledeviceapi.dll d:\windows\W7FBC\dll.dll . ------------------------ Other Running Processes ------------------------ . d:\windows\system32\Ati2evxx.exe d:\windows\system32\Ati2evxx.exe d:\program files\Java\jre6\bin\jqs.exe d:\windows\system32\PnkBstrA.exe d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe d:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-05-20 19:27:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-20 14:57 ComboFix2.txt 2012-05-18 04:24 . Pre-Run: 6 964 555 776 bájt szabad Post-Run: 8 180 523 008 bájt szabad . - - End Of File - - D1EB2D2EFDD42C74D8C5C407CC0AD149 |
Szerző: | stell [ pén. máj. 18, 2012 11:44 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent, a naplojat tedd ide. Kód: KILLALL:: RESTORE:: d:\windows\system32\es.dll d:\windows\system32\mspmsnsv.dll d:\windows\system32\ntkrnlpa.exe d:\windows\system32\ntoskrnl.exe Registry:: [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "Wvzuzq" =- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"=- "QuickTime Task"=- "Adobe ARM"=- "IMJPMIG8.1"=- "MSPY2002"=- "PHIME2002A"=- "SunJavaUpdateSched"=- "DivXUpdate"=- "StartCCC"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"=- Driver:: 76248134 DDS:: IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - d:\program files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe Rootkit:: d:\documents and settings\G?bor\Application Data\Wvzuzq.exe d:\documents and settings\Gábor\Application Data\Wvzuzq.exe RegNull:: [HKEY_USERS\S-1-5-21-842925246-162531612-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C75EEFAF-9952-8FE8-1BC6-DE3A01DD4A31}*] ClearJavaCache:: |
Szerző: | yakovlev999 [ pén. máj. 18, 2012 7:55 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ComboFix 12-05-17.08 - Gábor 012.05.18. 8:38.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.767.180 [GMT 4,5:30] Running from: d:\documents and settings\Gábor\Asztal\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\documents and settings\All Users\Application Data\100 d:\documents and settings\All Users\Application Data\TEMP d:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe d:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe d:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe d:\windows\es.exe d:\windows\pthreadGC2.dll d:\windows\system32\cc32100mt.dll d:\windows\system32\muzapp.exe K:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 ))))))))))))))))))))))))))))))) . . 2012-05-18 03:52 . 2012-05-18 03:52 9310 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-05-18 03:52 . 2012-05-18 03:52 8646 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-05-18 03:52 . 2012-05-18 03:52 6429 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-05-18 03:52 . 2012-05-18 03:52 63115 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-05-18 03:52 . 2012-05-18 03:52 5927 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-05-18 03:52 . 2012-05-18 03:52 4599 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-05-18 03:52 . 2012-05-18 03:52 8613 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-05-18 03:52 . 2012-05-18 03:52 8288 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-05-18 03:52 . 2012-05-18 03:52 6910 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-05-18 03:52 . 2012-05-18 03:52 6208 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-05-18 03:52 . 2012-05-18 03:52 18541 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-05-18 03:52 . 2012-05-18 03:52 1651 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-05-18 03:51 . 2012-05-18 03:51 8782 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-05-18 03:51 . 2012-05-18 03:51 7271 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-05-18 03:51 . 2012-05-18 03:51 51852 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-05-18 03:51 . 2012-05-18 03:51 23327 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-05-18 03:51 . 2012-05-18 03:51 20719 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-05-18 03:43 . 2012-05-18 03:43 -------- d-----w- d:\documents and settings\All Users\Application Data\ATI 2012-05-18 03:39 . 2012-05-18 03:39 188548 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-05-18 03:39 . 2003-11-10 13:44 729088 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-05-18 03:39 . 2003-11-10 13:43 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-05-18 03:39 . 2003-11-10 13:42 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-05-18 03:39 . 2003-11-10 13:42 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-05-18 03:39 . 2003-11-10 13:41 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-05-18 03:39 . 2003-11-10 13:40 32768 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-05-18 03:39 . 2012-05-18 03:39 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-05-18 03:39 . 2010-02-10 16:50 593920 ------w- d:\windows\system32\ati2sgag.exe 2012-05-18 03:24 . 2012-05-18 03:24 -------- d-----w- d:\windows\system32\wbem\Framework 2012-05-18 03:24 . 2012-05-18 03:24 -------- d-----w- d:\program files\GPU Temp 2012-05-17 17:07 . 2012-05-17 17:07 -------- d-----w- d:\program files\Mozilla Maintenance Service 2012-05-17 13:36 . 2012-05-17 13:36 -------- d-----w- D:\TDSSKiller_Quarantine 2012-05-10 16:50 . 2012-05-10 16:50 -------- d-----w- d:\documents and settings\Gábor\Application Data\DDMSettings 2012-05-10 10:56 . 2012-05-10 10:56 -------- d-sh--w- d:\windows\ftpcache 2012-05-09 12:43 . 2012-05-09 12:43 -------- d-----w- d:\documents and settings\Gábor\Application Data\DivX 2012-05-08 15:06 . 2012-05-08 15:19 -------- d-----w- d:\program files\Common Files\DivX Shared 2012-05-08 15:06 . 2012-05-08 15:19 -------- d-----w- d:\program files\DivX 2012-05-08 14:59 . 2012-05-08 15:19 -------- d-----w- d:\documents and settings\All Users\Application Data\DivX 2012-05-04 05:58 . 2012-05-04 05:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ElectricSheep 2012-05-04 05:58 . 2012-05-04 05:58 -------- d-----w- d:\program files\Electric Sheep 2012-05-04 05:40 . 2012-05-04 05:37 155648 ----a-w- d:\windows\system32\matrix_sw65v08.scr 2012-05-02 13:11 . 2012-05-02 13:11 -------- d-----w- d:\program files\Unlocker 2012-04-25 11:32 . 2012-04-25 11:32 -------- d-----w-or d:\docume~1\G??bor 2012-04-23 17:12 . 2012-04-26 13:09 -------- d-----w- d:\documents and settings\Gábor\Application Data\gtk-2.0 2012-04-23 17:12 . 2012-04-23 17:12 -------- d-----w- d:\documents and settings\Gábor\.thumbnails 2012-04-23 17:10 . 2012-04-26 14:38 -------- d-----w- d:\documents and settings\Gábor\.gimp-2.7 2012-04-23 16:02 . 2012-04-23 16:04 -------- d-----w- d:\program files\GIMP 2.7 2012-04-20 10:12 . 2012-04-20 10:12 -------- d-----w- d:\program files\Common Files\Java 2012-04-20 10:12 . 2012-04-20 10:11 73728 ----a-w- d:\windows\system32\javacpl.cpl 2012-04-20 10:11 . 2012-04-20 10:11 -------- d-----w- d:\program files\Java 2012-04-20 09:54 . 2012-05-17 17:07 -------- d-----w- D:\Mozilla Firefox 2012-04-20 09:36 . 2012-04-20 09:36 -------- d-----w- d:\documents and settings\Gábor\Application Data\TAGIRI 2012-04-20 09:36 . 2012-04-20 09:37 -------- d-----w- d:\program files\Mitter Toolbar 2012-04-19 08:32 . 2012-04-19 08:32 -------- d-----w- d:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-10 02:46 . 2012-04-17 08:06 419488 ----a-w- d:\windows\system32\FlashPlayerApp.exe 2012-05-10 02:46 . 2012-01-27 09:42 70304 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-20 10:11 . 2012-02-06 02:51 472808 ----a-w- d:\windows\system32\deployJava1.dll 2012-03-22 08:15 . 2012-02-02 15:08 22328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys 2012-03-22 08:15 . 2012-02-02 15:08 103736 ----a-w- d:\windows\system32\PnkBstrB.exe 2012-03-07 12:08 . 2012-03-07 12:08 1449991 ----a-w- d:\windows\unfearhun.exe 2012-03-07 12:07 . 2012-03-07 12:07 127488 ----a-w- d:\windows\system32\nzMedia.dll 2012-03-06 13:52 . 2012-03-06 13:52 98304 ----a-w- d:\windows\system32\CmdLineExt.dll 2012-03-22 09:32 . 2012-03-01 10:52 97208 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-12-18 23:45 . B654958AAD9C242B48F42B9B7B621EB7 . 253952 . . [2001.12.4414.706] . . d:\windows\system32\es.dll . [-] 2008-12-18 23:40 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . d:\windows\system32\mspmsnsv.dll . [-] 2008-12-18 . A20C3C07C83DF69EA6E38BD91A957BE4 . 2067456 . . [5.1.2600.5657] . . d:\windows\system32\ntkrnlpa.exe . [-] 2008-12-18 . 17E742C7E0990F75DA8DBB3071231DCA . 2190592 . . [5.1.2600.5657] . . d:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264] "AudioDeck"="d:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952] "MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2008-10-16 124928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "d:\windows\W7FBC\dll.dll" [2012-03-06 184320] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "d:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Documents and Settings\\Gábor\\Dokumentumok\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\TmUnitedForever\\TmForever.exe"= "c:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\drivers\dtsoftbus01.sys [2012.01.31. 15:52 232512] R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2011.08.04. 9:20 118104] R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2011.08.04. 9:20 103112] R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011.09.22. 12:03 974944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010.03.18. 13:16 130384] S2 gupdate;Google frissítés Szolgáltatás (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2012.03.05. 16:55 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.17. 12:36 257696] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [2012.03.05. 16:55 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.17. 21:37 129976] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010.03.18. 13:16 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 76248134 *NewlyCreated* - GPU-Z *Deregistered* - 76248134 *Deregistered* - GPU-Z . Contents of the 'Scheduled Tasks' folder . 2012-05-17 d:\windows\Tasks\Adobe Flash Player Updater.job - d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 02:46] . 2012-05-18 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 12:25] . 2012-05-18 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 12:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - d:\program files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} IE: {{EC113164-2692-482c-A70D-C60DA5C92546} - {B2DBFB0F-C253-4051-85FB-01A9419D3A59} - TCP: DhcpNameServer = 192.168.168.254 195.199.255.4 195.199.255.57 FF - ProfilePath - d:\documents and settings\Gábor\Application Data\Mozilla\Firefox\Profiles\dwjav4f6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/ FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . AddRemove-BFlix - d:\program files\BFlix\uninstall.exe AddRemove-Counter-Strike 1.6_is1 - k:\counter-strike 1.6\unins000.exe AddRemove-Halo 3 - d:\documents and settings\Gábor\Asztal\map\uninstall Halo_3.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-18 08:51 Windows 5.1.2600 Szervizcsomag 3 NTFS . detected NTDLL code modification: ZwEnumerateValueKey, ZwQueryDirectoryFile . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Wvzuzq = d:\documents and settings\G?bor\Application Data\Wvzuzq.exe . scanning hidden files ... . . d:\documents and settings\Gábor\Application Data\Wvzuzq.exe 185344 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-842925246-162531612-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C75EEFAF-9952-8FE8-1BC6-DE3A01DD4A31}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-842925246-162531612-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7f,4e,0d,e3,3f,64,72,fe,2e,31,01,8d,b2,63,3a,77,6c,cb,1c,4b,9d,0c,4f, 61,06,f7,07,42,8f,0c,5c,5b,1d,5e,91,25,26,e2,48,41,03,b6,13,2b,1d,c7,bc,62,\ "??"=hex:0c,c9,49,4f,9a,d6,3b,6d,a4,cc,5b,47,aa,3c,c8,0d . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(696) d:\windows\system32\Ati2evxx.dll . Completion time: 2012-05-18 08:54:49 ComboFix-quarantined-files.txt 2012-05-18 04:24 . Pre-Run: 4 858 814 464 bájt szabad Post-Run: 8 304 656 384 bájt szabad . - - End Of File - - A182FEE1D1ED961C1B6F05CDBF3A7DFE log file készítése közben volt egy prev3.exe leállás nem tudom hogy ez baj itt a gpu tempem is Up: ez nem vírus, nem megy a videókártyahűtőm megyek a másik fórumba ott rákérdezek. azért köszöntem a segítséget. |
Szerző: | stell [ pén. máj. 18, 2012 7:02 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ez a TDSSkiller neve, vagyis ha ranezel akkor ezt latod. Idézet: 21:27:01.0562 2824 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 18:04:40.0109 0356 TDSS rootkit eltávolítása eszköz 2.7.7.0 január 24, 2012 16:44:27 tehat ez nem Rootkit. Mikkor futtattad, neve, verzio szama. datum, es az ido, Ha bealitod a Quarantine, akkor ez az eszkoz bemasolja a karantenba a gyanus fajlokat, de ez nem olyan karantena mint a virusirtoban, hanem csak bemasolja es ott hagyja az eredeti helyen, nem tavolitja el. Aztan ezzekel a fajlokal lehet analyzeslni pldaul a virustotalon. Tehat roviden ha problema van a geppel fagyas, akkor lehet ott fertozes, vagy melegedes, vagy hardwer, vagyis akkar mi, ezert ha a problem meg fen all akkor tedd ide a combofix naplojat. |
Szerző: | yakovlev999 [ pén. máj. 18, 2012 6:28 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Lehet hogy hülyeséget mondok, de a tdss killer egy rootkit removing tool és talált is 6-ot a driverek között vagy nem? igazából lehet hogy elkapkodtam amit írtam, te biztos tudod |
Szerző: | stell [ csüt. máj. 17, 2012 20:46 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Honnan gondolod hogy rootkit van a geppen?? |
Szerző: | yakovlev999 [ csüt. máj. 17, 2012 20:29 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
21:27:01.0562 2824 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 21:27:01.0578 2824 ============================================================ 21:27:01.0578 2824 Current date / time: 2012/05/17 21:27:01.0578 21:27:01.0578 2824 SystemInfo: 21:27:01.0578 2824 21:27:01.0578 2824 OS Version: 5.1.2600 ServicePack: 3.0 21:27:01.0578 2824 Product type: Workstation 21:27:01.0578 2824 ComputerName: GABOR 21:27:01.0578 2824 UserName: Gábor 21:27:01.0578 2824 Windows directory: D:\WINDOWS 21:27:01.0578 2824 System windows directory: D:\WINDOWS 21:27:01.0578 2824 Processor architecture: Intel x86 21:27:01.0578 2824 Number of processors: 1 21:27:01.0578 2824 Page size: 0x1000 21:27:01.0578 2824 Boot type: Normal boot 21:27:01.0578 2824 ============================================================ 21:27:01.0953 2824 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:27:01.0968 2824 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:27:02.0171 2824 Initialize success 21:27:07.0453 1052 ============================================================ 21:27:07.0453 1052 Scan started 21:27:07.0453 1052 Mode: Manual; SigCheck; TDLFS; 21:27:07.0453 1052 ============================================================ 21:27:08.0468 1052 Abiosdsk - ok 21:27:08.0500 1052 abp480n5 - ok 21:27:08.0546 1052 ACPI (5482ff197e59b4ca97ccb1b4740a2949) D:\WINDOWS\system32\DRIVERS\ACPI.sys 21:27:15.0046 1052 ACPI - ok 21:27:15.0140 1052 ACPIEC (582c901174a7f0733c6fe41c37c9a80b) D:\WINDOWS\system32\drivers\ACPIEC.sys 21:27:15.0421 1052 ACPIEC - ok 21:27:15.0484 1052 adpu160m - ok 21:27:15.0531 1052 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys 21:27:15.0734 1052 aec - ok 21:27:15.0843 1052 AFD (4d43e74f2a1239d53929b82600f1971c) D:\WINDOWS\System32\drivers\afd.sys 21:27:15.0875 1052 AFD ( UnsignedFile.Multi.Generic ) - warning 21:27:15.0875 1052 AFD - detected UnsignedFile.Multi.Generic (1) 21:27:15.0937 1052 Aha154x - ok 21:27:15.0968 1052 aic78u2 - ok 21:27:15.0984 1052 aic78xx - ok 21:27:16.0031 1052 AliIde - ok 21:27:16.0078 1052 AmdK7 (5338f3a9987e80b0c00f9c7c16122fd7) D:\WINDOWS\system32\DRIVERS\amdk7.sys 21:27:16.0312 1052 AmdK7 - ok 21:27:16.0359 1052 amsint - ok 21:27:16.0390 1052 asc - ok 21:27:16.0421 1052 asc3350p - ok 21:27:16.0453 1052 asc3550 - ok 21:27:16.0515 1052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:27:16.0765 1052 AsyncMac - ok 21:27:16.0859 1052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys 21:27:17.0125 1052 atapi - ok 21:27:17.0203 1052 Atdisk - ok 21:27:17.0406 1052 ati2mtag (3d2bdb33c97b8b12a048ddc5bcaf2029) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys 21:27:17.0703 1052 ati2mtag - ok 21:27:17.0812 1052 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:27:18.0062 1052 Atmarpc - ok 21:27:18.0125 1052 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys 21:27:18.0375 1052 audstub - ok 21:27:18.0437 1052 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys 21:27:18.0687 1052 Beep - ok 21:27:18.0734 1052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys 21:27:19.0000 1052 cbidf2k - ok 21:27:19.0015 1052 cd20xrnt - ok 21:27:19.0062 1052 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys 21:27:19.0359 1052 Cdaudio - ok 21:27:19.0406 1052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys 21:27:19.0671 1052 Cdfs - ok 21:27:19.0703 1052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys 21:27:20.0000 1052 Cdrom - ok 21:27:20.0031 1052 Changer - ok 21:27:20.0093 1052 CmdIde - ok 21:27:20.0125 1052 Cpqarray - ok 21:27:20.0156 1052 dac2w2k - ok 21:27:20.0171 1052 dac960nt - ok 21:27:20.0343 1052 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys 21:27:20.0796 1052 Disk - ok 21:27:20.0984 1052 dmboot (ae717be311722ceebd9a27b57757a123) D:\WINDOWS\system32\drivers\dmboot.sys 21:27:21.0515 1052 dmboot - ok 21:27:21.0843 1052 dmio (66b7462ad4844052d4a6cbea3aa486a0) D:\WINDOWS\system32\drivers\dmio.sys 21:27:22.0156 1052 dmio - ok 21:27:22.0437 1052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys 21:27:22.0703 1052 dmload - ok 21:27:23.0000 1052 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys 21:27:23.0328 1052 DMusic - ok 21:27:23.0671 1052 dpti2o - ok 21:27:24.0031 1052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys 21:27:24.0281 1052 drmkaud - ok 21:27:25.0375 1052 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 21:27:29.0453 1052 dtsoftbus01 - ok 21:27:29.0796 1052 eamon (9309c5c9831203436e64cf2ae605c5d7) D:\WINDOWS\system32\DRIVERS\eamon.sys 21:27:29.0843 1052 eamon - ok 21:27:30.0250 1052 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) D:\WINDOWS\system32\DRIVERS\ehdrv.sys 21:27:30.0312 1052 ehdrv - ok 21:27:31.0375 1052 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) D:\WINDOWS\system32\DRIVERS\epfwtdir.sys 21:27:31.0484 1052 epfwtdir - ok 21:27:31.0937 1052 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys 21:27:32.0296 1052 Fastfat - ok 21:27:32.0843 1052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys 21:27:33.0250 1052 Fdc - ok 21:27:33.0750 1052 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\WINDOWS\system32\DRIVERS\fetnd5.sys 21:27:34.0062 1052 FETNDIS - ok 21:27:34.0421 1052 Fips (0986fca8fd7a56d9f1628fe6ef321090) D:\WINDOWS\system32\drivers\Fips.sys 21:27:34.0781 1052 Fips - ok 21:27:35.0203 1052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:27:35.0531 1052 Flpydisk - ok 21:27:35.0968 1052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:27:36.0296 1052 FltMgr - ok 21:27:36.0953 1052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys 21:27:37.0312 1052 Fs_Rec - ok 21:27:37.0843 1052 Ftdisk (44225407f69666099c4d4c6bc9cd804d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:27:38.0187 1052 Ftdisk - ok 21:27:38.0812 1052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys 21:27:39.0187 1052 Gpc - ok 21:27:39.0765 1052 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys 21:27:40.0078 1052 hidusb - ok 21:27:40.0328 1052 hpn - ok 21:27:40.0859 1052 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) D:\WINDOWS\system32\Drivers\HTTP.sys 21:27:41.0343 1052 HTTP - ok 21:27:41.0718 1052 i2omgmt - ok 21:27:42.0125 1052 i2omp - ok 21:27:42.0562 1052 i8042prt (d7947ecf17544ced478bd969939db349) D:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:27:43.0109 1052 i8042prt - ok 21:27:44.0109 1052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys 21:27:44.0421 1052 Imapi - ok 21:27:44.0968 1052 ini910u - ok 21:27:45.0203 1052 IntelIde - ok 21:27:45.0703 1052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:27:46.0125 1052 Ip6Fw - ok 21:27:46.0578 1052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:27:46.0890 1052 IpFilterDriver - ok 21:27:47.0171 1052 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys 21:27:48.0062 1052 IpInIp - ok 21:27:48.0468 1052 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys 21:27:48.0781 1052 IpNat - ok 21:27:48.0875 1052 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys 21:27:49.0171 1052 IPSec - ok 21:27:49.0296 1052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys 21:27:49.0406 1052 IRENUM - ok 21:27:49.0515 1052 isapnp (3685529caa2b14c9632e85e265ba293b) D:\WINDOWS\system32\DRIVERS\isapnp.sys 21:27:49.0765 1052 isapnp - ok 21:27:50.0109 1052 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) D:\Program Files\UltraISO\drivers\ISODrive.sys 21:27:50.0328 1052 ISODrive - ok 21:27:50.0671 1052 Kbdclass (51d3342d1a0c19605095405352bb009b) D:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:27:51.0218 1052 Kbdclass - ok 21:27:51.0312 1052 kbdhid (eb1720313b4fd571654926a80e610c20) D:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:27:51.0625 1052 kbdhid - ok 21:27:51.0703 1052 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys 21:27:52.0015 1052 kmixer - ok 21:27:52.0156 1052 KSecDD (1705745d900dabf2d89f90ebaddc7517) D:\WINDOWS\system32\drivers\KSecDD.sys 21:27:52.0437 1052 KSecDD - ok 21:27:52.0609 1052 lbrtfdc - ok 21:27:52.0812 1052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys 21:27:53.0531 1052 mnmdd - ok 21:27:54.0265 1052 Modem (226b93eb15b1c819fa021a5167c5809d) D:\WINDOWS\system32\drivers\Modem.sys 21:27:54.0718 1052 Modem - ok 21:27:55.0343 1052 Mouclass (705cac1902dcd3e3181a199d7ad40d13) D:\WINDOWS\system32\DRIVERS\mouclass.sys 21:27:56.0421 1052 Mouclass - ok 21:27:57.0031 1052 mouhid (6a79cb27d0e608a45638cd9468269a3e) D:\WINDOWS\system32\DRIVERS\mouhid.sys 21:27:57.0593 1052 mouhid - ok 21:27:57.0703 1052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys 21:27:58.0062 1052 MountMgr - ok 21:27:58.0093 1052 mraid35x - ok 21:27:58.0156 1052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:27:58.0453 1052 MRxDAV - ok 21:27:58.0593 1052 MRxSmb (7170ab42b51954def2781a4d1cce65f4) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:27:58.0625 1052 MRxSmb ( UnsignedFile.Multi.Generic ) - warning 21:27:58.0625 1052 MRxSmb - detected UnsignedFile.Multi.Generic (1) 21:27:58.0750 1052 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys 21:27:59.0515 1052 Msfs - ok 21:28:00.0250 1052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys 21:28:00.0625 1052 MSKSSRV - ok 21:28:00.0718 1052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:28:01.0593 1052 MSPCLOCK - ok 21:28:01.0687 1052 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys 21:28:01.0921 1052 MSPQM - ok 21:28:01.0984 1052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:28:02.0218 1052 mssmbios - ok 21:28:02.0296 1052 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys 21:28:02.0515 1052 Mup - ok 21:28:02.0640 1052 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys 21:28:02.0890 1052 NDIS - ok 21:28:02.0968 1052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:28:03.0187 1052 NdisTapi - ok 21:28:03.0218 1052 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:28:03.0468 1052 Ndisuio - ok 21:28:03.0562 1052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:28:03.0828 1052 NdisWan - ok 21:28:03.0921 1052 NDProxy (6215023940cfd3702b46abc304e1d45a) D:\WINDOWS\system32\drivers\NDProxy.sys 21:28:04.0406 1052 NDProxy - ok 21:28:04.0484 1052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys 21:28:04.0859 1052 NetBIOS - ok 21:28:04.0968 1052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys 21:28:05.0234 1052 NetBT - ok 21:28:05.0375 1052 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys 21:28:05.0625 1052 Npfs - ok 21:28:05.0734 1052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys 21:28:06.0109 1052 Ntfs - ok 21:28:06.0328 1052 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys 21:28:06.0625 1052 Null - ok 21:28:06.0718 1052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:28:06.0984 1052 NwlnkFlt - ok 21:28:07.0031 1052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:28:07.0265 1052 NwlnkFwd - ok 21:28:07.0375 1052 Parport (632f154061074a9a1b75ecbba89d8d42) D:\WINDOWS\system32\DRIVERS\parport.sys 21:28:07.0640 1052 Parport - ok 21:28:07.0687 1052 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys 21:28:07.0953 1052 PartMgr - ok 21:28:08.0000 1052 ParVdm (4df92a889e7fe15ed3834d288a0271f5) D:\WINDOWS\system32\drivers\ParVdm.sys 21:28:08.0687 1052 ParVdm - ok 21:28:09.0296 1052 PCI (b4a9c91cfdd5c68e2e48c0754e3a88f9) D:\WINDOWS\system32\DRIVERS\pci.sys 21:28:09.0921 1052 PCI - ok 21:28:11.0015 1052 PCIDump - ok 21:28:11.0406 1052 PCIIde - ok 21:28:11.0468 1052 Pcmcia (3defb381b9cdca9d4375bd37a3c0189b) D:\WINDOWS\system32\drivers\Pcmcia.sys 21:28:11.0687 1052 Pcmcia - ok 21:28:11.0765 1052 PDCOMP - ok 21:28:11.0968 1052 PDFRAME - ok 21:28:12.0531 1052 PDRELI - ok 21:28:12.0750 1052 PDRFRAME - ok 21:28:13.0046 1052 perc2 - ok 21:28:13.0562 1052 perc2hib - ok 21:28:14.0687 1052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys 21:28:15.0640 1052 PptpMiniport - ok 21:28:18.0125 1052 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys 21:28:18.0421 1052 PSched - ok 21:28:21.0640 1052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys 21:28:22.0906 1052 Ptilink - ok 21:28:25.0921 1052 ql1080 - ok 21:28:29.0968 1052 Ql10wnt - ok 21:28:31.0078 1052 ql12160 - ok 21:28:31.0343 1052 ql1240 - ok 21:28:31.0609 1052 ql1280 - ok 21:28:31.0968 1052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys 21:28:32.0578 1052 RasAcd - ok 21:28:33.0390 1052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:28:34.0343 1052 Rasl2tp - ok 21:28:35.0281 1052 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:28:36.0343 1052 RasPppoe - ok 21:28:37.0078 1052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys 21:28:37.0343 1052 Raspti - ok 21:28:38.0546 1052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys 21:28:38.0765 1052 Rdbss - ok 21:28:39.0046 1052 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:28:39.0796 1052 RDPCDD - ok 21:28:39.0906 1052 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:28:40.0234 1052 rdpdr - ok 21:28:40.0390 1052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys 21:28:40.0671 1052 RDPWD - ok 21:28:40.0781 1052 redbook (3c706fd765482112c3a6d42e1d7b58bb) D:\WINDOWS\system32\DRIVERS\redbook.sys 21:28:41.0031 1052 redbook - ok 21:28:41.0203 1052 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys 21:28:41.0312 1052 Secdrv - ok 21:28:41.0375 1052 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys 21:28:41.0640 1052 serenum - ok 21:28:41.0687 1052 Serial (87df40b4db611efbdf74c9b3eccab417) D:\WINDOWS\system32\DRIVERS\serial.sys 21:28:41.0890 1052 Serial - ok 21:28:41.0984 1052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys 21:28:42.0203 1052 Sfloppy - ok 21:28:42.0265 1052 Simbad - ok 21:28:42.0312 1052 Sparrow - ok 21:28:42.0375 1052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys 21:28:42.0593 1052 splitter - ok 21:28:42.0640 1052 Sr (38e904fb6139945822b929eaf2570ca5) D:\WINDOWS\system32\DRIVERS\sr.sys 21:28:42.0718 1052 Sr - ok 21:28:42.0781 1052 Srv (ae4d13b572399b206b43d65da4d9983d) D:\WINDOWS\system32\DRIVERS\srv.sys 21:28:42.0828 1052 Srv ( UnsignedFile.Multi.Generic ) - warning 21:28:42.0828 1052 Srv - detected UnsignedFile.Multi.Generic (1) 21:28:42.0937 1052 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys 21:28:43.0140 1052 swenum - ok 21:28:43.0234 1052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys 21:28:43.0437 1052 swmidi - ok 21:28:43.0468 1052 symc810 - ok 21:28:43.0500 1052 symc8xx - ok 21:28:43.0515 1052 sym_hi - ok 21:28:43.0546 1052 sym_u3 - ok 21:28:43.0593 1052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys 21:28:43.0796 1052 sysaudio - ok 21:28:43.0890 1052 Tcpip (93ea8d04ec73a85db02eb8805988f733) D:\WINDOWS\system32\DRIVERS\tcpip.sys 21:28:44.0125 1052 Tcpip - ok 21:28:44.0250 1052 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys 21:28:44.0468 1052 TDPIPE - ok 21:28:44.0578 1052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys 21:28:44.0765 1052 TDTCP - ok 21:28:44.0859 1052 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys 21:28:45.0062 1052 TermDD - ok 21:28:45.0156 1052 TosIde - ok 21:28:45.0234 1052 uagp35 (d85938f272d1bcf3db3a31fc0a048928) D:\WINDOWS\system32\DRIVERS\uagp35.sys 21:28:45.0437 1052 uagp35 - ok 21:28:45.0531 1052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys 21:28:45.0750 1052 Udfs - ok 21:28:45.0796 1052 ultra - ok 21:28:45.0875 1052 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Program Files\Unlocker\UnlockerDriver5.sys 21:28:45.0890 1052 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 21:28:45.0890 1052 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 21:28:45.0984 1052 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys 21:28:46.0218 1052 Update - ok 21:28:46.0312 1052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys 21:28:46.0531 1052 usbehci - ok 21:28:46.0578 1052 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys 21:28:46.0781 1052 usbhub - ok 21:28:46.0859 1052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys 21:28:47.0062 1052 usbscan - ok 21:28:47.0093 1052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:28:47.0281 1052 USBSTOR - ok 21:28:47.0328 1052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:28:47.0515 1052 usbuhci - ok 21:28:47.0578 1052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys 21:28:47.0781 1052 VgaSave - ok 21:28:47.0828 1052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) D:\WINDOWS\system32\drivers\ViaIde.sys 21:28:48.0031 1052 ViaIde - ok 21:28:48.0109 1052 VIAudio (2e1ffc794290d9b16f1db1084583e655) D:\WINDOWS\system32\drivers\vinyl97.sys 21:28:48.0171 1052 VIAudio - ok 21:28:48.0265 1052 videX32 (cbad598bb71ccc9f725ea042d7be4e35) D:\WINDOWS\system32\DRIVERS\videX32.sys 21:28:48.0296 1052 videX32 - ok 21:28:48.0375 1052 VolSnap (9946cfcc7e445e1d846db748299724eb) D:\WINDOWS\system32\drivers\VolSnap.sys 21:28:48.0578 1052 VolSnap - ok 21:28:48.0656 1052 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys 21:28:48.0843 1052 Wanarp - ok 21:28:48.0921 1052 Wdf01000 (fd47474bd21794508af449d9d91af6e6) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys 21:28:48.0953 1052 Wdf01000 - ok 21:28:49.0015 1052 WDICA - ok 21:28:49.0062 1052 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys 21:28:49.0265 1052 wdmaud - ok 21:28:49.0484 1052 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:28:49.0500 1052 WudfPf ( UnsignedFile.Multi.Generic ) - warning 21:28:49.0515 1052 WudfPf - detected UnsignedFile.Multi.Generic (1) 21:28:49.0546 1052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:28:49.0578 1052 WudfRd ( UnsignedFile.Multi.Generic ) - warning 21:28:49.0578 1052 WudfRd - detected UnsignedFile.Multi.Generic (1) 21:28:49.0656 1052 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk0\DR0 21:28:50.0734 1052 \Device\Harddisk0\DR0 - ok 21:28:50.0765 1052 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk1\DR1 21:28:51.0468 1052 \Device\Harddisk1\DR1 - ok 21:28:51.0515 1052 Boot (0x1200) (1e9c55beae583f6a7030e0e488bc4d95) \Device\Harddisk0\DR0\Partition0 21:28:51.0515 1052 \Device\Harddisk0\DR0\Partition0 - ok 21:28:51.0531 1052 Boot (0x1200) (120d360b5320aa2bf392f0b2757a53d2) \Device\Harddisk0\DR0\Partition1 21:28:51.0531 1052 \Device\Harddisk0\DR0\Partition1 - ok 21:28:51.0562 1052 Boot (0x1200) (c9e812377ac6688a7c553f8e2256244a) \Device\Harddisk1\DR1\Partition0 21:28:51.0562 1052 \Device\Harddisk1\DR1\Partition0 - ok 21:28:51.0593 1052 Boot (0x1200) (d3eacbf3e297ca7889ac67fea6a9b0ce) \Device\Harddisk1\DR1\Partition1 21:28:51.0593 1052 \Device\Harddisk1\DR1\Partition1 - ok 21:28:51.0593 1052 ============================================================ 21:28:51.0593 1052 Scan finished 21:28:51.0593 1052 ============================================================ 21:28:51.0765 3892 Detected object count: 6 21:28:51.0765 3892 Actual detected object count: 6 21:29:00.0828 3892 AFD ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0828 3892 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:29:00.0828 3892 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0828 3892 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:29:00.0843 3892 Srv ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0843 3892 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:29:00.0843 3892 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0843 3892 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:29:00.0843 3892 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0843 3892 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:29:00.0843 3892 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user 21:29:00.0843 3892 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Szerző: | stell [ csüt. máj. 17, 2012 18:41 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
udv. Azt amit karanténba tetted egyse Rootkit, vagyis úgy se nincsenek karanténba, Futtasd újból az TDSSKILLERT, klikelj az Change parametrslinkre. Pipazd be minden ablakocskat ,es klik OK. klik az Start Scan Mikkor bevegzi minden ablakban alitsd be Skip Mikkor mindenut SKIP lesz, klik Continue Az Root, vagyis a C<\ TDSSKILLER mapaban talald meg a legujabb logot,_log.txt es tedd ide. |
Szerző: | yakovlev999 [ csüt. máj. 17, 2012 18:09 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Hello A gépem kapott egy rootkitet, megfertőzte a videókártya drivert (elszállt a monitor lefagyott a gép). lefuttattam a tdsskiller-t meg is találta, karanténba raktam. Azt akarom tudni kell e még valamilyen más óvintézkedést tenni? itt a tdsskiller reportja: 18:04:40.0109 0356 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27 18:04:40.0125 0356 ============================================================ 18:04:40.0125 0356 Current date / time: 2012/05/17 18:04:40.0125 18:04:40.0125 0356 SystemInfo: 18:04:40.0125 0356 18:04:40.0125 0356 OS Version: 5.1.2600 ServicePack: 3.0 18:04:40.0125 0356 Product type: Workstation 18:04:40.0125 0356 ComputerName: GABOR 18:04:40.0125 0356 UserName: Gábor 18:04:40.0125 0356 Windows directory: D:\WINDOWS 18:04:40.0140 0356 System windows directory: D:\WINDOWS 18:04:40.0140 0356 Processor architecture: Intel x86 18:04:40.0140 0356 Number of processors: 1 18:04:40.0140 0356 Page size: 0x1000 18:04:40.0140 0356 Boot type: Normal boot 18:04:40.0140 0356 ============================================================ 18:04:41.0625 0356 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:04:41.0656 0356 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:04:41.0656 0356 Drive \Device\Harddisk2\DR6 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 18:04:42.0250 0356 Initialize success 18:04:43.0734 2176 ============================================================ 18:04:43.0734 2176 Scan started 18:04:43.0734 2176 Mode: Manual; 18:04:43.0734 2176 ============================================================ 18:04:44.0562 2176 Abiosdsk - ok 18:04:44.0578 2176 abp480n5 - ok 18:04:44.0640 2176 ACPI (5482ff197e59b4ca97ccb1b4740a2949) D:\WINDOWS\system32\DRIVERS\ACPI.sys 18:04:44.0640 2176 ACPI - ok 18:04:44.0734 2176 ACPIEC (582c901174a7f0733c6fe41c37c9a80b) D:\WINDOWS\system32\drivers\ACPIEC.sys 18:04:44.0734 2176 ACPIEC - ok 18:04:44.0781 2176 adpu160m - ok 18:04:44.0843 2176 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys 18:04:44.0843 2176 aec - ok 18:04:44.0937 2176 AFD (4d43e74f2a1239d53929b82600f1971c) D:\WINDOWS\System32\drivers\afd.sys 18:04:44.0953 2176 AFD - ok 18:04:45.0015 2176 Aha154x - ok 18:04:45.0031 2176 aic78u2 - ok 18:04:45.0062 2176 aic78xx - ok 18:04:45.0109 2176 AliIde - ok 18:04:45.0156 2176 AmdK7 (5338f3a9987e80b0c00f9c7c16122fd7) D:\WINDOWS\system32\DRIVERS\amdk7.sys 18:04:45.0171 2176 AmdK7 - ok 18:04:45.0187 2176 amsint - ok 18:04:45.0234 2176 asc - ok 18:04:45.0250 2176 asc3350p - ok 18:04:45.0281 2176 asc3550 - ok 18:04:45.0343 2176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:04:45.0343 2176 AsyncMac - ok 18:04:45.0406 2176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys 18:04:45.0406 2176 atapi - ok 18:04:45.0421 2176 Atdisk - ok 18:04:45.0640 2176 ati2mtag (3d2bdb33c97b8b12a048ddc5bcaf2029) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:04:45.0750 2176 ati2mtag - ok 18:04:45.0859 2176 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:04:45.0859 2176 Atmarpc - ok 18:04:45.0921 2176 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys 18:04:45.0921 2176 audstub - ok 18:04:45.0968 2176 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys 18:04:45.0968 2176 Beep - ok 18:04:46.0281 2176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys 18:04:46.0281 2176 cbidf2k - ok 18:04:46.0312 2176 cd20xrnt - ok 18:04:46.0343 2176 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys 18:04:46.0343 2176 Cdaudio - ok 18:04:46.0390 2176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys 18:04:46.0390 2176 Cdfs - ok 18:04:46.0421 2176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys 18:04:46.0437 2176 Cdrom - ok 18:04:46.0453 2176 Changer - ok 18:04:46.0500 2176 CmdIde - ok 18:04:46.0546 2176 Cpqarray - ok 18:04:46.0578 2176 dac2w2k - ok 18:04:46.0609 2176 dac960nt - ok 18:04:46.0656 2176 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys 18:04:46.0656 2176 Disk - ok 18:04:46.0718 2176 dmboot (ae717be311722ceebd9a27b57757a123) D:\WINDOWS\system32\drivers\dmboot.sys 18:04:46.0734 2176 dmboot - ok 18:04:46.0843 2176 dmio (66b7462ad4844052d4a6cbea3aa486a0) D:\WINDOWS\system32\drivers\dmio.sys 18:04:46.0859 2176 dmio - ok 18:04:46.0921 2176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys 18:04:46.0921 2176 dmload - ok 18:04:47.0000 2176 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys 18:04:47.0000 2176 DMusic - ok 18:04:47.0046 2176 dpti2o - ok 18:04:47.0093 2176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys 18:04:47.0093 2176 drmkaud - ok 18:04:47.0140 2176 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 18:04:47.0156 2176 dtsoftbus01 - ok 18:04:47.0250 2176 eamon (9309c5c9831203436e64cf2ae605c5d7) D:\WINDOWS\system32\DRIVERS\eamon.sys 18:04:47.0250 2176 eamon - ok 18:04:47.0359 2176 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) D:\WINDOWS\system32\DRIVERS\ehdrv.sys 18:04:47.0359 2176 ehdrv - ok 18:04:47.0437 2176 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) D:\WINDOWS\system32\DRIVERS\epfwtdir.sys 18:04:47.0437 2176 epfwtdir - ok 18:04:47.0515 2176 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys 18:04:47.0515 2176 Fastfat - ok 18:04:47.0625 2176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys 18:04:47.0625 2176 Fdc - ok 18:04:47.0671 2176 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\WINDOWS\system32\DRIVERS\fetnd5.sys 18:04:47.0671 2176 FETNDIS - ok 18:04:47.0718 2176 Fips (0986fca8fd7a56d9f1628fe6ef321090) D:\WINDOWS\system32\drivers\Fips.sys 18:04:47.0718 2176 Fips - ok 18:04:47.0750 2176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:04:47.0750 2176 Flpydisk - ok 18:04:47.0812 2176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:04:47.0812 2176 FltMgr - ok 18:04:47.0890 2176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys 18:04:47.0890 2176 Fs_Rec - ok 18:04:47.0921 2176 Ftdisk (44225407f69666099c4d4c6bc9cd804d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:04:47.0921 2176 Ftdisk - ok 18:04:47.0984 2176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys 18:04:47.0984 2176 Gpc - ok 18:04:48.0078 2176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys 18:04:48.0078 2176 hidusb - ok 18:04:48.0125 2176 hpn - ok 18:04:48.0187 2176 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) D:\WINDOWS\system32\Drivers\HTTP.sys 18:04:48.0187 2176 HTTP - ok 18:04:48.0265 2176 i2omgmt - ok 18:04:48.0296 2176 i2omp - ok 18:04:48.0359 2176 i8042prt (d7947ecf17544ced478bd969939db349) D:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:04:48.0359 2176 i8042prt - ok 18:04:48.0421 2176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys 18:04:48.0421 2176 Imapi - ok 18:04:48.0453 2176 ini910u - ok 18:04:48.0500 2176 IntelIde - ok 18:04:48.0546 2176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:04:48.0546 2176 Ip6Fw - ok 18:04:48.0609 2176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:04:48.0609 2176 IpFilterDriver - ok 18:04:48.0656 2176 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys 18:04:48.0656 2176 IpInIp - ok 18:04:48.0703 2176 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys 18:04:48.0703 2176 IpNat - ok 18:04:48.0781 2176 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys 18:04:48.0781 2176 IPSec - ok 18:04:48.0843 2176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys 18:04:48.0843 2176 IRENUM - ok 18:04:48.0906 2176 isapnp (3685529caa2b14c9632e85e265ba293b) D:\WINDOWS\system32\DRIVERS\isapnp.sys 18:04:48.0921 2176 isapnp - ok 18:04:48.0984 2176 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) D:\Program Files\UltraISO\drivers\ISODrive.sys 18:04:48.0984 2176 ISODrive - ok 18:04:49.0093 2176 Kbdclass (51d3342d1a0c19605095405352bb009b) D:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:04:49.0109 2176 Kbdclass - ok 18:04:49.0156 2176 kbdhid (eb1720313b4fd571654926a80e610c20) D:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:04:49.0156 2176 kbdhid - ok 18:04:49.0203 2176 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys 18:04:49.0203 2176 kmixer - ok 18:04:49.0281 2176 KSecDD (1705745d900dabf2d89f90ebaddc7517) D:\WINDOWS\system32\drivers\KSecDD.sys 18:04:49.0281 2176 KSecDD - ok 18:04:49.0328 2176 lbrtfdc - ok 18:04:49.0421 2176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys 18:04:49.0421 2176 mnmdd - ok 18:04:49.0500 2176 Modem (226b93eb15b1c819fa021a5167c5809d) D:\WINDOWS\system32\drivers\Modem.sys 18:04:49.0500 2176 Modem - ok 18:04:49.0562 2176 Mouclass (705cac1902dcd3e3181a199d7ad40d13) D:\WINDOWS\system32\DRIVERS\mouclass.sys 18:04:49.0562 2176 Mouclass - ok 18:04:49.0609 2176 mouhid (6a79cb27d0e608a45638cd9468269a3e) D:\WINDOWS\system32\DRIVERS\mouhid.sys 18:04:49.0609 2176 mouhid - ok 18:04:49.0656 2176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys 18:04:49.0656 2176 MountMgr - ok 18:04:49.0687 2176 mraid35x - ok 18:04:49.0718 2176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:04:49.0734 2176 MRxDAV - ok 18:04:49.0828 2176 MRxSmb (7170ab42b51954def2781a4d1cce65f4) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:04:49.0843 2176 MRxSmb - ok 18:04:49.0968 2176 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys 18:04:49.0968 2176 Msfs - ok 18:04:50.0046 2176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys 18:04:50.0046 2176 MSKSSRV - ok 18:04:50.0093 2176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:04:50.0093 2176 MSPCLOCK - ok 18:04:50.0156 2176 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys 18:04:50.0156 2176 MSPQM - ok 18:04:50.0203 2176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:04:50.0203 2176 mssmbios - ok 18:04:50.0250 2176 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys 18:04:50.0250 2176 Mup - ok 18:04:50.0359 2176 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys 18:04:50.0375 2176 NDIS - ok 18:04:50.0437 2176 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:04:50.0437 2176 NdisTapi - ok 18:04:50.0484 2176 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:04:50.0484 2176 Ndisuio - ok 18:04:50.0515 2176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:04:50.0515 2176 NdisWan - ok 18:04:50.0625 2176 NDProxy (6215023940cfd3702b46abc304e1d45a) D:\WINDOWS\system32\drivers\NDProxy.sys 18:04:50.0625 2176 NDProxy - ok 18:04:50.0703 2176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys 18:04:50.0703 2176 NetBIOS - ok 18:04:50.0750 2176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys 18:04:50.0750 2176 NetBT - ok 18:04:50.0921 2176 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys 18:04:50.0921 2176 Npfs - ok 18:04:50.0984 2176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys 18:04:51.0000 2176 Ntfs - ok 18:04:51.0109 2176 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys 18:04:51.0109 2176 Null - ok 18:04:51.0187 2176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:04:51.0187 2176 NwlnkFlt - ok 18:04:51.0218 2176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:04:51.0218 2176 NwlnkFwd - ok 18:04:51.0265 2176 Parport (632f154061074a9a1b75ecbba89d8d42) D:\WINDOWS\system32\DRIVERS\parport.sys 18:04:51.0265 2176 Parport - ok 18:04:51.0359 2176 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys 18:04:51.0359 2176 PartMgr - ok 18:04:51.0421 2176 ParVdm (4df92a889e7fe15ed3834d288a0271f5) D:\WINDOWS\system32\drivers\ParVdm.sys 18:04:51.0421 2176 ParVdm - ok 18:04:51.0468 2176 PCI (b4a9c91cfdd5c68e2e48c0754e3a88f9) D:\WINDOWS\system32\DRIVERS\pci.sys 18:04:51.0484 2176 PCI - ok 18:04:51.0500 2176 PCIDump - ok 18:04:51.0531 2176 PCIIde - ok 18:04:51.0578 2176 Pcmcia (3defb381b9cdca9d4375bd37a3c0189b) D:\WINDOWS\system32\drivers\Pcmcia.sys 18:04:51.0593 2176 Pcmcia - ok 18:04:51.0671 2176 PDCOMP - ok 18:04:51.0703 2176 PDFRAME - ok 18:04:51.0718 2176 PDRELI - ok 18:04:51.0750 2176 PDRFRAME - ok 18:04:51.0781 2176 perc2 - ok 18:04:51.0812 2176 perc2hib - ok 18:04:51.0921 2176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys 18:04:51.0921 2176 PptpMiniport - ok 18:04:52.0000 2176 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys 18:04:52.0015 2176 PSched - ok 18:04:52.0046 2176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys 18:04:52.0046 2176 Ptilink - ok 18:04:52.0078 2176 ql1080 - ok 18:04:52.0109 2176 Ql10wnt - ok 18:04:52.0140 2176 ql12160 - ok 18:04:52.0171 2176 ql1240 - ok 18:04:52.0203 2176 ql1280 - ok 18:04:52.0234 2176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys 18:04:52.0234 2176 RasAcd - ok 18:04:52.0296 2176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:04:52.0296 2176 Rasl2tp - ok 18:04:52.0343 2176 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:04:52.0359 2176 RasPppoe - ok 18:04:52.0406 2176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys 18:04:52.0406 2176 Raspti - ok 18:04:52.0453 2176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys 18:04:52.0468 2176 Rdbss - ok 18:04:52.0562 2176 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:04:52.0562 2176 RDPCDD - ok 18:04:52.0625 2176 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:04:52.0625 2176 rdpdr - ok 18:04:52.0718 2176 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys 18:04:52.0734 2176 RDPWD - ok 18:04:52.0828 2176 redbook (3c706fd765482112c3a6d42e1d7b58bb) D:\WINDOWS\system32\DRIVERS\redbook.sys 18:04:52.0843 2176 redbook - ok 18:04:52.0984 2176 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys 18:04:52.0984 2176 Secdrv - ok 18:04:53.0031 2176 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys 18:04:53.0031 2176 serenum - ok 18:04:53.0078 2176 Serial (87df40b4db611efbdf74c9b3eccab417) D:\WINDOWS\system32\DRIVERS\serial.sys 18:04:53.0078 2176 Serial - ok 18:04:53.0171 2176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys 18:04:53.0171 2176 Sfloppy - ok 18:04:53.0218 2176 Simbad - ok 18:04:53.0265 2176 Sparrow - ok 18:04:53.0328 2176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys 18:04:53.0328 2176 splitter - ok 18:04:53.0390 2176 Sr (38e904fb6139945822b929eaf2570ca5) D:\WINDOWS\system32\DRIVERS\sr.sys 18:04:53.0390 2176 Sr - ok 18:04:53.0515 2176 Srv (ae4d13b572399b206b43d65da4d9983d) D:\WINDOWS\system32\DRIVERS\srv.sys 18:04:53.0531 2176 Srv - ok 18:04:53.0640 2176 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys 18:04:53.0640 2176 swenum - ok 18:04:53.0703 2176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys 18:04:53.0703 2176 swmidi - ok 18:04:53.0734 2176 symc810 - ok 18:04:53.0765 2176 symc8xx - ok 18:04:53.0796 2176 sym_hi - ok 18:04:53.0828 2176 sym_u3 - ok 18:04:53.0875 2176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys 18:04:53.0875 2176 sysaudio - ok 18:04:53.0968 2176 Tcpip (93ea8d04ec73a85db02eb8805988f733) D:\WINDOWS\system32\DRIVERS\tcpip.sys 18:04:53.0984 2176 Tcpip - ok 18:04:54.0078 2176 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys 18:04:54.0078 2176 TDPIPE - ok 18:04:54.0125 2176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys 18:04:54.0125 2176 TDTCP - ok 18:04:54.0187 2176 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys 18:04:54.0187 2176 TermDD - ok 18:04:54.0250 2176 TosIde - ok 18:04:54.0312 2176 uagp35 (d85938f272d1bcf3db3a31fc0a048928) D:\WINDOWS\system32\DRIVERS\uagp35.sys 18:04:54.0328 2176 uagp35 - ok 18:04:54.0375 2176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys 18:04:54.0375 2176 Udfs - ok 18:04:54.0406 2176 ultra - ok 18:04:54.0453 2176 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Program Files\Unlocker\UnlockerDriver5.sys 18:04:54.0453 2176 UnlockerDriver5 - ok 18:04:54.0515 2176 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys 18:04:54.0531 2176 Update - ok 18:04:54.0640 2176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys 18:04:54.0640 2176 usbehci - ok 18:04:54.0687 2176 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys 18:04:54.0687 2176 usbhub - ok 18:04:54.0750 2176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys 18:04:54.0750 2176 usbscan - ok 18:04:54.0796 2176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:04:54.0796 2176 USBSTOR - ok 18:04:54.0843 2176 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:04:54.0843 2176 usbuhci - ok 18:04:54.0906 2176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys 18:04:54.0906 2176 VgaSave - ok 18:04:54.0968 2176 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) D:\WINDOWS\system32\drivers\ViaIde.sys 18:04:54.0968 2176 ViaIde - ok 18:04:55.0062 2176 VIAudio (2e1ffc794290d9b16f1db1084583e655) D:\WINDOWS\system32\drivers\vinyl97.sys 18:04:55.0062 2176 VIAudio - ok 18:04:55.0156 2176 videX32 (cbad598bb71ccc9f725ea042d7be4e35) D:\WINDOWS\system32\DRIVERS\videX32.sys 18:04:55.0156 2176 videX32 - ok 18:04:55.0203 2176 VolSnap (9946cfcc7e445e1d846db748299724eb) D:\WINDOWS\system32\drivers\VolSnap.sys 18:04:55.0203 2176 VolSnap - ok 18:04:55.0281 2176 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys 18:04:55.0281 2176 Wanarp - ok 18:04:55.0359 2176 Wdf01000 (fd47474bd21794508af449d9d91af6e6) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys 18:04:55.0359 2176 Wdf01000 - ok 18:04:55.0437 2176 WDICA - ok 18:04:55.0484 2176 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys 18:04:55.0500 2176 wdmaud - ok 18:04:55.0734 2176 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:04:55.0750 2176 WudfPf - ok 18:04:55.0781 2176 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:04:55.0796 2176 WudfRd - ok 18:04:55.0859 2176 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk0\DR0 18:04:56.0078 2176 \Device\Harddisk0\DR0 - ok 18:04:56.0125 2176 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk1\DR1 18:04:56.0531 2176 \Device\Harddisk1\DR1 - ok 18:04:56.0921 2176 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR6 18:04:57.0453 2176 \Device\Harddisk2\DR6 - ok 18:04:57.0500 2176 Boot (0x1200) (1e9c55beae583f6a7030e0e488bc4d95) \Device\Harddisk0\DR0\Partition0 18:04:57.0500 2176 \Device\Harddisk0\DR0\Partition0 - ok 18:04:57.0531 2176 Boot (0x1200) (120d360b5320aa2bf392f0b2757a53d2) \Device\Harddisk0\DR0\Partition1 18:04:57.0531 2176 \Device\Harddisk0\DR0\Partition1 - ok 18:04:57.0546 2176 Boot (0x1200) (c9e812377ac6688a7c553f8e2256244a) \Device\Harddisk1\DR1\Partition0 18:04:57.0546 2176 \Device\Harddisk1\DR1\Partition0 - ok 18:04:57.0593 2176 Boot (0x1200) (d3eacbf3e297ca7889ac67fea6a9b0ce) \Device\Harddisk1\DR1\Partition1 18:04:57.0593 2176 \Device\Harddisk1\DR1\Partition1 - ok 18:04:57.0593 2176 Boot (0x1200) (f91c7ab5c2c01a6607c0aee3aa4452af) \Device\Harddisk2\DR6\Partition0 18:04:57.0609 2176 \Device\Harddisk2\DR6\Partition0 - ok 18:04:57.0625 2176 ============================================================ 18:04:57.0625 2176 Scan finished 18:04:57.0625 2176 ============================================================ 18:04:57.0640 0264 Detected object count: 0 18:04:57.0640 0264 Actual detected object count: 0 18:05:09.0437 2872 ============================================================ 18:05:09.0437 2872 Scan started 18:05:09.0437 2872 Mode: Manual; SigCheck; TDLFS; 18:05:09.0437 2872 ============================================================ 18:05:09.0734 2872 Abiosdsk - ok 18:05:09.0765 2872 abp480n5 - ok 18:05:09.0812 2872 ACPI (5482ff197e59b4ca97ccb1b4740a2949) D:\WINDOWS\system32\DRIVERS\ACPI.sys 18:05:11.0421 2872 ACPI - ok 18:05:11.0515 2872 ACPIEC (582c901174a7f0733c6fe41c37c9a80b) D:\WINDOWS\system32\drivers\ACPIEC.sys 18:05:11.0781 2872 ACPIEC - ok 18:05:11.0843 2872 adpu160m - ok 18:05:11.0906 2872 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys 18:05:12.0171 2872 aec - ok 18:05:12.0250 2872 AFD (4d43e74f2a1239d53929b82600f1971c) D:\WINDOWS\System32\drivers\afd.sys 18:05:12.0296 2872 AFD ( UnsignedFile.Multi.Generic ) - warning 18:05:12.0296 2872 AFD - detected UnsignedFile.Multi.Generic (1) 18:05:12.0359 2872 Aha154x - ok 18:05:12.0390 2872 aic78u2 - ok 18:05:12.0421 2872 aic78xx - ok 18:05:12.0468 2872 AliIde - ok 18:05:12.0515 2872 AmdK7 (5338f3a9987e80b0c00f9c7c16122fd7) D:\WINDOWS\system32\DRIVERS\amdk7.sys 18:05:12.0781 2872 AmdK7 - ok 18:05:12.0812 2872 amsint - ok 18:05:12.0843 2872 asc - ok 18:05:12.0859 2872 asc3350p - ok 18:05:12.0890 2872 asc3550 - ok 18:05:12.0953 2872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:05:13.0234 2872 AsyncMac - ok 18:05:13.0281 2872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys 18:05:13.0562 2872 atapi - ok 18:05:13.0625 2872 Atdisk - ok 18:05:13.0812 2872 ati2mtag (3d2bdb33c97b8b12a048ddc5bcaf2029) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:05:14.0046 2872 ati2mtag - ok 18:05:14.0140 2872 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:05:14.0406 2872 Atmarpc - ok 18:05:14.0468 2872 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys 18:05:14.0750 2872 audstub - ok 18:05:14.0812 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys 18:05:15.0109 2872 Beep - ok 18:05:15.0156 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys 18:05:15.0421 2872 cbidf2k - ok 18:05:15.0453 2872 cd20xrnt - ok 18:05:15.0500 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys 18:05:15.0843 2872 Cdaudio - ok 18:05:15.0906 2872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys 18:05:16.0187 2872 Cdfs - ok 18:05:16.0234 2872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys 18:05:16.0562 2872 Cdrom - ok 18:05:16.0593 2872 Changer - ok 18:05:16.0640 2872 CmdIde - ok 18:05:16.0734 2872 Cpqarray - ok 18:05:16.0781 2872 dac2w2k - ok 18:05:16.0796 2872 dac960nt - ok 18:05:17.0234 2872 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys 18:05:17.0562 2872 Disk - ok 18:05:17.0703 2872 dmboot (ae717be311722ceebd9a27b57757a123) D:\WINDOWS\system32\drivers\dmboot.sys 18:05:18.0093 2872 dmboot - ok 18:05:18.0406 2872 dmio (66b7462ad4844052d4a6cbea3aa486a0) D:\WINDOWS\system32\drivers\dmio.sys 18:05:18.0734 2872 dmio - ok 18:05:18.0828 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys 18:05:19.0125 2872 dmload - ok 18:05:19.0171 2872 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys 18:05:19.0593 2872 DMusic - ok 18:05:19.0640 2872 dpti2o - ok 18:05:19.0687 2872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys 18:05:20.0015 2872 drmkaud - ok 18:05:20.0171 2872 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) D:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 18:05:20.0546 2872 dtsoftbus01 - ok 18:05:20.0640 2872 eamon (9309c5c9831203436e64cf2ae605c5d7) D:\WINDOWS\system32\DRIVERS\eamon.sys 18:05:20.0703 2872 eamon - ok 18:05:20.0796 2872 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) D:\WINDOWS\system32\DRIVERS\ehdrv.sys 18:05:20.0828 2872 ehdrv - ok 18:05:20.0906 2872 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) D:\WINDOWS\system32\DRIVERS\epfwtdir.sys 18:05:20.0937 2872 epfwtdir - ok 18:05:21.0015 2872 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys 18:05:21.0546 2872 Fastfat - ok 18:05:21.0656 2872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\DRIVERS\fdc.sys 18:05:21.0953 2872 Fdc - ok 18:05:22.0062 2872 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\WINDOWS\system32\DRIVERS\fetnd5.sys 18:05:22.0390 2872 FETNDIS - ok 18:05:22.0500 2872 Fips (0986fca8fd7a56d9f1628fe6ef321090) D:\WINDOWS\system32\drivers\Fips.sys 18:05:22.0859 2872 Fips - ok 18:05:23.0125 2872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:05:23.0812 2872 Flpydisk - ok 18:05:24.0000 2872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:05:24.0343 2872 FltMgr - ok 18:05:24.0421 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys 18:05:24.0703 2872 Fs_Rec - ok 18:05:24.0765 2872 Ftdisk (44225407f69666099c4d4c6bc9cd804d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:05:25.0078 2872 Ftdisk - ok 18:05:25.0156 2872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys 18:05:25.0421 2872 Gpc - ok 18:05:25.0515 2872 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys 18:05:25.0875 2872 hidusb - ok 18:05:25.0937 2872 hpn - ok 18:05:25.0984 2872 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) D:\WINDOWS\system32\Drivers\HTTP.sys 18:05:26.0265 2872 HTTP - ok 18:05:26.0343 2872 i2omgmt - ok 18:05:26.0375 2872 i2omp - ok 18:05:26.0421 2872 i8042prt (d7947ecf17544ced478bd969939db349) D:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:05:26.0812 2872 i8042prt - ok 18:05:26.0921 2872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys 18:05:27.0234 2872 Imapi - ok 18:05:27.0312 2872 ini910u - ok 18:05:27.0343 2872 IntelIde - ok 18:05:27.0390 2872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:05:27.0656 2872 Ip6Fw - ok 18:05:27.0734 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:05:28.0015 2872 IpFilterDriver - ok 18:05:28.0109 2872 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys 18:05:28.0406 2872 IpInIp - ok 18:05:28.0500 2872 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys 18:05:28.0796 2872 IpNat - ok 18:05:28.0875 2872 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys 18:05:29.0140 2872 IPSec - ok 18:05:29.0187 2872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys 18:05:29.0281 2872 IRENUM - ok 18:05:29.0343 2872 isapnp (3685529caa2b14c9632e85e265ba293b) D:\WINDOWS\system32\DRIVERS\isapnp.sys 18:05:29.0625 2872 isapnp - ok 18:05:29.0687 2872 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) D:\Program Files\UltraISO\drivers\ISODrive.sys 18:05:29.0734 2872 ISODrive - ok 18:05:29.0828 2872 Kbdclass (51d3342d1a0c19605095405352bb009b) D:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:05:30.0109 2872 Kbdclass - ok 18:05:30.0156 2872 kbdhid (eb1720313b4fd571654926a80e610c20) D:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:05:30.0437 2872 kbdhid - ok 18:05:30.0500 2872 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys 18:05:30.0828 2872 kmixer - ok 18:05:30.0906 2872 KSecDD (1705745d900dabf2d89f90ebaddc7517) D:\WINDOWS\system32\drivers\KSecDD.sys 18:05:31.0187 2872 KSecDD - ok 18:05:31.0234 2872 lbrtfdc - ok 18:05:31.0328 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys 18:05:31.0593 2872 mnmdd - ok 18:05:31.0656 2872 Modem (226b93eb15b1c819fa021a5167c5809d) D:\WINDOWS\system32\drivers\Modem.sys 18:05:31.0953 2872 Modem - ok 18:05:32.0015 2872 Mouclass (705cac1902dcd3e3181a199d7ad40d13) D:\WINDOWS\system32\DRIVERS\mouclass.sys 18:05:32.0265 2872 Mouclass - ok 18:05:32.0328 2872 mouhid (6a79cb27d0e608a45638cd9468269a3e) D:\WINDOWS\system32\DRIVERS\mouhid.sys 18:05:32.0609 2872 mouhid - ok 18:05:32.0671 2872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys 18:05:32.0937 2872 MountMgr - ok 18:05:32.0984 2872 mraid35x - ok 18:05:33.0031 2872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:05:33.0296 2872 MRxDAV - ok 18:05:33.0406 2872 MRxSmb (7170ab42b51954def2781a4d1cce65f4) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:05:33.0437 2872 MRxSmb ( UnsignedFile.Multi.Generic ) - warning 18:05:33.0437 2872 MRxSmb - detected UnsignedFile.Multi.Generic (1) 18:05:33.0546 2872 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys 18:05:33.0796 2872 Msfs - ok 18:05:33.0859 2872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys 18:05:34.0125 2872 MSKSSRV - ok 18:05:34.0187 2872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:05:34.0468 2872 MSPCLOCK - ok 18:05:34.0500 2872 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys 18:05:34.0765 2872 MSPQM - ok 18:05:34.0812 2872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:05:35.0062 2872 mssmbios - ok 18:05:35.0109 2872 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys 18:05:35.0375 2872 Mup - ok 18:05:35.0421 2872 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys 18:05:35.0687 2872 NDIS - ok 18:05:35.0765 2872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:05:36.0031 2872 NdisTapi - ok 18:05:36.0078 2872 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:05:36.0328 2872 Ndisuio - ok 18:05:36.0421 2872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:05:36.0703 2872 NdisWan - ok 18:05:36.0781 2872 NDProxy (6215023940cfd3702b46abc304e1d45a) D:\WINDOWS\system32\drivers\NDProxy.sys 18:05:37.0046 2872 NDProxy - ok 18:05:37.0140 2872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys 18:05:37.0390 2872 NetBIOS - ok 18:05:37.0500 2872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys 18:05:37.0734 2872 NetBT - ok 18:05:37.0875 2872 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys 18:05:38.0156 2872 Npfs - ok 18:05:38.0265 2872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys 18:05:38.0515 2872 Ntfs - ok 18:05:38.0640 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys 18:05:38.0906 2872 Null - ok 18:05:38.0953 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:05:39.0187 2872 NwlnkFlt - ok 18:05:39.0296 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:05:39.0531 2872 NwlnkFwd - ok 18:05:39.0625 2872 Parport (632f154061074a9a1b75ecbba89d8d42) D:\WINDOWS\system32\DRIVERS\parport.sys 18:05:39.0890 2872 Parport - ok 18:05:39.0968 2872 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys 18:05:40.0203 2872 PartMgr - ok 18:05:40.0265 2872 ParVdm (4df92a889e7fe15ed3834d288a0271f5) D:\WINDOWS\system32\drivers\ParVdm.sys 18:05:40.0515 2872 ParVdm - ok 18:05:40.0562 2872 PCI (b4a9c91cfdd5c68e2e48c0754e3a88f9) D:\WINDOWS\system32\DRIVERS\pci.sys 18:05:40.0796 2872 PCI - ok 18:05:40.0828 2872 PCIDump - ok 18:05:40.0843 2872 PCIIde - ok 18:05:40.0906 2872 Pcmcia (3defb381b9cdca9d4375bd37a3c0189b) D:\WINDOWS\system32\drivers\Pcmcia.sys 18:05:41.0156 2872 Pcmcia - ok 18:05:41.0218 2872 PDCOMP - ok 18:05:41.0250 2872 PDFRAME - ok 18:05:41.0281 2872 PDRELI - ok 18:05:41.0296 2872 PDRFRAME - ok 18:05:41.0328 2872 perc2 - ok 18:05:41.0343 2872 perc2hib - ok 18:05:41.0468 2872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys 18:05:41.0718 2872 PptpMiniport - ok 18:05:41.0796 2872 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys 18:05:42.0046 2872 PSched - ok 18:05:42.0093 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys 18:05:42.0312 2872 Ptilink - ok 18:05:42.0328 2872 ql1080 - ok 18:05:42.0375 2872 Ql10wnt - ok 18:05:42.0406 2872 ql12160 - ok 18:05:42.0421 2872 ql1240 - ok 18:05:42.0453 2872 ql1280 - ok 18:05:42.0500 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys 18:05:42.0734 2872 RasAcd - ok 18:05:42.0796 2872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:05:43.0046 2872 Rasl2tp - ok 18:05:43.0093 2872 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:05:43.0312 2872 RasPppoe - ok 18:05:43.0375 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys 18:05:43.0625 2872 Raspti - ok 18:05:43.0687 2872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys 18:05:43.0921 2872 Rdbss - ok 18:05:44.0015 2872 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:05:44.0234 2872 RDPCDD - ok 18:05:44.0343 2872 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:05:44.0562 2872 rdpdr - ok 18:05:44.0671 2872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys 18:05:44.0921 2872 RDPWD - ok 18:05:45.0015 2872 redbook (3c706fd765482112c3a6d42e1d7b58bb) D:\WINDOWS\system32\DRIVERS\redbook.sys 18:05:45.0234 2872 redbook - ok 18:05:45.0406 2872 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys 18:05:45.0500 2872 Secdrv - ok 18:05:45.0562 2872 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys 18:05:45.0796 2872 serenum - ok 18:05:45.0843 2872 Serial (87df40b4db611efbdf74c9b3eccab417) D:\WINDOWS\system32\DRIVERS\serial.sys 18:05:46.0046 2872 Serial - ok 18:05:46.0140 2872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys 18:05:46.0359 2872 Sfloppy - ok 18:05:46.0406 2872 Simbad - ok 18:05:46.0437 2872 Sparrow - ok 18:05:46.0500 2872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys 18:05:46.0703 2872 splitter - ok 18:05:46.0781 2872 Sr (38e904fb6139945822b929eaf2570ca5) D:\WINDOWS\system32\DRIVERS\sr.sys 18:05:46.0875 2872 Sr - ok 18:05:46.0968 2872 Srv (ae4d13b572399b206b43d65da4d9983d) D:\WINDOWS\system32\DRIVERS\srv.sys 18:05:47.0015 2872 Srv ( UnsignedFile.Multi.Generic ) - warning 18:05:47.0015 2872 Srv - detected UnsignedFile.Multi.Generic (1) 18:05:47.0125 2872 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys 18:05:47.0343 2872 swenum - ok 18:05:47.0421 2872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys 18:05:47.0656 2872 swmidi - ok 18:05:47.0703 2872 symc810 - ok 18:05:47.0734 2872 symc8xx - ok 18:05:47.0765 2872 sym_hi - ok 18:05:47.0781 2872 sym_u3 - ok 18:05:47.0843 2872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys 18:05:48.0078 2872 sysaudio - ok 18:05:48.0156 2872 Tcpip (93ea8d04ec73a85db02eb8805988f733) D:\WINDOWS\system32\DRIVERS\tcpip.sys 18:05:48.0390 2872 Tcpip - ok 18:05:48.0484 2872 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys 18:05:48.0718 2872 TDPIPE - ok 18:05:48.0828 2872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys 18:05:49.0031 2872 TDTCP - ok 18:05:49.0125 2872 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys 18:05:49.0343 2872 TermDD - ok 18:05:49.0437 2872 TosIde - ok 18:05:49.0500 2872 uagp35 (d85938f272d1bcf3db3a31fc0a048928) D:\WINDOWS\system32\DRIVERS\uagp35.sys 18:05:49.0734 2872 uagp35 - ok 18:05:49.0828 2872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys 18:05:50.0062 2872 Udfs - ok 18:05:50.0125 2872 ultra - ok 18:05:50.0187 2872 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Program Files\Unlocker\UnlockerDriver5.sys 18:05:50.0187 2872 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 18:05:50.0187 2872 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 18:05:50.0250 2872 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys 18:05:50.0484 2872 Update - ok 18:05:50.0593 2872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys 18:05:50.0812 2872 usbehci - ok 18:05:50.0875 2872 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys 18:05:51.0109 2872 usbhub - ok 18:05:51.0187 2872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys 18:05:51.0406 2872 usbscan - ok 18:05:51.0515 2872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:05:51.0687 2872 USBSTOR - ok 18:05:51.0718 2872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:05:51.0937 2872 usbuhci - ok 18:05:52.0000 2872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys 18:05:52.0203 2872 VgaSave - ok 18:05:52.0265 2872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) D:\WINDOWS\system32\drivers\ViaIde.sys 18:05:52.0468 2872 ViaIde - ok 18:05:52.0546 2872 VIAudio (2e1ffc794290d9b16f1db1084583e655) D:\WINDOWS\system32\drivers\vinyl97.sys 18:05:52.0625 2872 VIAudio - ok 18:05:52.0718 2872 videX32 (cbad598bb71ccc9f725ea042d7be4e35) D:\WINDOWS\system32\DRIVERS\videX32.sys 18:05:52.0734 2872 videX32 - ok 18:05:52.0781 2872 VolSnap (9946cfcc7e445e1d846db748299724eb) D:\WINDOWS\system32\drivers\VolSnap.sys 18:05:53.0000 2872 VolSnap - ok 18:05:53.0062 2872 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys 18:05:53.0281 2872 Wanarp - ok 18:05:53.0359 2872 Wdf01000 (fd47474bd21794508af449d9d91af6e6) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys 18:05:53.0390 2872 Wdf01000 - ok 18:05:53.0468 2872 WDICA - ok 18:05:53.0500 2872 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys 18:05:53.0734 2872 wdmaud - ok 18:05:53.0953 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:05:53.0968 2872 WudfPf ( UnsignedFile.Multi.Generic ) - warning 18:05:53.0984 2872 WudfPf - detected UnsignedFile.Multi.Generic (1) 18:05:54.0015 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:05:54.0046 2872 WudfRd ( UnsignedFile.Multi.Generic ) - warning 18:05:54.0046 2872 WudfRd - detected UnsignedFile.Multi.Generic (1) 18:05:54.0125 2872 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk0\DR0 18:05:55.0109 2872 \Device\Harddisk0\DR0 - ok 18:05:55.0125 2872 MBR (0x1B8) (186a4159d7661245314a7a933981403e) \Device\Harddisk1\DR1 18:05:55.0593 2872 \Device\Harddisk1\DR1 - ok 18:05:55.0625 2872 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR6 18:05:56.0328 2872 \Device\Harddisk2\DR6 - ok 18:05:56.0359 2872 Boot (0x1200) (1e9c55beae583f6a7030e0e488bc4d95) \Device\Harddisk0\DR0\Partition0 18:05:56.0359 2872 \Device\Harddisk0\DR0\Partition0 - ok 18:05:56.0359 2872 Boot (0x1200) (120d360b5320aa2bf392f0b2757a53d2) \Device\Harddisk0\DR0\Partition1 18:05:56.0359 2872 \Device\Harddisk0\DR0\Partition1 - ok 18:05:56.0375 2872 Boot (0x1200) (c9e812377ac6688a7c553f8e2256244a) \Device\Harddisk1\DR1\Partition0 18:05:56.0390 2872 \Device\Harddisk1\DR1\Partition0 - ok 18:05:56.0406 2872 Boot (0x1200) (d3eacbf3e297ca7889ac67fea6a9b0ce) \Device\Harddisk1\DR1\Partition1 18:05:56.0406 2872 \Device\Harddisk1\DR1\Partition1 - ok 18:05:56.0421 2872 Boot (0x1200) (f91c7ab5c2c01a6607c0aee3aa4452af) \Device\Harddisk2\DR6\Partition0 18:05:56.0421 2872 \Device\Harddisk2\DR6\Partition0 - ok 18:05:56.0437 2872 ============================================================ 18:05:56.0437 2872 Scan finished 18:05:56.0437 2872 ============================================================ 18:05:56.0593 0792 Detected object count: 6 18:05:56.0593 0792 Actual detected object count: 6 18:06:07.0234 0792 D:\WINDOWS\System32\drivers\afd.sys - copied to quarantine 18:06:07.0234 0792 AFD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 18:06:07.0359 0792 D:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine 18:06:07.0359 0792 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 18:06:07.0500 0792 D:\WINDOWS\system32\DRIVERS\srv.sys - copied to quarantine 18:06:07.0500 0792 Srv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 18:06:07.0578 0792 D:\Program Files\Unlocker\UnlockerDriver5.sys - copied to quarantine 18:06:07.0578 0792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 18:06:07.0671 0792 D:\WINDOWS\system32\DRIVERS\WudfPf.sys - copied to quarantine 18:06:07.0671 0792 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 18:06:07.0734 0792 D:\WINDOWS\system32\DRIVERS\wudfrd.sys - copied to quarantine 18:06:07.0734 0792 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine |
Szerző: | stell [ vas. ápr. 29, 2012 19:54 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nincsen mit Udv. |
Szerző: | pilaka [ vas. ápr. 29, 2012 17:57 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Köszönöm szépen , ismét. Üdv. |
Szerző: | stell [ vas. ápr. 29, 2012 15:03 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ok, Ez minden, en szerintem ok, |
Szerző: | pilaka [ vas. ápr. 29, 2012 14:37 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP konfiguráció A DNS-feloldási gyorsítótár kiürítése sikeresen megtörtént. C:\Documents and Settings\Pali\Asztal\cmd.bat deleted successfully. C:\Documents and Settings\Pali\Asztal\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Pali ->Temp folder emptied: 587193 bytes ->Temporary Internet Files folder emptied: 6554550 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 114559085 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 2310 bytes User: Vendég ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 82368 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 116.00 mb OTL by OldTimer - Version 3.2.42.1 log created on 04292012_153101 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Szerző: | stell [ vas. ápr. 29, 2012 14:25 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ok,tolds le az asztalra, futtasd, az ablakjaba masold be a textet es klik, RunFix. a naplojat tedd idde. http://oldtimer.geekstogo.com/OTL.exe Kód: :Files ipconfig /flushdns /c :Commands [resethosts] [emptytemp] es minden ok, akkor ez lesz minden. |
Szerző: | pilaka [ vas. ápr. 29, 2012 14:07 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Megcsináltam , de az alap ANSII kódolás helyett az Unicode - ot ajánlotta a notepad a szöveg mentésekor a karakterek miatt... ComboFix 12-04-28.01 - Pali 012.04.29. 14:33:49.19.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3071.2633 [GMT 2:00] Running from: c:\documents and settings\Pali\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Pali\Asztal\CFScript.txt AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_OMSCAN -------\Service_OMSCAN -------\Service_OMSCAN . . ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))) . . 2012-04-29 10:02 . 2012-04-29 10:07 -------- d-----w- c:\program files\Gene6 FTP Server 2012-04-20 06:43 . 2012-04-20 06:43 -------- d-----w- c:\documents and settings\Pali\Application Data\Digital Red 2012-04-13 19:31 . 2012-04-13 19:31 -------- d-----w- c:\documents and settings\Pali\Application Data\XBMC 2012-04-13 19:30 . 2012-04-13 19:30 -------- d-----w- c:\program files\XBMC 2012-04-13 18:36 . 2012-04-13 18:36 -------- d-----w- c:\program files\Emicsoft Studio 2012-04-13 18:34 . 2012-04-13 18:34 -------- d-----w- c:\program files\AliveMedia 2012-04-13 07:31 . 2012-04-13 07:31 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\EZSoftMagic 2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\AD MP3 Cutter 2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\documents and settings\Pali\Application Data\AD MP3 Cutter 2012-04-12 08:48 . 2012-04-12 08:48 -------- d-----w- c:\program files\Direct WAV MP3 Splitter2.7 2012-04-05 08:16 . 2012-04-14 16:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-02 08:20 . 2012-04-02 08:20 -------- d-----w- c:\program files\MSXML 4.0 2012-04-01 20:57 . 2012-04-01 20:57 -------- d-----w- c:\program files\Batch Photo Factory 2012-03-31 13:50 . 2012-03-31 13:50 -------- d-----w- c:\program files\Traction Software 2012-03-31 13:42 . 2012-03-31 13:42 -------- d-----w- c:\program files\BatchPhoto 2012-03-31 12:52 . 2012-04-29 00:12 -------- d-----w- C:\$AVG8.VAULT$ 2012-03-31 11:54 . 2012-03-31 11:54 -------- d-----w- c:\windows\system32\winevt 2012-03-31 11:54 . 2012-03-31 11:54 -------- d-----w- c:\windows\ServiceProfiles 2012-03-31 10:25 . 2012-03-31 10:25 -------- d-----w- c:\program files\Új mappa (2) 2012-03-31 10:23 . 2012-03-31 10:23 -------- d-----w- c:\program files\ThePluginSite 2012-03-31 10:23 . 2012-03-31 10:23 -------- d-----w- c:\documents and settings\Pali\Application Data\ThePluginSite 2012-03-31 09:29 . 2012-03-31 09:29 -------- d-----w- c:\program files\AMS Photo Effects 2012-03-31 09:13 . 2012-03-31 09:13 -------- d-----w- c:\program files\PhotoZoom Pro 4 2012-03-31 08:33 . 2012-03-31 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2012-03-31 08:33 . 2012-03-31 08:33 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-03-31 08:33 . 2012-03-31 08:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-03-31 08:33 . 2012-03-31 09:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-03-31 08:33 . 2012-03-31 09:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-03-31 08:33 . 2012-04-28 23:49 -------- d-----w- c:\windows\system32\drivers\Avg 2012-03-31 08:33 . 2012-03-31 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2012-03-31 08:32 . 2012-04-21 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2012-03-31 08:22 . 2012-03-31 08:22 -------- d-----w- c:\program files\Photo Stamp Remover 2012-03-30 21:27 . 2012-03-30 21:27 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\photoOptimizeHistoryDataBase 2012-03-30 21:27 . 2012-03-31 09:21 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Ashampoo Photo Optimizer 4 2012-03-30 21:05 . 2012-03-31 18:30 -------- d-----w- c:\documents and settings\Pali\Application Data\ObviousIdea 2012-03-30 21:04 . 2012-03-30 21:04 -------- d-----w- c:\program files\ObviousIdea . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-14 16:26 . 2011-07-17 11:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-25 16:30 . 2009-07-18 23:59 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-07 00:15 . 2012-03-18 21:33 41184 ----a-w- c:\windows\avastSS.scr 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-29_08.50.39 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-18 12:00 . 2012-04-29 10:56 79860 c:\windows\system32\perfc009.dat - 2004-08-18 12:00 . 2012-04-29 08:35 79860 c:\windows\system32\perfc009.dat + 2004-08-18 12:00 . 2012-04-29 10:56 488570 c:\windows\system32\perfh00E.dat - 2004-08-18 12:00 . 2012-04-29 08:35 488570 c:\windows\system32\perfh00E.dat + 2004-08-18 12:00 . 2012-04-29 10:56 483464 c:\windows\system32\perfh009.dat - 2004-08-18 12:00 . 2012-04-29 08:35 483464 c:\windows\system32\perfh009.dat + 2004-08-18 12:00 . 2012-04-29 10:56 112158 c:\windows\system32\perfc00E.dat - 2004-08-18 12:00 . 2012-04-29 08:35 112158 c:\windows\system32\perfc00E.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "Alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 120\Alcohol.exe" [2010-02-01 2036576] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-29 399736] "G6FTP Server Tray Monitor"="c:\program files\Gene6 FTP Server\G6FTPTray.exe" [2007-02-04 78336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224] "lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512] "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728] "CClipboard"="c:\program files\ComfortClipboard\CClipboard.exe" [2010-06-14 2906952] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960] "3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-03-25 185896] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-03-31 2042208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2012-03-31 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoBiMouse] F:\Programok [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2007-10-30 19:07 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-30 19:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2011-08-13 12:33 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2] 2011-08-25 19:12 8250368 ----a-w- c:\documents and settings\Pali\Local Settings\Application Data\MediaGet2\mediaget.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeamViewer] 2009-03-26 15:37 4066600 ----a-w- c:\program files\TeamViewer\Version4\TeamViewer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2007-10-30 19:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor] 2004-12-23 15:27 81920 ----a-w- c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] 2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"= "c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\XpressUpdate\\XPressUpdate.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2012.03.31. 10:33 12552] R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2010.12.21. 12:15 30820] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2011.10.17. 14:36 39472] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009.09.19. 9:23 33792] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.07.21. 21:00 218688] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011.10.31. 23:21 27632] S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2012.03.31. 10:33 335240] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2012.03.31. 10:33 108552] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007.04.23. 13:03 82200] S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012.03.18. 23:18 251560] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2012.03.31. 10:32 297752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010.03.18. 14:16 130384] S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2011.11.10. 10:26 3584] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2011.11.20. 22:27 8704] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010.08.20. 19:52 233472] S2 G6FTPServer;Gene6 FTP Server;c:\program files\Gene6 FTP Server\G6FTPServer.exe [2007.10.22. 13:29 470016] S2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2011.11.14. 10:31 11936] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011.02.11. 23:23 35088] S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012.03.18. 23:18 160576] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.05. 10:16 253088] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011.10.17. 14:34 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011.10.17. 14:34 8456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010.08.20. 19:52 36608] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009.07.19. 20:21 47360] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012.03.18. 23:17 89472] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012.03.18. 23:17 57536] S3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012.03.18. 23:17 57536] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012.03.18. 23:17 125248] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011.10.31. 23:20 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011.10.31. 23:20 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011.10.31. 23:20 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011.10.31. 23:20 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011.10.31. 23:20 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011.10.31. 23:20 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011.10.31. 23:20 115752] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010.09.06. 8:47 356920] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011.10.31. 23:43 155344] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010.08.20. 19:53 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010.08.20. 19:53 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010.08.20. 19:53 121856] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008.01.25. 11:12 25088] S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\progra~1\MATVAD~1\TNPACKET.SYS [2002.10.09. 13:38 9376] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010.03.18. 14:16 753504] . Contents of the 'Scheduled Tasks' folder . 2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:26] . . ------- Supplementary Scan ------- . mStart Page = about:blank IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm TCP: DhcpNameServer = 213.46.246.54 213.46.246.53 FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\ FF - prefs.js: network.proxy.type - 458765 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-29 14:49 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOPM02.00.00.01PRO"="675E45C435A1B3861728437D047AC79D348020D07C3E791BFB13B0B0E3C43F92B20432EC36D590B425F3B95DA91A18163156B6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667724EFA267A73ECCD14C4B29CF54BDE800219DE96088313D80EED444C8C119A46F2815E98FBD6CE38F8B84F36C3B6A320F02E1A0D62A947067861B006D6F51C2A19E6D079E3E87FB52B2F2EAB1F2754FE10E07253508971DD3E3C05B6A40DD2881193AD552F521B0C7BCFF820B6296CCBF8877EC856310C15DA266518F007D1BF5DA2C35BEE84F5629145CCDCD10F1D9616FE496D8FF1414621CCE704C9D46413D3335861C63216C66842B84F496AC8D5A7A94EE82BE0727134E317F8522C862B1D68245C6E51B6284EF74387891486E1416A81056AD635F60E1E731AC3086B9339E8D06BB21DC45CE51EE43A95A8A2794BAB49AE2571D01F7937ED2EE6A5773AF7DC004CF495E49BA7710C4201879CBB01D77DF6439141921A6C70201E0844737F76C5E3287E6B805C31179A76D5A73171616E16C35C3961627F537ED9741FF5CAE52A39535D648CA2A05EE4B2FB2C4102BCDC653A3A9BFC9DB4677DA2F50BDD256229F8167E0EA46F87A76586A44439E8E17F61CC59803C65D76E7292D9BB2BB327B1729DEFD99107B1320658C140CA33CDFEADB3AB35D8AB359F5A5B331BBF6972A81AAF86707D07EEADD39F05A30C3F027C8E3F643BF1379F2751BD5848639107668725D8AAFBDB1240FD6B6925F5C28106EF517D45899DEA231D126213C249ABB676E8C017FDC7F3825BDBA9B26543D4A4DDDF34BD85CEF026A14430016C03ABD9477C5F795F64EE016327C5E89D1E8BD08A740ABF318912B8EC5363CC520354827EF29547599A643D3416011DC103B2F84D2E441CBAE22DD42BD062634E65F75A42F58CAA8E2937AC8E8565D5DBF5E17F1EC0EAD6B4C2A8E831E658E51B16EE7D60402E040323CDB755683F4FD9CCAE3A9CEF4BA995E86ED9F4CEB0AA57D713F9C623AA649EEF163B14C19CF88D36397288967780B6E26C7D12D7A0B907BEC2D50B02F3122EC97D08762CD376AA2F20E74A24C4FB5817131E46669CD21137610964564287613E7964CD53FB1ECC8D87CA6999CAF01BBDD87B75705F6541FCD4FD2EAB11F44DB201888E7B717DEE781942168F686786E4B84926036698C6A3881669229DBB6ADB0F22D17753D2746A0268212DBE9B83EB2DAD83BB75C4350FE9A439EE6D721445A351D4B1079122B5F14980B131FEE2873B45DBCE10778379ECF2665945E20CCCC22B7727B4E1A0FB9D6ACDF069B555C0E61DA20303F30EF1083BDBBDB20DF6A7F4B8C069C71F7E36BDBE4750D59771F4B8386E33" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(500) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(556) c:\windows\system32\relog_ap.dll . Completion time: 2012-04-29 14:56:46 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-29 12:56 ComboFix2.txt 2012-04-29 08:53 . Pre-Run: 6 316 326 912 bájt szabad Post-Run: 6 284 374 016 bájt szabad . - - End Of File - - 23C05C646FC8BB8001FFB315276CF20B |
Szerző: | stell [ vas. ápr. 29, 2012 11:22 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Csinald szinten csokkentet modban mindent Script készítés: Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad tedd ide. Kód: KILLALL:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChrisTV Agent"=- [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\OMSCAN] "ImagePath"=- DDS:: uStart Page = hxxp://start.facemoods.com/?a=ostpl Extra:: FireFox:: FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p= Driver:: OMSCAN RegNull:: [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34A15073-41AE-8EEF-A16E-D2280D030580}*] [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA0E303-E239-9636-805C-4ED16EC7CC6F}*] [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAE1DC12-FED9-5CE3-FC66-3D095C51EF3A}*] [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\?•€|ÿÿÿÿ"•€|þ»Ów*] ClearJavaCache:: |
Szerző: | pilaka [ vas. ápr. 29, 2012 10:30 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Csökkentett módban végigment és nem is indult újra a gép. ComboFix 12-04-28.01 - Pali 012.04.29. 10:38:03.17.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3071.2631 [GMT 2:00] Running from: c:\documents and settings\Pali\Asztal\ComboFix.exe AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Pali\EULA.txt c:\windows\system32\aac_parser.ax c:\windows\system32\ac3DX.ax c:\windows\system32\ac3filter.ax c:\windows\system32\acelpdec.ax c:\windows\system32\AVCDX.ax c:\windows\system32\bsrmdec.ax c:\windows\system32\CoreAAC.ax c:\windows\system32\declrds.ax c:\windows\system32\DiracSplitter.ax c:\windows\system32\divxdec.ax c:\windows\system32\DivXMedia.ax c:\windows\system32\dtsac3source.ax c:\windows\system32\ffdshow.ax c:\windows\system32\FLACDX.ax c:\windows\system32\GplMpgDec.ax c:\windows\system32\HT_Asyn.ax c:\windows\system32\ht_dein.ax c:\windows\system32\HT_INVER.AX c:\windows\system32\htAudioT.ax c:\windows\system32\HTM1_REC.ax c:\windows\system32\HTMPEG2E.ax c:\windows\system32\HTMpegAE.ax c:\windows\system32\HTMPG2VI.ax c:\windows\system32\iac25_32.ax c:\windows\system32\ir41_32.ax c:\windows\system32\ivfsrc.ax c:\windows\system32\l3codecx.ax c:\windows\system32\MatroskaDX.ax c:\windows\system32\mp4sds32.ax c:\windows\system32\MPCDx.ax c:\windows\system32\Mpeg2DecFilter.ax c:\windows\system32\Mpeg2Decoder.ax c:\windows\system32\Mpeg2Parser.ax c:\windows\system32\MpegSplitter.ax c:\windows\system32\RealMediaDX.ax c:\windows\system32\RealMediaSplitter.ax c:\windows\system32\RLAPEDec.ax c:\windows\system32\RLMPCDec.ax c:\windows\system32\RLOgg.ax c:\windows\system32\RLSpeexDec.ax c:\windows\system32\RLTheoraDec.ax c:\windows\system32\RLVorbisDec.ax c:\windows\system32\TTADSDecoder.ax c:\windows\system32\TTADSSplitter.ax c:\windows\system32\urttemp c:\windows\system32\urttemp\regtlib.exe c:\windows\system32\vumeter.ax c:\windows\system32\wavdest.ax c:\windows\system32\WMAVDS32.ax c:\windows\system32\xvid.ax . . ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 ))))))))))))))))))))))))))))))) . . 2012-04-20 06:43 . 2012-04-20 06:43 -------- d-----w- c:\documents and settings\Pali\Application Data\Digital Red 2012-04-13 19:31 . 2012-04-13 19:31 -------- d-----w- c:\documents and settings\Pali\Application Data\XBMC 2012-04-13 19:30 . 2012-04-13 19:30 -------- d-----w- c:\program files\XBMC 2012-04-13 18:36 . 2012-04-13 18:36 -------- d-----w- c:\program files\Emicsoft Studio 2012-04-13 18:34 . 2012-04-13 18:34 -------- d-----w- c:\program files\AliveMedia 2012-04-13 07:31 . 2012-04-13 07:31 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\EZSoftMagic 2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\program files\AD MP3 Cutter 2012-04-13 06:15 . 2012-04-13 06:15 -------- d-----w- c:\documents and settings\Pali\Application Data\AD MP3 Cutter 2012-04-12 08:48 . 2012-04-12 08:48 -------- d-----w- c:\program files\Direct WAV MP3 Splitter2.7 2012-04-05 08:16 . 2012-04-14 16:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-02 08:20 . 2012-04-02 08:20 -------- d-----w- c:\program files\MSXML 4.0 2012-04-01 20:57 . 2012-04-01 20:57 -------- d-----w- c:\program files\Batch Photo Factory 2012-03-31 13:50 . 2012-03-31 13:50 -------- d-----w- c:\program files\Traction Software 2012-03-31 13:42 . 2012-03-31 13:42 -------- d-----w- c:\program files\BatchPhoto 2012-03-31 12:52 . 2012-04-29 00:12 -------- d-----w- C:\$AVG8.VAULT$ 2012-03-31 11:54 . 2012-03-31 11:54 -------- d-----w- c:\windows\system32\winevt 2012-03-31 11:54 . 2012-03-31 11:54 -------- d-----w- c:\windows\ServiceProfiles 2012-03-31 10:25 . 2012-03-31 10:25 -------- d-----w- c:\program files\Új mappa (2) 2012-03-31 10:23 . 2012-03-31 10:23 -------- d-----w- c:\program files\ThePluginSite 2012-03-31 10:23 . 2012-03-31 10:23 -------- d-----w- c:\documents and settings\Pali\Application Data\ThePluginSite 2012-03-31 09:29 . 2012-03-31 09:29 -------- d-----w- c:\program files\AMS Photo Effects 2012-03-31 09:13 . 2012-03-31 09:13 -------- d-----w- c:\program files\PhotoZoom Pro 4 2012-03-31 08:33 . 2012-03-31 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2012-03-31 08:33 . 2012-03-31 08:33 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-03-31 08:33 . 2012-03-31 08:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-03-31 08:33 . 2012-03-31 09:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-03-31 08:33 . 2012-03-31 09:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-03-31 08:33 . 2012-04-28 23:49 -------- d-----w- c:\windows\system32\drivers\Avg 2012-03-31 08:33 . 2012-03-31 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2012-03-31 08:32 . 2012-04-21 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2012-03-31 08:22 . 2012-03-31 08:22 -------- d-----w- c:\program files\Photo Stamp Remover 2012-03-30 21:27 . 2012-03-30 21:27 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\photoOptimizeHistoryDataBase 2012-03-30 21:27 . 2012-03-31 09:21 -------- d-----w- c:\documents and settings\Pali\Local Settings\Application Data\Ashampoo Photo Optimizer 4 2012-03-30 21:05 . 2012-03-31 18:30 -------- d-----w- c:\documents and settings\Pali\Application Data\ObviousIdea 2012-03-30 21:04 . 2012-03-30 21:04 -------- d-----w- c:\program files\ObviousIdea . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-14 16:26 . 2011-07-17 11:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-25 16:30 . 2009-07-18 23:59 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-03-07 00:15 . 2012-03-18 21:33 41184 ----a-w- c:\windows\avastSS.scr 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "Alcohol.exe Autorun"="c:\program files\Alcohol Soft\Alcohol 120\Alcohol.exe" [2010-02-01 2036576] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-29 399736] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-08-13 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224] "lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512] "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728] "ChrisTV Agent"="c:\program files\ChrisTV\ChrisTV_Agent.exe" [2005-05-02 187392] "CClipboard"="c:\program files\ComfortClipboard\CClipboard.exe" [2010-06-14 2906952] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960] "3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-03-25 185896] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2012-03-31 2042208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2012-03-31 09:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoBiMouse] F:\Programok [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2007-10-30 19:07 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-30 19:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2011-08-13 12:33 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2] 2011-08-25 19:12 8250368 ----a-w- c:\documents and settings\Pali\Local Settings\Application Data\MediaGet2\mediaget.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeamViewer] 2009-03-26 15:37 4066600 ----a-w- c:\program files\TeamViewer\Version4\TeamViewer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2007-10-30 19:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor] 2004-12-23 15:27 81920 ----a-w- c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] 2007-03-03 12:12 341488 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"= "c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\River Past\\Video Slice\\VideoSlice.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\XpressUpdate\\XPressUpdate.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2012.03.31. 10:33 12552] R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2010.12.21. 12:15 30820] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2011.10.17. 14:36 39472] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009.09.19. 9:23 33792] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.07.21. 21:00 218688] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011.10.31. 23:21 27632] S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2012.03.31. 10:33 335240] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2012.03.31. 10:33 108552] S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007.04.23. 13:03 82200] S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012.03.18. 23:18 251560] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2012.03.31. 10:32 297752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010.03.18. 14:16 130384] S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2011.11.10. 10:26 3584] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2011.11.20. 22:27 8704] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010.08.20. 19:52 233472] S2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [2011.11.14. 10:31 11936] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011.02.11. 23:23 35088] S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012.03.18. 23:18 160576] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.05. 10:16 253088] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011.10.17. 14:34 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011.10.17. 14:34 8456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010.08.20. 19:52 36608] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2009.07.19. 20:21 47360] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012.03.18. 23:17 89472] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012.03.18. 23:17 57536] S3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012.03.18. 23:17 57536] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012.03.18. 23:17 125248] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011.10.31. 23:20 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011.10.31. 23:20 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011.10.31. 23:20 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011.10.31. 23:20 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011.10.31. 23:20 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011.10.31. 23:20 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011.10.31. 23:20 115752] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010.09.06. 8:47 356920] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011.10.31. 23:43 155344] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010.08.20. 19:53 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010.08.20. 19:53 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010.08.20. 19:53 121856] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008.01.25. 11:12 25088] S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\progra~1\MATVAD~1\TNPACKET.SYS [2002.10.09. 13:38 9376] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010.03.18. 14:16 753504] . Contents of the 'Scheduled Tasks' folder . 2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=ostpl mStart Page = about:blank IE: Az összes letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlall.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Kijelölés letöltése Free Download Managerrel - file://c:\program files\Free Download Manager\dlselected.htm IE: Letöltés Free Download Managerrel - file://c:\program files\Free Download Manager\dllink.htm IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll IE: Video letöltése a Free Download Manager-rel - file://c:\program files\Free Download Manager\dlfvideo.htm TCP: DhcpNameServer = 213.46.246.54 213.46.246.53 FF - ProfilePath - c:\documents and settings\Pali\Application Data\Mozilla\Firefox\Profiles\trkpvxdy.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p= FF - prefs.js: network.proxy.type - 458765 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-29 10:50 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\OMSCAN] "ImagePath"="\Sys" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34A15073-41AE-8EEF-A16E-D2280D030580}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oanoicgkbgiopefcnmjgnokmikaked"=hex:64,61,6e,6d,68,6d,65,64,00,85 "oabjimbnhlhjhoancifcdjldhjipie"=hex:6a,61,61,6f,6b,6d,6e,6e,66,66,66,62,6a,69, 63,64,62,61,6f,66,00,02 "naphkfkhodflengmgiefodoakloe"=hex:6a,61,61,6f,6b,6d,6e,6e,66,66,66,62,6a,69, 63,64,62,61,6f,66,00,02 "eajhickfpn"=hex:68,62,6e,69,61,64,66,66,68,69,63,64,6e,63,69,6e,6e,69,6e,6e, 66,67,6f,65,6a,64,61,6c,61,64,67,67,63,6b,6c,66,66,6d,6d,6b,69,6f,61,6f,64,\ "cacich"=hex:64,62,63,69,65,70,6b,65,6f,6f,6a,6a,6c,69,6e,66,68,70,70,6e,64,62, 68,6a,6a,63,6e,6b,6e,66,6b,63,66,70,70,62,63,6d,6c,6a,00,6f . [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA0E303-E239-9636-805C-4ED16EC7CC6F}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "hacgdllpoffoopma"=hex:6c,61,67,66,6d,6f,63,65,68,67,6f,6d,68,6f,6b,6f,70,62, 6b,6b,6c,65,61,62,00,b5 "jabgimhpabmmhoopoooc"=hex:6b,61,66,66,64,61,6a,6d,6c,63,6a,65,62,6c,63,61,6f, 6b,70,65,67,6b,00,62 . [HKEY_USERS\S-1-5-21-796845957-1409082233-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAE1DC12-FED9-5CE3-FC66-3D095C51EF3A}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaonpdckffenleachjblhdffcdmakb"=hex:64,61,66,61,67,63,64,6e,00,85 "oacnpkbpipdoabfbfdhnlcledjfcda"=hex:6a,61,66,61,63,63,6f,6b,62,69,63,6b,69,70, 61,68,70,65,63,6e,00,0f "naanbmcdmncioechfefejjjplbib"=hex:6a,61,66,61,63,63,6f,6b,62,69,63,6b,69,70, 61,68,70,65,63,6e,00,0f "eakpplglbf"=hex:65,61,65,6d,6e,63,64,63,64,70,00,00 "capnpc"=hex:6b,62,69,70,6c,6c,64,64,64,6a,64,6c,62,6c,62,6c,6c,66,6a,68,6c,6d, 65,6d,70,65,62,68,6a,67,61,66,6c,6c,66,6f,6b,66,6f,6b,70,6a,64,6c,6f,6b,70,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOPM02.00.00.01PRO"="675E45C435A1B3861728437D047AC79D348020D07C3E791BFB13B0B0E3C43F92B20432EC36D590B425F3B95DA91A18163156B6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667724EFA267A73ECCD14C4B29CF54BDE800219DE96088313D80EED444C8C119A46F2815E98FBD6CE38F8B84F36C3B6A320F02E1A0D62A947067861B006D6F51C2A19E6D079E3E87FB52B2F2EAB1F2754FE10E07253508971DD3E3C05B6A40DD2881193AD552F521B0C7BCFF820B6296CCBF8877EC856310C15DA266518F007D1BF5DA2C35BEE84F5629145CCDCD10F1D9616FE496D8FF1414621CCE704C9D46413D3335861C63216C66842B84F496AC8D5A7A94EE82BE0727134E317F8522C862B1D68245C6E51B6284EF74387891486E1416A81056AD635F60E1E731AC3086B9339E8D06BB21DC45CE51EE43A95A8A2794BAB49AE2571D01F7937ED2EE6A5773AF7DC004CF495E49BA7710C4201879CBB01D77DF6439141921A6C70201E0844737F76C5E3287E6B805C31179A76D5A73171616E16C35C3961627F537ED9741FF5CAE52A39535D648CA2A05EE4B2FB2C4102BCDC653A3A9BFC9DB4677DA2F50BDD256229F8167E0EA46F87A76586A44439E8E17F61CC59803C65D76E7292D9BB2BB327B1729DEFD99107B1320658C140CA33CDFEADB3AB35D8AB359F5A5B331BBF6972A81AAF86707D07EEADD39F05A30C3F027C8E3F643BF1379F2751BD5848639107668725D8AAFBDB1240FD6B6925F5C28106EF517D45899DEA231D126213C249ABB676E8C017FDC7F3825BDBA9B26543D4A4DDDF34BD85CEF026A14430016C03ABD9477C5F795F64EE016327C5E89D1E8BD08A740ABF318912B8EC5363CC520354827EF29547599A643D3416011DC103B2F84D2E441CBAE22DD42BD062634E65F75A42F58CAA8E2937AC8E8565D5DBF5E17F1EC0EAD6B4C2A8E831E658E51B16EE7D60402E040323CDB755683F4FD9CCAE3A9CEF4BA995E86ED9F4CEB0AA57D713F9C623AA649EEF163B14C19CF88D36397288967780B6E26C7D12D7A0B907BEC2D50B02F3122EC97D08762CD376AA2F20E74A24C4FB5817131E46669CD21137610964564287613E7964CD53FB1ECC8D87CA6999CAF01BBDD87B75705F6541FCD4FD2EAB11F44DB201888E7B717DEE781942168F686786E4B84926036698C6A3881669229DBB6ADB0F22D17753D2746A0268212DBE9B83EB2DAD83BB75C4350FE9A439EE6D721445A351D4B1079122B5F14980B131FEE2873B45DBCE10778379ECF2665945E20CCCC22B7727B4E1A0FB9D6ACDF069B555C0E61DA20303F30EF1083BDBBDB20DF6A7F4B8C069C71F7E36BDBE4750D59771F4B8386E33" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(496) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(552) c:\windows\system32\relog_ap.dll . Completion time: 2012-04-29 10:53:57 ComboFix-quarantined-files.txt 2012-04-29 08:53 . Pre-Run: 6 457 327 616 bájt szabad Post-Run: 6 408 306 688 bájt szabad . - - End Of File - - 78A78FC8FACDCFFAC3431C9E70B0C209 |
Szerző: | stell [ vas. ápr. 29, 2012 7:50 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
igen, az SPD a Daemon, Alcohol emulator, tehat ugy ahogy irtam, Hamis AVG riasztas, Combofix, csinald csokkentet modban, es ha restartol, akkor ujra csokkentet modba es itt add logot. |
Szerző: | pilaka [ szomb. ápr. 28, 2012 22:16 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Lefutattam a TDSkillert éa az sptd drivert találta csak ... A Combofix megint meghasalt ...lassan , de végigment a keresés ..kiírta , hogy : deleted files : és kikapcsolt a gép , majd nem tudott a Windows rendesen újraindulni , ismét újraindult...... a Combo nem adott logot..sem a C: gyökérbe , sem a Combofix mappában , sem a Qoobox mappába .... Előtte természetesen letiltottam a PC Tools-t ,az AVG-t és a feladatkezelőbe kilőttem a folyamatait , 2 kivételével , mert azok újratették magukat , mikor kilőttem őket. |
Szerző: | stell [ szomb. ápr. 28, 2012 18:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia pilaka. En ugy latom hogy az AVG hamis riasztasokat add, mert ezeket a drivereket az ALCOHOL es az Daemon disk emulatorok hasznaljak, mert Rootkit taktikaz alkalmaznak,es mindig valtoztatjak a drivereket,, de ha problem van a geppel, akkor futtasd le az TDSSKILLERT es a combofixet. http://virus-stell.blogspot.com/2010/08 ... -tdl3.html |
Szerző: | pilaka [ szomb. ápr. 28, 2012 17:36 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sziasztok ! Szia ,Stell ! Már többször segítettél. Most olyan gondom van , hogy az AVG visszatérően rootkitehet jelez... "C:\WINDOWS\System32\Drivers\av85k5nq.SYS";"Rejtett eszközkezelő";"Az objektum rejtett" "C:\WINDOWS\System32\Drivers\atx2axb9.SYS";"Rejtett eszközkezelő";"Az objektum rejtett" Ujraindításkor mindig kitörli , de a következő ütemezett kereséskor ismét talál kettőt , de a neve megváltozik egy kicsit (más betűk és számok) ez visszatérően így van egy ideje. Már használtuk együtt régebben más esetben a Combofixet és olyan tapasztalat volt akkor , hogy normál módon nem tudott végigfutni és loggot készíteni ....csökkentet módban viszont takarított rendesen és loggot és készit. Természetesem az Anti-Malwert is rendszeresen használom , de nem talál semmit. AVG , PC Tool firewall, XP sp3 , |
Szerző: | integral [ vas. márc. 04, 2012 10:39 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia Stell! Még nem volt időm foglalkozni a géppel. Ugyanúgy van még, nem gyógyult meg magától |
Szerző: | stell [ vas. feb. 05, 2012 12:52 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Bios reseteles, csak kivenni az kis elemet az alaplaprol, es olyan 10 mulva vissza tennie Itt nem a rendszer serult, hanem a bootolas, teha a MBR, ezert kell lemenni a javito konzolra es beadni az Fixmbr es a Fixboot parancsot. |
Szerző: | integral [ vas. feb. 05, 2012 12:47 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Én ehhez a BIOS reseteléshez nem értek. De talán nem is kell. Mert ugyanazon a HDD-n lévő másik operációs rendszerről, ami egy Win Millenium, tudtam bootolni, az a rendszer működik. Tehát arra gondolok, hogy az XP sérült meg. Most a Millenium után az XP-t aktiválva most sem sikerült az XP-t bootolni. |
Szerző: | stell [ vas. feb. 05, 2012 12:21 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
1:Bios RESET 2:az javito konzolrol. chkdsk /f/r Fixmbr Fixboot Parancsokat beadni, aztan meglassuk. |
Szerző: | integral [ vas. feb. 05, 2012 12:18 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell írta: Na ezt csak igy egybol?? vagy valamit csinaltal, ???mert az elso hozaszolasodba mast irtal.. Mijen a rendszer?? Nem csináltam semmit. Az első egércikázás után gombbal kapcsoltam ki a gépet. Aztán bekapcsoltam, akkor még működött. Megint egércikázás volt. Megint a gombbal kapcsoltam ki. Azóta nem sikerült bootolni többszöri próbálkozásra sem. Windows XP SP2 a rendszer. Megpróbálom a másik partíción lévő windowst bootolni, de szerintem majd csak délután tudok vele foglalkozni. Nem notebook, hanem asztali gép. |
Szerző: | stell [ vas. feb. 05, 2012 12:15 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell írta: Na ezt csak igy egybol?? vagy valamit csinaltal, ???mert az elso hozaszolasodba mast irtal.. Mijen a rendszer?? Igen ez lemez, CMOS, bealitas,, hibanak, nez ki, mijen a rendszer?? mi ez notebook, vagy mi?/ |
Szerző: | integral [ vas. feb. 05, 2012 12:12 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nem sikerült elindítani a gépet. Bootolást nem hajtja végre. A beírt hibaüzenet után megáll, fekete a képernyő, a vinyót se hallom, hogy bármit is mocorogna a bootoláshoz. |
Oldal: 1 / 35 | Időzóna: UTC + 1 óra |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |