Megválaszolatlan hozzászólások | Aktív témák Pontos idő: csüt. márc. 28, 2024 10:01



Hozzászólás a témához  [ 1736 hozzászólás ]  Oldal Előző  1 ... 6, 7, 8, 9, 10, 11, 12 ... 35  Következő
Vírus vagy mi lehet??? 
Szerző Üzenet
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Így van, semmi vesz.


csüt. jan. 20, 2011 18:51
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: szomb. jan. 01, 2011 22:57
Hozzászólások: 52
Hozzászólás Re: Vírus vagy mi lehet???
akkor nincs vész;)


csüt. jan. 20, 2011 16:02
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Szia,
Semivel, ez az Avast hamis riasztása, a combofix szerzojet mar figyelmeztetuk, hogy ertesitse az Avastot, hogy tegy a kivetelbe.
udv


csüt. jan. 20, 2011 15:27
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: szomb. jan. 01, 2011 22:57
Hozzászólások: 52
Hozzászólás Re: Vírus vagy mi lehet???
szia stell!
netezés közben ilyet kaptam, az AVAST-om jelzett!
Web védelem Vizsgálati naplók:
url:http://download.bleepingcomputer.com/sUB/ComboFix.exe|>rar.sfx.script
súlyosság:Magas
Állapot:Fenygeetés:IRC:Malware-gen
Művelet: legördülő menüben találtam törlést, de nem törli
Mivel tudnám eltávolítani?


csüt. jan. 20, 2011 15:23
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
udv
Az elso lepes hogy megnezuk a virussokat:
tedd ide az RSIT logjat:
http://virus-stell.blogspot.com/2010/04/rsit.html


vas. júl. 25, 2010 19:37
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. júl. 25, 2010 18:46
Hozzászólások: 1
Hozzászólás Re: Vírus vagy mi lehet???
Sziasztok. A segítségeteket szeretném kérni abban a problémában, hogy a gépemben a dvd-olvasó nem jelenik meg, de azt írja a gép, hogy megfelelően működik... Nem tudok vele mit csinálni kérlek segítsetek... :oops:


vas. júl. 25, 2010 18:52
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Igen,valakinek melozni is kell,,ha minden okes,akkor ha nincsen tuzfalad azt is jo lenne felrakni,,Pldaul a PCTOOLS -tuzfalat.
Nincsen mit.


csüt. júl. 01, 2010 20:54
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
Stell, elsodort a melo, bocsanat. Minden ketyeg mint a vekkerora.
Avira+Malewarebyte+unhackme+CCleaner-rel megyek tovabb.

NAGYON KOSZONOM A SEGITSEGET!

quote="stell"]ok,mar jol nez ki,
:arrow: klik-start-klik-ffuttatas-masold be az ablakba combofix /uninstall
a combofix letelepitodig a geprol
:arrow: Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza
http://virus-stell.blogspot.com/2010/04 ... dszer.html
:arrow: Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral
http://virus-stell.blogspot.com/2010/04/ccleaner.html
http://virus-stell.blogspot.com/2010/04 ... ztito.html
http://www.virus-stell.com/2010/05/temp ... itasa.html
aztan csinalj komplet vizsgalatot az Malwarebytes programal amit talal torolni a logjat tedd ide..es ha minden okes keszek lennenk,
http://virus-stell.blogspot.com/2010/04 ... lware.html[/quote]


csüt. júl. 01, 2010 17:06
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Nincsen mit.
De ettol ne varjal csodat:
Total RAM: 126 MB
Epen csak anyi Memoriad van hogy az xp csak csusik maszik a gepeden,,ide kell neked be rakni legalab 512 MB-RAM-or


kedd jún. 29, 2010 8:28
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Köszi Stell a segítséged. Megpróbálom újratelepíteni. Próbáltm már a Firefoxot is, de az nagyon lassú volt. Akár csak az IE 7 vagy 8. De, ha nincs más, akkor az lesz. Köszi mégegyszer! :D Szép napot! amcsi


kedd jún. 29, 2010 8:06
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Ha Internet explorered van torold ki onan mindent es tedd ujra
http://windows.microsoft.com/hu-hu/wind ... -favorites
de ajanlom feltelepiteni a FireFoxot.


kedd jún. 29, 2010 6:00
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Megcsináltam mindent. Megy most rendesen úgy veszem észre. Csak a kedvencekben lévő dolgokat nem nyit meg, semmit. És az újat sem. Nem értem mitől lehet. Van ötleted Stell?


hétf. jún. 28, 2010 19:15
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Itt a log:

All processes killed
========== OTL ==========
HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry value HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry key HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\999jatekok.hu\www\ deleted successfully.
Starting removal of ActiveX control {DE2F0988-E455-48ED-A35D-4D73D333D561}
C:\WINDOWS\Downloaded Program Files\sdxformsigner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE2F0988-E455-48ED-A35D-4D73D333D561}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xy
->Temp folder emptied: 294912 bytes
->Temporary Internet Files folder emptied: 4835797 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 564 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 06282010_180446

Files\Folders moved on Reboot...
C:\Documents and Settings\xy\Local Settings\Temp\~DFE11.tmp moved successfully.
C:\WINDOWS\temp\ZLT01993.TMP moved successfully.

Registry entries deleted on Reboot...


hétf. jún. 28, 2010 19:12
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
kedvenceket nembantotuk,de kitisztit csuk es meglatodd:
futtasd az OTL-progiy allol az ablakjaba masold be a zold textet es klik RunFix-a logot a restart utan tedd ide
Kód:
:OTL
IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O15 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..Trusted Domains: 999jatekok.hu ([www] https in Trusted sites)
O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} https://gate.gov.hu/sdx/SDXFormSigner.cab  (Reg Error: Key error.)
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A
:commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

:arrow: :arrow: Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza
http://virus-stell.blogspot.com/2010/04 ... dszer.html
:arrow: Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral
http://virus-stell.blogspot.com/2010/04/ccleaner.html
http://virus-stell.blogspot.com/2010/04 ... ztito.html
http://www.virus-stell.com/2010/05/temp ... itasa.html

aztan ird le hogy mukszik a gep,


hétf. jún. 28, 2010 13:58
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
A kedvencek menüben amik elvannak mentve, nem működik semmi este óta. Ezt okozhatta valamelyik program, amik le lettek futtatva? De próbáltam újra elmenteni, pl ezt a fórumot is, nem jó akkor sem.


hétf. jún. 28, 2010 9:35
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Ez meg a másik fele:


OTL Extras logfile created on: 2010.06.27. 20:00:36 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\xy\Asztal
Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

126,00 Mb Total Physical Memory | 21,00 Mb Available Physical Memory | 17,00% Memory free
316,00 Mb Paging File | 61,00 Mb Available in Paging File | 19,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,53 Gb Total Space | 0,76 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OTTHONI
Current User Name: xy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9699:TCP" = 9699:TCP:*:Enabled:BitComet 9699 TCP
"9699:UDP" = 9699:UDP:*:Enabled:BitComet 9699 UDP
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe" = C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Távsegítség - Windows Messenger és beszédkapcsolat -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{114C7913-FC33-41E7-839B-51042BDF3D9C}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{350C97C5-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5D63D27F-09D7-4420-9479-DD247CC31496}" = Windows Live Essentials
"{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F}" = Windows Live Messenger
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}" = Msxml4 SP2
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.6.0
"Foxit Reader" = Foxit Reader
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoScape" = PhotoScape
"Recuva" = Recuva
"Ricochet Infinity_is1" = Ricochet Infinity
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiváló
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010.06.27. 10:18:30 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:33:47 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:33:47 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:34:08 | Computer Name = OTTHONI | Source = crypt32 | ID = 131080
Description = Nem sikerült lekérni az automatikus frissítés segítségével a külső
féltől származó legfelső szintű listát a következőtől: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Hiba: Nem hozható létre kapcsolat a kiszolgálóval.

Error - 2010.06.27. 12:16:16 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 12:16:16 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:08:48 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:08:48 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:46:17 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:46:17 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

[ Application Events ]
Error - 2010.06.27. 10:18:30 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:33:47 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:33:47 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 11:34:08 | Computer Name = OTTHONI | Source = crypt32 | ID = 131080
Description = Nem sikerült lekérni az automatikus frissítés segítségével a külső
féltől származó legfelső szintű listát a következőtől: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.
Hiba: Nem hozható létre kapcsolat a kiszolgálóval.

Error - 2010.06.27. 12:16:16 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 12:16:16 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:08:48 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:08:48 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:46:17 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

Error - 2010.06.27. 13:46:17 | Computer Name = OTTHONI | Source = Userenv | ID = 1041
Description = A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést
a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek
nagy valószínűséggel hibás regisztrálás áll a hátterében.

[ System Events ]
Error - 2010.06.27. 8:33:46 | Computer Name = OTTHONI | Source = SRService | ID = 104
Description = A rendszer-visszaállítás inicializálása nem sikerült.

Error - 2010.06.27. 8:33:49 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő
hibával: %%2

Error - 2010.06.27. 8:41:40 | Computer Name = OTTHONI | Source = SRService | ID = 104
Description = A rendszer-visszaállítás inicializálása nem sikerült.

Error - 2010.06.27. 8:41:53 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70))
a következő hiba következtében leállt: %%3

Error - 2010.06.27. 8:41:53 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő
hibával: %%2

Error - 2010.06.27. 10:15:20 | Computer Name = OTTHONI | Source = SRService | ID = 104
Description = A rendszer-visszaállítás inicializálása nem sikerült.

Error - 2010.06.27. 10:15:32 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70))
a következő hiba következtében leállt: %%3

Error - 2010.06.27. 10:15:32 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7023
Description = A szolgáltatás (Rendszer-helyreállító szolgáltatás) leállt a következő
hibával: %%2

Error - 2010.06.27. 11:29:19 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7009
Description = Várakozó időkorlát (30000 ms) - a(z) PEVSystemStart szolgáltatás kapcsolódása.

Error - 2010.06.27. 11:34:14 | Computer Name = OTTHONI | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70))
a következő hiba következtében leállt: %%3


< End of report >


hétf. jún. 28, 2010 9:32
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Itt a log:


OTL logfile created on: 2010.06.27. 20:00:36 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\xy\Asztal
Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

126,00 Mb Total Physical Memory | 21,00 Mb Available Physical Memory | 17,00% Memory free
316,00 Mb Paging File | 61,00 Mb Available in Paging File | 19,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,53 Gb Total Space | 0,76 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OTTHONI
Current User Name: xy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.27 19:58:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe
PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.08.21 21:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008.08.21 21:41:32 | 000,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.06.27 19:58:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe
MOD - [2006.08.25 17:53:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (gupdate1ca9828fd274e70) Google frissítési szolgáltatás (gupdate1ca9828fd274e70)
SRV - File not found [Disabled | Stopped] -- -- (CarboniteService)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.21 21:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010.05.22 08:29:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.21 21:41:40 | 000,353,680 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008.04.21 08:19:58 | 000,051,648 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2004.08.03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004.08.03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.03 22:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004.08.03 22:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004.08.03 22:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004.08.03 22:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004.08.03 22:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004.08.03 22:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004.08.03 22:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004.08.03 22:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004.08.03 22:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004.08.03 22:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004.08.03 22:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004.08.03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.03 22:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004.08.03 22:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004.08.03 22:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2001.10.26 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.26 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001.08.17 22:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010.06.27 18:16:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-725345543-1078145449-1202660629-1003\..Trusted Domains: 999jatekok.hu ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.gamehouse.com/games/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} https://gate.gov.hu/sdx/SDXFormSigner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.1.98.182 208.67.220.220
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\xy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.10.24 14:34:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.DLL (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\IYVU9_32.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\xy\Asztal\CAMN27A5.
[2010.06.27 19:57:31 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe
[2010.06.27 19:16:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.27 18:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.27 14:25:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2010.06.27 14:24:13 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTM.exe
[2010.06.26 07:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xy\Asztal\Balazs Feco - Erints meg meg egyszer (Best Of) 2009
[2010.06.26 05:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.26 05:05:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.25 14:23:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\xy\Recent
[2010.06.25 06:50:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.25 06:50:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.25 06:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.21 15:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010.06.21 06:39:20 | 007,010,816 | ---- | C] (Foxit Software Company) -- C:\Documents and Settings\xy\Asztal\FoxitReader331_enu_Setup.exe
[2010.06.10 06:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010.06.08 17:22:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\xy\IECompatCache
[2010.06.07 19:37:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2010.06.07 19:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xy\Application Data\PhotoScape
[2010.06.07 19:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\xy\Asztal\CAMN27A5.
[2010.06.27 19:58:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTL.exe
[2010.06.27 19:44:00 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.06.27 18:43:50 | 000,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.06.27 18:18:16 | 000,000,846 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.27 18:16:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.27 17:33:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.27 17:33:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.27 17:33:29 | 132,427,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.27 17:31:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\xy\ntuser.ini
[2010.06.27 17:31:48 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\xy\ntuser.dat
[2010.06.27 16:13:08 | 003,228,354 | -H-- | M] () -- C:\Documents and Settings\xy\Local Settings\Application Data\IconCache.db
[2010.06.27 16:11:46 | 003,721,479 | R--- | M] () -- C:\Documents and Settings\xy\Asztal\ComboFix.exe
[2010.06.27 14:24:36 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xy\Asztal\OTM.exe
[2010.06.27 14:16:08 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
[2010.06.27 14:15:45 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010.06.27 14:15:44 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Foxit Reader.lnk
[2010.06.26 05:12:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\xy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 05:04:49 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\RSIT.exe
[2010.06.25 06:51:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2010.06.24 10:00:31 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job
[2010.06.21 07:05:29 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\HVI_lista_2010_03.xls
[2010.06.21 06:39:23 | 007,010,816 | ---- | M] (Foxit Software Company) -- C:\Documents and Settings\xy\Asztal\FoxitReader331_enu_Setup.exe
[2010.06.19 18:54:11 | 000,626,694 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\névtelen.bmp
[2010.06.18 20:23:23 | 000,028,309 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\babe.gif
[2010.06.10 06:22:50 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\Recuva.lnk
[2010.06.10 06:11:28 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Az Internet Explorer böngésző indítása.lnk
[2010.06.09 21:55:39 | 000,000,144 | ---- | M] () -- C:\WINDOWS\Eudcedit.ini
[2010.06.07 19:13:20 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010.06.07 19:13:20 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\xy\Asztal\PhotoScape.lnk
[2010.06.02 10:35:01 | 000,000,885 | ---- | M] () -- C:\WINDOWS\TB50.INI

========== Files Created - No Company Name ==========

[2010.06.27 15:27:53 | 003,721,479 | R--- | C] () -- C:\Documents and Settings\xy\Asztal\ComboFix.exe
[2010.06.27 14:16:08 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
[2010.06.27 14:15:45 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010.06.27 14:15:44 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Foxit Reader.lnk
[2010.06.26 05:04:26 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\RSIT.exe
[2010.06.25 06:51:02 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk
[2010.06.21 07:05:27 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\HVI_lista_2010_03.xls
[2010.06.19 18:54:10 | 000,626,694 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\névtelen.bmp
[2010.06.18 20:31:01 | 000,028,309 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\babe.gif
[2010.06.10 06:22:50 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\Recuva.lnk
[2010.06.09 21:55:38 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010.06.07 19:37:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010.06.07 19:37:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010.06.07 19:13:20 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010.06.07 19:13:20 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\xy\Asztal\PhotoScape.lnk
[2009.09.25 19:15:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2009.06.17 21:33:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2009.03.20 19:31:36 | 004,425,326 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009.03.19 23:36:48 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009.03.02 21:10:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.02 21:10:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009.03.02 18:19:36 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009.03.02 18:19:30 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009.03.02 18:19:14 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009.03.02 18:18:46 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009.03.02 18:18:32 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009.03.02 18:18:28 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009.03.02 18:18:18 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009.03.02 16:54:20 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009.03.02 16:45:14 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009.03.02 16:42:54 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009.03.02 16:35:56 | 000,898,465 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009.02.01 19:31:43 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.01.11 00:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009.01.11 00:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009.01.11 00:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009.01.11 00:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009.01.11 00:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009.01.11 00:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009.01.11 00:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009.01.11 00:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009.01.11 00:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009.01.11 00:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008.12.04 00:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.29 18:40:33 | 000,000,206 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.10.27 09:01:07 | 000,000,885 | ---- | C] () -- C:\WINDOWS\TB50.INI
[2008.04.15 18:54:28 | 000,000,048 | ---- | C] () -- C:\WINDOWS\mtb30.ini
[2008.04.15 18:54:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\progman.ini
[2008.02.29 09:43:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\ENoSignature.dll
[2008.02.12 16:47:41 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.01.28 18:08:09 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\SKVersion.ini
[2008.01.28 18:06:17 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
[2008.01.09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007.12.25 13:37:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007.12.19 08:50:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.12.02 18:05:13 | 000,000,248 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2007.12.01 15:54:22 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2007.11.27 12:35:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.06 16:37:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.10.31 20:13:29 | 000,006,213 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007.10.24 23:42:15 | 000,001,267 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007.07.10 19:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005.06.01 01:16:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SpyPryUN.dll
[2005.02.22 12:48:21 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\List.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999.04.11 22:54:20 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll

========== LOP Check ==========

[2007.12.02 09:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007.12.26 08:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox
[2010.04.14 19:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.05.22 09:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.06.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007.12.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008.01.08 11:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed
[2008.01.27 18:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Phenomedia
[2009.12.30 10:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2010.05.21 22:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.12.18 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007.12.02 09:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\ACD Systems
[2007.12.26 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\alawar
[2010.04.28 21:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Artweaver
[2010.05.22 09:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools
[2010.05.22 12:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Lite
[2010.05.22 12:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Pro
[2010.03.01 13:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Foxit
[2010.05.21 09:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Foxit Software
[2007.10.31 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\funkitron
[2010.01.29 11:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\GetRightToGo
[2010.03.07 14:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\IObit
[2008.11.19 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\mbin.jp
[2010.03.21 08:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\OpenOffice.org
[2010.03.05 22:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Opera
[2010.06.07 19:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\PhotoScape
[2010.01.02 15:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\PVST Manager
[2009.10.31 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Uniblue
[2010.01.01 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Unity
[2010.01.25 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\VSTT Manager
[2010.06.24 10:00:31 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\Tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2007.12.02 09:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.11.16 14:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.12.26 08:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarGameBox
[2010.04.14 19:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.04.30 19:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010.05.22 09:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.06.21 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010.06.07 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.01.24 08:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.12.14 18:37:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007.10.30 17:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007.12.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008.01.08 11:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed
[2010.05.23 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008.01.27 18:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Phenomedia
[2010.01.19 13:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009.12.30 10:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2010.05.16 07:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.05.21 22:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.07.23 16:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007.10.25 16:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007.12.18 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2007.12.02 09:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\ACD Systems
[2010.06.21 16:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Adobe
[2008.01.06 14:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\AdobeUM
[2007.12.26 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\alawar
[2010.02.23 18:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Apple Computer
[2010.04.28 21:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Artweaver
[2010.04.30 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Avira
[2010.05.22 09:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools
[2010.05.22 12:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Lite
[2010.05.22 12:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DAEMON Tools Pro
[2009.08.13 15:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\DivX
[2010.03.01 13:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Foxit
[2010.05.21 09:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Foxit Software
[2007.10.31 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\funkitron
[2010.01.29 11:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\GetRightToGo
[2007.11.01 11:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Google
[2010.04.23 10:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Help
[2007.10.24 19:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Identities
[2010.03.07 14:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\IObit
[2010.06.21 16:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Macromedia
[2010.01.24 08:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Malwarebytes
[2008.11.19 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\mbin.jp
[2009.10.20 10:10:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\xy\Application Data\Microsoft
[2010.03.01 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Mozilla
[2009.01.03 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\MSN6
[2010.03.21 08:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\OpenOffice.org
[2010.03.05 22:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Opera
[2010.06.07 19:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\PhotoScape
[2010.01.02 15:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\PVST Manager
[2010.01.19 12:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\skypePM
[2007.10.31 17:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Sun
[2008.01.22 12:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Talkback
[2009.10.31 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Uniblue
[2010.01.01 09:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\Unity
[2010.01.25 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\VSTT Manager
[2008.03.02 21:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xy\Application Data\WinRAR

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001.10.26 14:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
[2001.10.26 14:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=CB762E814F602229A574F4D78D3D6A30 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys

< MD5 for: CRYPTSVC.DLL >
[2001.10.26 14:00:00 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=05259C29C8093E6EE1AE7A8F4DE7B807 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2001.10.26 14:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=2DA8D38CF8D86B5C02DFFAC2615FC1C4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2001.10.26 14:00:00 | 001,003,008 | ---- | M] (Microsoft Corporation) MD5=495D8BA14043F4402ECF51C2AB73D8DD -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.17 16:47:58 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.08.17 16:47:58 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:12:07 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=6CF1696892BE31A2EC25072A99E2E3FF -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2001.10.26 14:00:00 | 000,078,464 | ---- | M] (Microsoft Corporation) MD5=254916581AC499E53EE700E7E5B9E5B5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.03 22:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 22:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: ISAPNP.SYS >
[2001.10.26 14:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.10.26 14:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\system32\lsass.exe
[2001.10.26 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=9AAD6A77CDBE6DAA9758A28B9145E580 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

< MD5 for: NDIS.SYS >
[2001.10.26 14:00:00 | 000,161,536 | ---- | M] (Microsoft Corporation) MD5=3EFD4F59BA0A340DE0A3AB984001DBF7 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\system32\netlogon.dll
[2001.10.26 14:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=3D8811CB0A5AE38442BB0966282D7796 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\system32\scecli.dll
[2001.10.26 14:00:00 | 000,179,712 | ---- | M] (Microsoft Corporation) MD5=FA3E6E756841725EE113BADECBCB26D9 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:48:30 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.17 16:48:30 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 16:48:30 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\system32\smss.exe
[2001.08.17 23:37:00 | 000,469,504 | ---- | M] (Microsoft Corporation) MD5=C37F36D08F06A7B0CAF8C1EE9E4079A3 -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2001.10.26 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=ED12D92A7B26E99E3A5BF4B043F7314E -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\system32\svchost.exe
[2001.10.26 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=9D08A7B580F0C829A40D7964E1D7CC68 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[2001.10.26 14:00:00 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=E7774698BB0D14B0710A9A31E209F9B6 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2001.10.26 14:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=969BA3BAC25FB9EB5D652F767B49717C -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\system32\winlogon.exe
[2001.10.26 14:00:00 | 000,432,128 | ---- | M] (Microsoft Corporation) MD5=E0F2312FB3DE3D83B915BB82CA42F3F0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\system32\ws2_32.dll
[2001.10.26 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=F57E0EA4977D1973D1A41B73352F56A2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.10.24 16:17:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.10.24 16:17:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.10.24 16:17:27 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.27 18:43:50 | 000,348,371 | ---- | M] () -- C:\WINDOWS\system32\vsconfig.xml
[2010.06.27 19:44:00 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\system32\zllictbl.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D7490A
< End of report >


hétf. jún. 28, 2010 9:30
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11865
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: Vírus vagy mi lehet???
stell írta:
... ma mar nem irok ...

Kezdődik a meccs. :D


vas. jún. 27, 2010 19:45
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Rendben Stell, köszönöm. Még fut az OTL program. Akkor holnap. Jó éjt.


vas. jún. 27, 2010 19:34
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
ok,folytasd tovabb ugy ahogy leirtam,,ha ma mar nem irok akkor majd holnap megnezem a logot>


vas. jún. 27, 2010 19:30
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Talán sikerült. Azt hiszem az ismételt elemzésre kellett még kantintanom, ugye?

http://www.virustotal.com/hu/analisis/6 ... 1277662584

http://www.virustotal.com/hu/analisis/c ... 1277662836


vas. jún. 27, 2010 19:24
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Nem tudom mit csinálok rosszul. Ugyanezeket adta be megint.


vas. jún. 27, 2010 19:15
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Nem értem. Megpróbálom mégegyszer.


vas. jún. 27, 2010 19:08
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
nezd meg a Virustotalrol a linkekket hogy mit tettel ide,,egyik se az amit irtam.


vas. jún. 27, 2010 19:03
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
http://www.virustotal.com/hu/analisis/c ... 1277567414


A hozzászólást 1 alkalommal szerkesztették, utoljára amcsi vas. jún. 27, 2010 19:35-kor.



vas. jún. 27, 2010 18:58
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Az elsőt sikerült feltöltenem. A másodikat nem találom azon az elérési útvonalon.

http://www.virustotal.com/hu/analisis/6 ... 1246249836


vas. jún. 27, 2010 18:55
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
teszteld le a www.virustotal.com
c:\documents and settings\All Users\Application Data\GameHouse\FeedingFrenzy\FeedingFrenzy.dll
c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcr71.dll


a linket a tesztrol tedd ide.

tolsds le az asztalra-futtasd-pipazd be,
OTL
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>potyozd be>Use SafeList
-az ablakba Custom Scans/Fixes>vtedd a zold textet es klik Run SCAN
aztan tedd ide az
-OTL.txt (az asztalon lesz.).
-

Kód:
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT


vas. jún. 27, 2010 18:29
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Elkészült a ComboFix log:


ComboFix 10-06-26.03 - xy 010.06.27. 16:40:05.15.1 - x86
Running from: c:\documents and settings\xy\Asztal\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-21 13:51 . 2010-06-21 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-06-21 13:51 . 2004-09-17 08:53 753664 ----a-w- c:\documents and settings\All Users\Application Data\GameHouse\FeedingFrenzy\FeedingFrenzy.dll
2010-06-07 17:14 . 2010-06-07 17:23 -------- d-----w- c:\documents and settings\xy\Application Data\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 16:19 . 2008-12-14 10:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-27 12:15 . 2010-03-01 11:49 -------- d-----w- c:\program files\Foxit Software
2010-06-27 10:44 . 2010-06-26 03:05 -------- d-----w- c:\program files\trend micro
2010-06-25 04:51 . 2010-06-25 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-17 10:05 . 2010-05-22 10:54 -------- d-----w- c:\program files\Ricochet Infinity
2010-06-10 04:22 . 2010-06-10 04:21 -------- d-----w- c:\program files\Recuva
2010-06-07 17:05 . 2010-06-07 17:04 -------- d-----w- c:\program files\PhotoScape
2010-05-30 12:20 . 2010-05-30 12:20 64580 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_05_30_13_09_41_small.dmp.zip
2010-05-30 11:09 . 2010-05-30 12:20 519680 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-05-26 06:55 . 2001-10-26 12:00 331686 ----a-w- c:\windows\system32\perfh00E.dat
2010-05-26 06:55 . 2001-10-26 12:00 73652 ----a-w- c:\windows\system32\perfc00E.dat
2010-05-26 06:48 . 2010-02-18 18:27 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-26 06:48 . 2007-11-10 14:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 09:07 . 2010-05-23 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-23 08:46 . 2010-05-23 08:46 -------- d-----w- c:\program files\NOS
2010-05-22 10:22 . 2010-05-22 06:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools Lite
2010-05-22 10:20 . 2010-05-22 07:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools Pro
2010-05-22 07:28 . 2010-05-22 07:28 -------- d-----w- c:\documents and settings\xy\Application Data\DAEMON Tools
2010-05-22 07:26 . 2010-05-22 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-22 07:24 . 2010-05-22 07:24 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-22 06:29 . 2010-05-22 06:29 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-21 20:27 . 2007-10-31 12:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-21 07:45 . 2010-05-21 07:45 -------- d-----w- c:\documents and settings\xy\Application Data\Foxit Software
2010-05-16 05:55 . 2010-05-16 05:57 4224512 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-05-16 05:29 . 2010-05-16 05:29 503808 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcp71.dll
2010-05-16 05:29 . 2010-05-16 05:29 499712 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\jmc.dll
2010-05-16 05:29 . 2010-05-16 05:29 12800 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-425c7282-n\decora-d3d.dll
2010-05-16 05:29 . 2010-05-16 05:29 61440 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-425c7282-n\decora-sse.dll
2010-05-16 05:29 . 2010-05-16 05:29 348160 ----a-w- c:\documents and settings\xy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18294ccd-n\msvcr71.dll
2010-05-16 05:21 . 2008-12-30 13:06 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-04-30 17:34 . 2010-04-30 17:34 -------- d-----w- c:\documents and settings\xy\Application Data\Avira
2010-04-30 17:21 . 2010-04-30 17:21 -------- d-----w- c:\program files\Avira
2010-04-30 17:21 . 2010-04-30 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-29 19:13 . 2010-04-29 19:13 3258011 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-29 13:39 . 2010-06-25 04:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-25 04:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:02 . 2010-04-28 19:02 -------- d-----w- c:\documents and settings\xy\Application Data\Artweaver
2010-04-24 18:06 . 2010-04-24 18:06 45 ---h--w- c:\windows\dsez0057.dat
2010-04-14 10:01 . 2007-10-30 15:53 37744 -c--a-w- c:\documents and settings\xy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IERESETATTRIB]
%SystemRoot%\system32\ieudinit.exe -ResetFileAttributes [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 14:47 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9699:TCP"= 9699:TCP:BitComet 9699 TCP
"9699:UDP"= 9699:UDP:BitComet 9699 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010.05.22. 8:29 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job
- c:\windows\system32\mobsync.exe [2001-10-26 14:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
mLocal Page =
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: 999jatekok.hu\www
DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} - hxxps://gate.gov.hu/sdx/SDXFormSigner.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 18:17
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1078145449-1202660629-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-27 18:29:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-27 16:29
ComboFix2.txt 2010-04-29 16:31

Pre-Run: 762 658 816 bájt szabad
Post-Run: 818 810 880 bájt szabad

- - End Of File - - 46D2CDC375C8B969E0B75A770B9CEF0B


vas. jún. 27, 2010 18:01
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Futtasd a combofixet
http://virus-stell.blogspot.com/2010/04/combofix.html


vas. jún. 27, 2010 14:25
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Hát, nem tudom. Sok változást nem vélek felfedezni.
A feladkazelőt sem engedte megnyitni, hogy bezárjak egy ablakot. Csak újraindítás után.


vas. jún. 27, 2010 14:03
Profil Privát üzenet küldése
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: xy
->Temp folder emptied: 32787290 bytes
->Temporary Internet Files folder emptied: 317045436 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5244 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1887936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 144088912 bytes

Total Files Cleaned = 473,00 mb


Unable to start service SRService!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.12.2 log created on 06272010_142554

Files moved on Reboot...
C:\Documents and Settings\xy\Local Settings\Temp\~DFF885.tmp moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\OJOCI4MM\otm[1].html moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\GFATSX8E\CAU7ENU1.g moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\BBPAU2VN\CAKLUFO1.com moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\4GP6G2TS\comment-iframe[2].g moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\13Z5NXZO\CAMNYJA9.com moved successfully.
C:\Documents and Settings\xy\Local Settings\Temporary Internet Files\Content.IE5\01L74MPN\CAKTQZKL.com moved successfully.
C:\WINDOWS\temp\ZLT07f6a.TMP moved successfully.

Registry entries deleted on Reboot...


vas. jún. 27, 2010 13:57
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
http://www.virus-stell.com/2010/04/otm.html
Tolds le az asztalra-futtasd-a ball ablakjaba masold be a zold textet es klik MOVEIT-a logot a restart utan tedd ide,es ird le hogy viselkedik a gep,
Kód:
:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000



:commands
[emptytemp]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]




vas. jún. 27, 2010 13:19
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Szia.

Csak most tudtam megcsinálni. Malwarebytes-t nem zártam még be, amikor írtam, ezért töröltem amit írtál. Most megint lefuttattam. Teljes vizsgálatot csinált.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Adatbázis verzió: 4245

Windows 5.1.2600 Szervizcsomag 2
Internet Explorer 6.0.2900.2180

2010.06.27. 13:22:48
mbam-log-2010-06-27 (13-22-48).txt

Vizsgálat típusa: Teljes vizsgálat (C:\|)
Átvizsgált objektumok: 97468
Eltelt idő: 10 perc, 56 másodperc

Fertőzött memóriafolyamatok: 0
Fertőzött memória modulok: 0
Fertőzött Rendszerleíró kulcsok: 0
Fertőzött Rendszerleíró értékek: 0
Fertőzött Rendszerleíró adatelemek: 3
Fertőzött mappák: 0
Fertőzött fájlok: 0

Fertőzött memóriafolyamatok:
(Nem találhatók rosszindulatú elemek)

Fertőzött memória modulok:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró kulcsok:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró értékek:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró adatelemek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Fertőzött mappák:
(Nem találhatók rosszindulatú elemek)

Fertőzött fájlok:
(Nem találhatók rosszindulatú elemek)


Ez pedig az Rsit log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by xy at 2010-06-27 12:36:19
Microsoft Windows XP Professional Szervizcsomag 2
System drive C: has 313 MB (3%) free of 10 GB
Total RAM: 126 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:38, on 2010.06.27.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xy\Asztal\RSIT.exe
C:\Program Files\trend micro\xy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse.com/games/SproutLauncher.cab
O16 - DPF: {DE2F0988-E455-48ED-A35D-4D73D333D561} - https://gate.gov.hu/sdx/SDXFormSigner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O22 - SharedTaskScheduler: Browseui előbetöltője - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Komponenskategóriák gyorsítótárazási szolgáltatása - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Logikai lemezkezelő felügyeleti szolgáltatás (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eseménynapló (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google frissítési szolgáltatás (gupdate1ca9828fd274e70) (gupdate1ca9828fd274e70) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: IMAPI CD-égető COM-szolgáltatás (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Távoli asztal súgó-munkamenetének kezelője (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intelligens kártya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Kötet árnyékmásolata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: A Windows Media Player hálózatmegosztási szolgáltatása (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 6044 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\{06C4A412-99DD-4FF5-AAF0-1A9F333550B5}_OTTHONI_xy.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IERESETATTRIB]
C:\WINDOWS\system32\cmd.exe [2004-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Távsegítség - Windows Messenger és beszédkapcsolat"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-06-27 06:49:34 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-06-26 05:05:24 ----D---- C:\Program Files\trend micro
2010-06-26 05:05:05 ----D---- C:\rsit
2010-06-25 06:50:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-21 15:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2010-06-10 06:21:36 ----D---- C:\Program Files\Recuva
2010-06-09 21:55:38 ----A---- C:\WINDOWS\Eudcedit.ini
2010-06-07 19:37:50 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-06-07 19:14:53 ----D---- C:\Documents and Settings\xy\Application Data\PhotoScape
2010-06-07 19:04:36 ----D---- C:\Program Files\PhotoScape

======List of files/folders modified in the last 1 months======

2010-06-27 08:02:59 ----D---- C:\WINDOWS\Internet Logs
2010-06-27 07:01:59 ----D---- C:\WINDOWS\Temp
2010-06-27 07:01:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-27 06:59:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-27 06:52:20 ----D---- C:\WINDOWS
2010-06-26 18:31:32 ----D---- C:\WINDOWS\Prefetch
2010-06-26 05:05:24 ----D---- C:\Program Files
2010-06-25 14:11:42 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-25 14:10:32 ----D---- C:\WINDOWS\repair
2010-06-25 14:09:55 ----D---- C:\WINDOWS\Registration
2010-06-25 10:01:48 ----D---- C:\WINDOWS\system32\drivers
2010-06-21 16:18:10 ----D---- C:\Documents and Settings\xy\Application Data\Adobe
2010-06-21 16:18:01 ----D---- C:\Documents and Settings\xy\Application Data\Macromedia
2010-06-21 16:17:53 ----D---- C:\WINDOWS\system32\Macromed
2010-06-21 16:14:21 ----D---- C:\WINDOWS\system32\Adobe
2010-06-21 16:13:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-17 12:05:56 ----D---- C:\Program Files\Ricochet Infinity
2010-06-11 06:48:27 ----D---- C:\WINDOWS\Debug
2010-06-10 17:42:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 05:57:26 ----HD---- C:\WINDOWS\inf
2010-06-10 05:57:26 ----D---- C:\WINDOWS\system32\hu-HU
2010-06-10 05:57:26 ----D---- C:\WINDOWS\system32
2010-06-10 05:57:26 ----D---- C:\WINDOWS\Help
2010-06-10 05:57:26 ----D---- C:\Program Files\Internet Explorer
2010-06-09 21:54:33 ----RSD---- C:\WINDOWS\Fonts
2010-06-09 21:36:17 ----D---- C:\WINDOWS\WBEM
2010-06-09 21:36:15 ----D---- C:\WINDOWS\Media
2010-06-07 19:15:07 ----SHD---- C:\WINDOWS\Installer
2010-06-07 19:14:24 ----SD---- C:\WINDOWS\Tasks
2010-06-07 19:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-06-02 10:35:01 ----AC---- C:\WINDOWS\TB50.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 P3;Intel PentiumIII processzor-illesztőprogram; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-17 46720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibilis átviteli protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-26 63232]
R2 NwlnkSpx;NWLink SPX/SPXII protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-26 55936]
R3 EL90XBC;3Com EtherLink XL 90XB/C adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a6ag02bj;a6ag02bj; C:\WINDOWS\system32\drivers\a6ag02bj.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 USB_RNDIS;Arris Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 sr;Rendszer-helyreállító szűrő illesztőprogramja; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73472]
S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-26 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 NWCWorkstation;Netware ügyfélszolgáltatás; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
S2 gupdate1ca9828fd274e70;Google frissítési szolgáltatás (gupdate1ca9828fd274e70); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S4 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe []

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2010-06-27 12:44:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cole2k Media - Codec Pack (Advanced) 7.6.0-->C:\WINDOWS\system32\C2MP\Uninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Msxml4 SP2-->MsiExec.exe /I{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Ricochet Infinity-->"C:\Program Files\Ricochet Infinity\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{5D63D27F-09D7-4420-9479-DD247CC31496}
Windows Live Messenger-->MsiExec.exe /X{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Windows Media Player 11 Gyorsjavítás (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 6.4 Biztonsági frissítés (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows Media Player 9 Biztonsági frissítés (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Windows Media Player Biztonsági frissítés (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB890046-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB893756-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896358-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896423-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB896428-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB899587-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB899591-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB900725-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901017-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901190-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB901214-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB902400-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB904706-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB905414-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB905749-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB908519-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB911562-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB911927-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB913580-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB914388-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB914389-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB917344-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB917953-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB918118-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB918439-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB919007-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920213-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920670-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920683-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB920685-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB921503-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB922819-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923191-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923414-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB923789-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Windows XP biztonsági frissítés - KB923980-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924270-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924496-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB924667-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB925902-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB926255-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB926436-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB927779-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB927802-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB928255-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB928843-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB929123-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB930178-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB931261-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB931784-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB932168-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB933729-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB935839-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB935840-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB936021-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB937894-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938127-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB938829-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB939653-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941202-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941568-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB941644-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB942615-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB943460-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB943485-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP biztonsági frissítés - KB944653-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Windows XP Biztonsági frissítés (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP frissítés - KB894391-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP frissítés - KB898461-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows XP frissítés - KB900485-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Windows XP frissítés - KB908531-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows XP frissítés - KB910437-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Windows XP frissítés - KB911280-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows XP frissítés - KB916595-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Windows XP frissítés - KB920872-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Windows XP frissítés - KB922582-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows XP frissítés - KB927891-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP frissítés - KB930916-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Windows XP frissítés - KB933360-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Windows XP frissítés - KB936357-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Windows XP frissítés - KB938828-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Windows XP frissítés - KB942763-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Windows XP frissítés - KB942840-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Windows XP frissítés - KB946627-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP gyorsjavítás - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP gyorsjavítás - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

::1 localhost

======Security center information======

AV: AntiVir Desktop (outdated)
FW: ZoneAlarm Firewall

======System event log======

Computer Name: OTTHONI
Event Code: 7036
Message: A(z) Tárcsázó szolgáltatás állapota: "fut".

Record Number: 10006
Source Name: Service Control Manager
Time Written: 20100527105312.000000+120
Event Type: információ
User:

Computer Name: OTTHONI
Event Code: 7022
Message: A következő szolgáltatás nem indul el: Avira AntiVir Guard.

Record Number: 10005
Source Name: Service Control Manager
Time Written: 20100527105312.000000+120
Event Type: hiba
User:

Computer Name: OTTHONI
Event Code: 7000
Message: A szolgáltatás (Google frissítési szolgáltatás (gupdate1ca9828fd274e70)) a következő hiba következtében leállt:
A rendszer nem találja a megadott elérési utat.


Record Number: 10004
Source Name: Service Control Manager
Time Written: 20100527105117.000000+120
Event Type: hiba
User:

Computer Name: OTTHONI
Event Code: 17
Message: avgntflt.sys version 10.0.2.2 successfully loaded

Record Number: 10003
Source Name: avgntflt
Time Written: 20100527105036.000000+120
Event Type: információ
User:

Computer Name: OTTHONI
Event Code: 17
Message: avipbb.sys version 10.0.2.6 successfully loaded

Record Number: 10002
Source Name: avipbb
Time Written: 20100527105036.000000+120
Event Type: információ
User:

=====Application event log=====

Computer Name: OTTHONI
Event Code: 1041
Message: A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében.

Record Number: 14927
Source Name: Userenv
Time Written: 20100612082643.000000+120
Event Type: hiba
User: NT AUTHORITY\SYSTEM

Computer Name: OTTHONI
Event Code: 1041
Message: A Windows nem tudja lekérdezni a DllName rendszerleíró-bejegyzést a(z) {7B849a69-220F-451E-B3FE-2CB811AF94AE} számára, ezért azt nem tölti be. Ennek nagy valószínűséggel hibás regisztrálás áll a hátterében.

Record Number: 14926
Source Name: Userenv
Time Written: 20100612082643.000000+120
Event Type: hiba
User: NT AUTHORITY\SYSTEM

Computer Name: OTTHONI
Event Code: 20
Message:
Record Number: 14925
Source Name: Google Update
Time Written: 20100612082142.000000+120
Event Type: hiba
User: NT AUTHORITY\SYSTEM

Computer Name: OTTHONI
Event Code: 20
Message:
Record Number: 14924
Source Name: Google Update
Time Written: 20100612075812.000000+120
Event Type: hiba
User: NT AUTHORITY\SYSTEM

Computer Name: OTTHONI
Event Code: 20
Message:
Record Number: 14923
Source Name: Google Update
Time Written: 20100612072205.000000+120
Event Type: hiba
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Abev 2006\krtitok;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"KRDIR"=C:\Program Files\Abev 2006\eKuldes
"tvdumpflags"=8

-----------------EOF-----------------


vas. jún. 27, 2010 12:32
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Szia
Ez Vizsgálat típusa: Gyorsvizsgálat-volt
ha meg nem zartad be torold,,es csinalj teljes vizsgalatot,amit tallal torolni,,es ted ide a logjat...es az RSIT logjat is.
http://virus-stell.blogspot.com/2010/04/rsit.html


pén. jún. 25, 2010 7:49
Profil Privát üzenet küldése Honlap
ezüst tag

Csatlakozott: kedd dec. 18, 2007 14:05
Hozzászólások: 76
Hozzászólás Re: Vírus vagy mi lehet???
Szia Stell!

Írnom kell megint, mert a segítségedre van szükségem.
Lelassult a gépünk ismét, és többször fagyott is. Lefuttattam a Malwarebytes programot, s talált is valamiket. Nem tudom mik ezek, de egyedül nem törlök semmit. A múltkor volt rajta egy keylogger, úgy emlékszem azt írtad, s most is látom, hogy itt van. Úgy emlékszem, hogy letöröltük. Vagy mégsem? Ideteszem a logot:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Adatbázis verzió: 4236

Windows 5.1.2600 Szervizcsomag 2
Internet Explorer 6.0.2900.2180

2010.06.25. 7:58:42
mbam-log-2010-06-25 (07-58-42).txt

Vizsgálat típusa: Gyorsvizsgálat
Átvizsgált objektumok: 97169
Eltelt idő: 9 perc, 52 másodperc

Fertőzött memóriafolyamatok: 0
Fertőzött memória modulok: 0
Fertőzött Rendszerleíró kulcsok: 1
Fertőzött Rendszerleíró értékek: 0
Fertőzött Rendszerleíró adatelemek: 3
Fertőzött mappák: 0
Fertőzött fájlok: 0

Fertőzött memóriafolyamatok:
(Nem találhatók rosszindulatú elemek)

Fertőzött memória modulok:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró kulcsok:
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> No action taken.

Fertőzött Rendszerleíró értékek:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró adatelemek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Fertőzött mappák:
(Nem találhatók rosszindulatú elemek)

Fertőzött fájlok:
(Nem találhatók rosszindulatú elemek)


pén. jún. 25, 2010 7:12
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
ok,mar jol nez ki,
:arrow: klik-start-klik-ffuttatas-masold be az ablakba combofix /uninstall
a combofix letelepitodig a geprol
:arrow: Kikapcsolni az rendszervisszaallitassat.-restart es bekapcsold vissza
http://virus-stell.blogspot.com/2010/04 ... dszer.html
:arrow: Tisztisd ki a gepet az CCleaner programal+ATF-cleaneral+TFC-cleaneral
http://virus-stell.blogspot.com/2010/04/ccleaner.html
http://virus-stell.blogspot.com/2010/04 ... ztito.html
http://www.virus-stell.com/2010/05/temp ... itasa.html
aztan csinalj komplet vizsgalatot az Malwarebytes programal amit talal torolni a logjat tedd ide..es ha minden okes keszek lennenk,
http://virus-stell.blogspot.com/2010/04 ... lware.html


A hozzászólást 1 alkalommal szerkesztették, utoljára stell hétf. jún. 28, 2010 13:57-kor.



szer. jún. 23, 2010 20:04
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
masodik resz:

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"TPSMain"="TPSMain.exe" [2008-02-06 271672]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416]
"ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\hplun.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ins\\utorrent\\uTorrent-1.6.1.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent185\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010.06.18. 19:47 135336]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704]
R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?]
R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912]
R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456]
.
.
------- Supplementary Scan -------
.
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm
IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-UnHackMe_is1 - c:\program files\UnHackMe\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 20:38
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.]
"ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kilgray\MemoQ\AUClient.exe
c:\program files\Kilgray\memoQ40\AUClient.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\thpsrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Jetico\BestCrypt\BCResident.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-06-23 20:41:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-23 18:41
ComboFix2.txt 2010-06-22 17:24
ComboFix3.txt 2010-06-16 09:27

Pre-Run: 3 741 708 288 bájt szabad
Post-Run: 3 707 760 640 bájt szabad

- - End Of File - - 8DECA893D19E2469B4E115BD6F01A054


szer. jún. 23, 2010 19:54
Profil Privát üzenet küldése
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
koszonet!

[quote="stell"]Ok,az jo ha van sok melo :wink:
Az Avira renben van,ez a Antivirus a legjobbak koze tartozik,az utolso idoben talan a legjobb,csak kar hogy a free verzioban nincsen posta vizsgalat,

akkor maradhat?

Ez a program micsoda??nemismerem
c:\program files\ShirusuPad\ShirusuPad.exe
ha nem kell,vagy nem hasznalod letelepiteni.

artalmatlan kis rezidens napi feljegyzeseket mutat halvanyan a kepernyon

Letesztelni a http://www.virustotal.com
ezt a fajlt a linket tedd ide a tesztrol:
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll

41-bol 0 iteli veszelyesnek, log ehhez:
--További információ
File size: 512 bytes
MD5...: 7059d6b4cbd6ac0106d2c077c728ecd8
SHA1..: bfbec5d7db221f0331d3d69a1434f1d651898a50
SHA256: be709ab15ec65ec402103312833fb1e46a07ddd7115f0cba06d30732a5ab229b
ssdeep: 12:JqWEd8K0tWOvAtWOC64IbecYniAnDQKIiLK3XYAXjK3XYH8Nnt3nZQ6t:FEd8
K0tItSFIb/YTDFtt3nZQ
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
---


:arrow: Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide.

ennek a logja:
ComboFix 10-06-15.03 - b 010.06.23. 20:35:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1548 [GMT 2:00]
Running from: c:\documents and settings\b\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\b\Asztal\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\windows\system32\drivers\Partizan.sys"
"c:\windows\system32\Partizan.exe"
"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\00a1942b-47bd-47f6-96fc-2bf1d5f2e90d-d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\015bef39-7cbf-4577-84a4-992c50b8b8ff-d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\04750077-c00d-4cb9-b8ab-2efe75866252-720-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0591b428-9f76-4269-b184-331bf6611d22-728-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0d40b3e7-90f9-46b4-9ac6-965d52cacb3e-728-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0da3228e-8136-4a54-ab84-cc2e4a6147c1-d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\14772937-8e33-4973-93b7-ecdb5448c3ff-100-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\15e424c8-60fe-4229-ad83-ceba42b17952-720-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1bae3fdb-9088-4745-8b26-838e7755dc0f-d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1c09faae-ef41-49f7-bf90-4e75d177c2d7-bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\204194e8-b5dc-4e92-88af-8fa5f7321ff1-c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\26fe7194-6729-478e-a42f-d9ee250edd40-724-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2918c291-34cc-4e78-b943-f178a09c40c1-c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\30e089ce-edb9-4d5a-8502-7b711d5ffd63-270-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32409f98-5d2e-4d68-a08f-ec8c76865f65-d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32c46f7a-a2fd-4107-93ad-92f506d7448c-740-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\34f90193-ce79-4e80-878e-58cce56dca87-ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\368f4ce9-0684-4a76-9ccd-00087936c200-90-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3722267b-49ac-4069-81bf-a96b8d20eda5-e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3784c1d1-bc58-4a00-bb72-44dc5fa457e8-c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\39b8d173-bb8d-440b-a5f7-8f4c760a8907-704-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3ad1b5bf-6b3d-4c0d-9f89-59eb22e5d319-bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\44f858f5-5349-4a6e-9b12-6635d57ed8f6-d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4f48034c-b4a4-492e-b375-ac408798e8e3-6f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\53ed6032-6542-4cd0-8154-d55309cb8642-284-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\54893250-d807-4937-8c6e-18590ef5de35-6f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5ad54213-48df-4810-8165-c56f04b9af3b-2c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d22d661-bbee-4171-9583-9bdb72da8783-6f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6439b092-8983-4403-96fc-1cb088faa6c9-dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6a84679a-2022-4c68-ba84-940777be52cd-d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\73bc10bb-3aeb-4f40-b2aa-ca7e9a4d0e6d-6f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\73df6524-e4e1-40ed-9d36-9d43b17959c3-7e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74186501-15cf-4b2c-a0d2-c1d36de0b2e5-298-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77d741d5-550d-4d27-99d3-261c177a8733-794-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\793a8992-8a9e-496c-9857-06262a22a394-724-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7c7a83cc-77d6-463e-aada-1d5074bdf586-6f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7f1eaac1-7ac1-43ad-91aa-0248b909e1f3-e9c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\84c6af56-e892-45a1-be27-e14412b4e098-7fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8f07261f-6188-42b6-a274-b09743888b00-124-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\95c44583-b6c7-4e79-a742-f28ee3d5e3fd-6f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9871fa90-ec74-4458-b184-67dec51a3214-d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99d492b9-13c6-47d6-b04d-e7f90f1d7599-9bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a659e930-a5dd-4c99-9f87-90219d12abe7-7c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a928138d-1d65-480b-bc00-202b78324e8f-710-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a92ca03b-baba-4bb5-b066-c4d938b32df0-d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab1e60b9-7f2b-4c9a-a1b8-1f579d70b49c-120-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ac1ab32a-2f55-40ec-bf66-bebddf8feb80-33c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5514542-2e73-4336-97ae-2b198940fd4e-d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b81081b6-a986-4edd-9fa8-cf0788fa7585-130-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bb614211-7f15-423d-9932-0c7d627b8845-70c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bb7ed1f4-64fe-42cf-add6-c1c0b186baf3-b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c948963e-bc52-4143-8d79-0952c1014467-700-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cc15e951-a285-4dcf-ab20-52f97b03f66a-cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cf66cf7a-7193-484c-8ae0-df498653934c-284-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d32b69d3-57f1-462e-8eb4-1e3815732c75-bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d5e38915-2549-4380-8c65-93c912e9fce9-a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db8ee059-9131-48b4-a92b-af7522509218-bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ddbfc5e2-6ed6-497f-bbba-15b243054ff6-6f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e0f1e449-4ce1-4919-aa96-e8e2125b6064-e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e72700d8-9634-4506-994e-148268d619db-33c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eb5d88f6-8924-492d-b9d8-218648216989-710-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee1eb79f-40ff-4063-85bd-b2aaab9be3f1-6f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f36f1445-03c8-45fe-9a82-018e7fd09e63-7c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty
c:\documents and settings\All Users\Application Data\ESET
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\asdata.dat
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\disk201006a.dat
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\disk201006b.dat
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\net201006a.dat
c:\documents and settings\All Users\Application Data\ESET\ESET Smart Security\Stats\net201006b.dat
c:\documents and settings\b\Application Data\ESET
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\productid
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\rkd
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc1.bin.full.2010.02.10.23.27.19.lkr1
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc2.bin.full.2005.02.11.04.44.13.lkr1
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\sc5.bin.full.0000.00.00.00.00.00.lkr1
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scdns.bin
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scoffset.bin.full
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scoffset.bin.incr
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scrh.bin.full
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\Antispam\scwh.bin.full
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\ekrnSmonEL.dat
c:\documents and settings\b\Application Data\ESET\ESET Smart Security\ekrnSmonWL.dat
c:\documents and settings\b\Local Settings\Application Data\ESET
c:\program files\UnHackMe
c:\program files\UnHackMe\database.rdb
c:\program files\UnHackMe\GWebUpdate.exe
c:\program files\UnHackMe\hackmon.exe
c:\program files\UnHackMe\order.txt
c:\program files\UnHackMe\readme.txt
c:\program files\UnHackMe\reanimator.exe
c:\program files\UnHackMe\regrun2.chm
c:\program files\UnHackMe\regrun2.cnt
c:\program files\UnHackMe\regrun2.hlp
c:\program files\UnHackMe\regrunck.exe
c:\program files\UnHackMe\regruninfo.db
c:\program files\UnHackMe\RegRunInfo.exe
c:\program files\UnHackMe\UnHackMe.chm
c:\program files\UnHackMe\UnHackMe.cnt
c:\program files\UnHackMe\unhackme.err
c:\program files\UnHackMe\Unhackme.exe
c:\program files\UnHackMe\UnHackMe.hlp
c:\program files\UnHackMe\unhackme.ini
c:\program files\UnHackMe\unhackme.log
c:\program files\UnHackMe\unhackme.zip
c:\program files\UnHackMe\unhackme_setup.exe
c:\program files\UnHackMe\unhackmedb.unh
c:\program files\UnHackMe\UnHackMeDrv.sys
c:\program files\UnHackMe\unhackmeschedule.exe
c:\program files\UnHackMe\unins000.dat
c:\program files\UnHackMe\unins000.exe
c:\windows\system32\drivers\Partizan.sys
c:\windows\system32\Partizan.exe
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-18 17:55 . 2010-06-18 17:55 -------- d-----w- c:\documents and settings\b\Application Data\Avira
2010-06-18 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-18 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-18 17:47 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-18 17:47 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\program files\Avira
2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-18 15:52 . 2010-06-18 15:52 -------- d-----w- c:\windows\$regcmp$
2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit
2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 15:12 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-23 06:02 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat
2010-06-23 06:02 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat
2010-06-22 16:44 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ
2010-06-22 06:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ
2010-06-17 20:09 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent
2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet
2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series
2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0
2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype
2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX
2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0
2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack
2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll
2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 512
Created time: 2010-04-12 15:47
Modified time: 2010-04-12 15:47
MD5: 7059D6B4CBD6AC0106D2C077C728ECD8
SHA1: BFBEC5D7DB221F0331D3D69A1434F1D651898A50

---- Directory of c:\windows\$regcmp$ ----



((((((((((((((((((((((((((((( SnapShot@2010-06-16_09.25.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-23 18:38 . 2010-06-23 18:38 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat
- 2004-08-18 12:00 . 2010-06-10 04:15 67646 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-06-23 06:02 67646 c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2010-06-18 17:47 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-23 06:05 . 2010-06-23 06:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-23 15:26 . 2010-06-23 15:26 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-23 06:03 . 2010-06-23 06:03 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2004-08-18 12:00 . 2010-06-10 04:15 432690 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2010-06-23 06:02 432690 c:\windows\system32\perfh009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07 297808 c:\windows\system32\mscoree.dll
+ 2010-03-30 22:16 . 2010-03-30 22:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-06-18 17:46 . 2010-06-18 17:46 219648 c:\windows\Installer\6eac5b.msi
+ 2010-06-23 06:05 . 2010-06-23 06:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-23 06:05 . 2010-06-23 06:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll
+ 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\2cbf475.msp
+ 2010-06-23 06:03 . 2010-06-23 06:03 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-23 06:05 . 2010-06-23 06:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-23 06:05 . 2010-06-23 06:05 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-23 06:05 . 2010-06-23 06:05 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-23 06:05 . 2010-06-23 06:05 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-23 06:03 . 2010-06-23 06:03 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 06:03 . 2010-06-23 06:03 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-10 04:15 . 2010-06-10 04:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-01-14 13:38 . 2010-01-14 13:38 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 06:03 . 2010-06-23 06:03 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 06:02 . 2010-06-23 06:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-10 04:14 . 2010-06-10 04:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-30 23:23 . 2010-03-30 23:23 15638528 c:\windows\Installer\2cbf482.msp
+ 2010-06-23 06:04 . 2010-06-23 06:04 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-23 06:04 . 2010-06-23 06:04 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.


szer. jún. 23, 2010 19:53
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Ok,az jo ha van sok melo :wink:
Az Avira renben van,ez a Antivirus a legjobbak koze tartozik,az utolso idoben talan a legjobb,csak kar hogy a free verzioban nincsen posta vizsgalat,

Ez a program micsoda??nemismerem
c:\program files\ShirusuPad\ShirusuPad.exe
ha nem kell,vagy nem hasznalod letelepiteni.

Letesztelni a www.virustotal.com
ezt a fajlt a linket tedd ide a tesztrol:
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll

:arrow: Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide.
Kód:
KILLALL::
DirLook::
c:\windows\$regcmp$
Folder::
c:\documents and settings\b\Local Settings\Application Data\ESET
c:\documents and settings\b\Application Data\ESET
c:\documents and settings\All Users\Application Data\ESET
c:\documents and settings\All Users\Application Data\avg9
c:\program files\UnHackMe
File::
c:\windows\winstart.bat
c:\windows\system32\Partizan.exe
c:\windows\system32\drivers\Partizan.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"HP Software Update"=-
"HP Component Manager"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
Driver::
Partizan
FileLook::
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll



szer. jún. 23, 2010 8:43
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
Bocs,
sok melo volt. Itt megy a log. Az Aviran ne csodalkozz, nem mertem virusirto nelkul elni. Majd cserelem az Avastra.
Szoval a log: most hogyan tovabb?

--
ComboFix 10-06-15.03 - b 010.06.22. 18:53:54.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1430 [GMT 2:00]
Running from: c:\documents and settings\b\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\b\Asztal\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\hidpp.sys"
"c:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hidpp.sys
.
---- Previous Run -------
.
c:\windows\Tasks\WGASetup.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HIDPP
-------\Legacy_KXUYUA
-------\Service_ethewlwj
-------\Service_ethhetaa
-------\Service_ethjtdvv
-------\Service_ethnzesu
-------\Service_ethoikjz
-------\Service_ethptxyw
-------\Service_ethvdnea
-------\Service_hidpp
-------\Service_kxuyua
-------\Service_ltzklvlc
-------\Legacy_HIDPP
-------\Legacy_KXUYUA
-------\Service_hidpp


((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-18 17:55 . 2010-06-18 17:55 -------- d-----w- c:\documents and settings\b\Application Data\Avira
2010-06-18 17:47 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-18 17:47 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-18 17:47 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-18 17:47 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\program files\Avira
2010-06-18 17:47 . 2010-06-18 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-18 15:52 . 2010-06-18 15:52 -------- d-----w- c:\windows\$regcmp$
2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit
2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro
2010-06-13 16:26 . 2010-06-13 16:26 -------- d-----w- c:\documents and settings\b\Local Settings\Application Data\ESET
2010-06-13 15:17 . 2010-06-13 15:17 -------- d-----w- c:\documents and settings\b\Application Data\ESET
2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-03 08:07 . 2010-06-03 08:07 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:07 . 2010-06-03 08:07 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 16:44 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ
2010-06-22 09:40 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-22 06:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ
2010-06-17 20:09 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-06-17 19:01 . 2009-11-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent
2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet
2010-06-10 04:15 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat
2010-06-10 04:15 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat
2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series
2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0
2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype
2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX
2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0
2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack
2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 12:15 . 2010-04-17 12:15 2 --shatr- c:\windows\winstart.bat
2010-04-17 12:14 . 2010-04-17 12:14 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-17 12:14 . 2010-04-17 12:14 34952 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll
2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_09.25.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-06-22 16:57 . 2010-06-22 16:57 16384 c:\windows\temp\Perflib_Perfdata_3b0.dat
+ 2010-06-18 17:47 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-06-18 17:46 . 2010-06-18 17:46 219648 c:\windows\Installer\6eac5b.msi
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"TPSMain"="TPSMain.exe" [2008-02-06 271672]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416]
"ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\hplun.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk
backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-27 11:02 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-03-23 14:33 594144 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ins\\utorrent\\uTorrent-1.6.1.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent185\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010.06.18. 19:47 135336]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704]
R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?]
R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328]
R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010.04.17. 14:14 34952]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912]
R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456]
.
.
------- Supplementary Scan -------
.
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm
IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 19:21
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.]
"ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kilgray\MemoQ\AUClient.exe
c:\program files\Kilgray\memoQ40\AUClient.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\thpsrv.exe
c:\windows\system32\igfxext.exe
c:\program files\Jetico\BestCrypt\BCResident.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Completion time: 2010-06-22 19:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 17:24
ComboFix2.txt 2010-06-16 09:27

Pre-Run: 3 996 741 632 bájt szabad
Post-Run: 3 921 580 032 bájt szabad

- - End Of File - - 3999D78EE1CFAE24BE3056E0722B8C49



stell írta:
olvasd el figyelmesen hogy irtam le es csinald meg megegyszer a combofixel a CFScript.txt
es adig varjal meg nem add logot a minitora,aztan tedd ide a tartalmat.
A NOD kituno Antivirus,,tehat jobbat nem tudok ajanlani,,a virus irto nem arra van hogy ismeretlen virusokat keres a gepen,hanem arra hogy vedje a gepet az ismert virusoktol,,ha kitisztitsuk akkor majd vissza rakod,,de nem valami crackolt de legalisat,,ha ingyeneset akkor az Avastot,,,Unhackme,,ezek specialis szoftwerek ,ezert irom hogy felesleges ossze vissza futtatni minden fele programokat,antivirusokat,anti rootkiteket,,mert itt is ugy van mint az orvosnal,,minden betegsegre mast kell hasznalni,,ok

Megjedzes::
adig nenyuljal a gephez meg kinem nyilik a jedzettomb a monitoron,mert te felbeszakitotad a torlest es kimasoltad a parancssorbol [kek ablakbol ami oda volt irva],,de hogy hogyan ezt nem tudom. :lol:


szer. jún. 23, 2010 8:03
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11865
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: Vírus vagy mi lehet???
nbela írta:
... Igen, ezt mindig leírod. Én is mindig válaszolok rá, hogy nekem meg semmi bajom a töréssel ...

Szemed mint a sasé. :)

Én kétszer próbáltam meg (régebben), mind a kétszer belehalt. Vagy nem frisstett, vagy kiírta hogy próbaverzió és a teljes verzióhoz meg kell venni.

Szóval leszedtem, azóta nincs gondom. Neked valami más (jó) megoldásod lehet.
A Serial-t csak meg kell adni, és kész. Vannak oldalak, ahol mindig lehet találni, a NOD32view-val pedig le lehet ellenőrizni, tárolni, stb.

Amióta megszívtam, semmi olyat nem futtatok, aminél a Virustotal bejelez. Vagy nagyon megnézem, melyik víruskereső, és mit jelez.


szomb. jún. 19, 2010 14:34
Profil Privát üzenet küldése
gyémánt tag

Csatlakozott: pén. aug. 06, 2004 22:20
Hozzászólások: 3531
Tartózkodási hely: Miskolc
Hozzászólás Re: Vírus vagy mi lehet???
Laci_L írta:
Nem szabad semmiféle Crack-et használni a NOD-hoz, mert hazavágja, védtelenné teszi, mert a Crack is vírus!!
Igen, ezt mindig leírod. Én is mindig válaszolok rá, hogy nekem meg semmi bajom a töréssel:
http://forum.terminal.hu/viewtopic.php?p=945028#p945028
Idézet:
Kotorásztam utána a neten, de nem találtam bizonyított ártó működést. Ha valaki tud ilyen infót, írja meg és rögtön le is szedem. Nekem eddig nincs vele semmi bajom...


szomb. jún. 19, 2010 12:20
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11865
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: Vírus vagy mi lehet???
stell írta:
... A NOD kituno Antivirus ... de nem valami crackolt de legalisat ...

Abszolút így van. Nem szabad semmiféle Crack-et használni a NOD-hoz, mert hazavágja, védtelenné teszi, mert a Crack is vírus!!

Ha nem veszi meg a User, lehet a Neten találni legális Serialt. Csak keresni kell (vagy pü). Avval nem lesz gond.


szomb. jún. 19, 2010 8:54
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
olvasd el figyelmesen hogy irtam le es csinald meg megegyszer a combofixel a CFScript.txt
es adig varjal meg nem add logot a minitora,aztan tedd ide a tartalmat.
A NOD kituno Antivirus,,tehat jobbat nem tudok ajanlani,,a virus irto nem arra van hogy ismeretlen virusokat keres a gepen,hanem arra hogy vedje a gepet az ismert virusoktol,,ha kitisztitsuk akkor majd vissza rakod,,de nem valami crackolt de legalisat,,ha ingyeneset akkor az Avastot,,,Unhackme,,ezek specialis szoftwerek ,ezert irom hogy felesleges ossze vissza futtatni minden fele programokat,antivirusokat,anti rootkiteket,,mert itt is ugy van mint az orvosnal,,minden betegsegre mast kell hasznalni,,ok

Megjedzes::
adig nenyuljal a gephez meg kinem nyilik a jedzettomb a monitoron,mert te felbeszakitotad a torlest es kimasoltad a parancssorbol [kek ablakbol ami oda volt irva],,de hogy hogyan ezt nem tudom. :lol:


pén. jún. 18, 2010 19:52
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
Koszonom,
az unhack me nem talal semmi gyanusat.
milyen virusirtot tegyek fel, mert mar a nod-ot is leturtam?

itt megy a log:


Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

Completed Stage_1
Completed Stage_2
Completed Stage_3
Completed Stage_4
Completed Stage_5
Completed Stage_6
Completed Stage_6A
Completed Stage_7
Completed Stage_8
Completed Stage_9
Completed Stage_10
Completed Stage_11
Completed Stage_12
Completed Stage_13
Completed Stage_14
Completed Stage_15
Completed Stage_16
Completed Stage_17
Completed Stage_18
Completed Stage_19
Completed Stage_19B
Completed Stage_20
Completed Stage_21
Completed Stage_22
Completed Stage_23
Completed Stage_24
Completed Stage_25
Completed Stage_26
Completed Stage_27
Completed Stage_28
Completed Stage_29
Completed Stage_30
Completed Stage_31
Completed Stage_32
Completed Stage_32A
Completed Stage_33
Completed Stage_34
Completed Stage_35
Completed Stage_36
Completed Stage_37
Completed Stage_38
Completed Stage_39
Completed Stage_40
Completed Stage_41
Completed Stage_42
Completed Stage_43
Completed Stage_44
Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50


Deleting Files:

c:\windows\system32\drivers\hidpp.sys
c:\windows\Tasks\WGASetup.job


pén. jún. 18, 2010 18:41
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide.
Kód:
KILLALL::
File::
c:\windows\system32\drivers\hidpp.sys
c:\windows\Tasks\WGASetup.job
Driver::
ltzklvlc
ethewlwj
ethhetaa
ethjtdvv
ethnzesu
ethoikjz
ethptxyw
ethvdnea
kxuyua
hidpp
Rootkit::
c:\windows\system32\drivers\ethewlwj.sys
c:\windows\system32\drivers\ethhetaa.sys
c:\windows\system32\drivers\ethjtdvv.sys
c:\windows\system32\drivers\ethnzesu.sys
c:\windows\system32\drivers\ethoikjz.sys
c:\windows\system32\drivers\ethptxyw.sys
c:\windows\system32\drivers\ethvdnea.sys


pén. jún. 18, 2010 8:46
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
Koszonom a valaszt:

- AVG-t lepusztitottam, Kaspersky nincs, Eset van, de azt nem merem torolni.
- a virustotalba bemasolni nem lehet, csak a tallozason keresztul. Az elso TC-ben 0.5 mb-s file a feltoltresre, mozgatasra, barmire 'nincs meg a file' uzenetet kuldd. A masodik kettot nem lehet latni, rejtett fileok engedelyezesevel sem. Mindekozben az unhackme 6-7 ilyen eth*.sys filet sorol fel mint potencialisan gyanusat.

hogyan tovabb?

stell írta:
Ossze vissza futtatad a Kasperskyt,AVG-t-es tele szemetelted a rendszert a driverjokel
Szed le a geprol az AVG-t,Kasperskyt,

Teszteld le http://www.virustotal.com
ezeket a linket a tesztrol tedd ide,,,nem muszaj keresni csak masold majd be az ablakba es kuldod az alaomanyt
c:\windows\system32\drivers\hidpp.sys
c:\windows\system32\drivers\ethewlwj.sys
c:\windows\system32\drivers\ethvdnea.sys


csüt. jún. 17, 2010 21:19
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Ossze vissza futtatad a Kasperskyt,AVG-t-es tele szemetelted a rendszert a driverjokel
Szed le a geprol az AVG-t,Kasperskyt,

Teszteld le www.virustotal.com
ezeket a linket a tesztrol tedd ide,,,nem muszaj keresni csak masold majd be az ablakba es kuldod az alaomanyt
c:\windows\system32\drivers\hidpp.sys
c:\windows\system32\drivers\ethewlwj.sys
c:\windows\system32\drivers\ethvdnea.sys


csüt. jún. 17, 2010 7:21
Profil Privát üzenet küldése Honlap
vas-tag

Csatlakozott: vas. jún. 13, 2010 22:41
Hozzászólások: 9
Hozzászólás Re: Vírus vagy mi lehet???
Köszönet előre is. Itt megy a log file:
---
ComboFix 10-06-15.03 - b 010.06.16. 11:22:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2038.1319 [GMT 2:00]
Running from: c:\documents and settings\b\Asztal\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\b\Application Data\avdrn.dat
c:\documents and settings\b\Application Data\inst.exe
c:\windows\wiaservim.log

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- C:\rsit
2010-06-14 12:36 . 2010-06-14 12:36 -------- d-----w- c:\program files\trend micro
2010-06-13 16:26 . 2010-06-13 16:26 -------- d-----w- c:\documents and settings\b\Local Settings\Application Data\ESET
2010-06-13 15:17 . 2010-06-13 15:17 -------- d-----w- c:\documents and settings\b\Application Data\ESET
2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\program files\ESET
2010-06-13 15:16 . 2010-06-13 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-03 08:07 . 2010-06-03 08:07 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:07 . 2010-06-03 08:07 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 09:25 . 2010-04-16 06:04 586240 ----a-w- c:\windows\system32\drivers\hidpp.sys
2010-06-16 07:09 . 2009-11-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-16 07:01 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\b\Application Data\MemoQ
2010-06-15 06:54 . 2008-12-12 11:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-14 14:41 . 2010-03-04 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemoQ
2010-06-13 05:42 . 2008-12-12 12:44 -------- d-----w- c:\documents and settings\b\Application Data\uTorrent
2010-06-11 15:24 . 2009-01-02 14:37 -------- d-----w- c:\program files\FlashGet
2010-06-10 04:15 . 2004-08-18 12:00 94510 ----a-w- c:\windows\system32\perfc00E.dat
2010-06-10 04:15 . 2004-08-18 12:00 436566 ----a-w- c:\windows\system32\perfh00E.dat
2010-06-03 08:06 . 2008-12-07 18:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:06 . 2008-12-07 18:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 11:12 . 2009-01-05 12:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-01 11:08 . 2009-01-19 11:50 -------- d-----w- c:\program files\hp deskjet 3420 series
2010-05-29 08:30 . 2010-04-08 09:16 -------- d-----w- c:\documents and settings\b\Application Data\gtk-2.0
2010-05-28 07:46 . 2009-01-23 14:27 -------- d-----w- c:\documents and settings\b\Application Data\Skype
2010-05-20 15:27 . 2008-12-13 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-15 16:15 . 2008-12-07 18:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 16:15 . 2008-12-07 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 05:52 . 2010-05-12 19:19 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-13 05:52 . 2010-05-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-13 05:51 . 2010-05-13 05:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-13 05:20 . 2008-12-11 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-12 19:19 . 2009-02-23 18:01 -------- d-----w- c:\documents and settings\b\Application Data\DivX
2010-05-12 05:38 . 2010-05-12 05:38 -------- d-----w- c:\program files\docPrint v5.0
2010-05-12 05:23 . 2010-05-12 05:23 -------- d-----w- c:\program files\psconvert
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 05:11 . 2010-04-28 05:11 -------- d-----w- c:\program files\WinHTTrack
2010-04-27 13:51 . 2010-05-12 19:19 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-20 05:34 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 17:33 . 2010-04-17 12:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-04-17 12:42 . 2010-04-17 12:14 -------- d-----w- c:\program files\UnHackMe
2010-04-17 12:15 . 2010-04-17 12:15 2 --shatr- c:\windows\winstart.bat
2010-04-17 12:14 . 2010-04-17 12:14 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-17 12:14 . 2010-04-17 12:14 34952 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-12 15:47 . 2010-04-12 15:47 512 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9DC837B7701D7C84E856E266933AC9D8.dll
2010-04-12 14:28 . 2009-11-24 12:47 79488 ----a-w- c:\documents and settings\b\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-23 14:34 . 2010-04-17 12:14 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2008-12-13 21:33 . 2008-12-13 21:32 48 --sha-w- c:\windows\S2E0000D6.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-01-26 450648]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 137752]
"TPSMain"="TPSMain.exe" [2008-02-06 271672]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"BCWipeTM Startup"="c:\program files\Jetico\BestCrypt\BCWipeTM.exe" [2003-03-26 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416]
"ShirusuPad"="c:\program files\ShirusuPad\ShirusuPad.exe" [2005-02-22 554496]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
BestCrypt Auto Open.lnk - c:\program files\Jetico\BestCrypt\BestCrypt.exe [2003-3-27 688128]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 07:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\hplun.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk
backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^web'n'walk Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-03 08:07 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 16:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2010-04-12 15:45 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-27 11:02 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2010-03-23 14:33 594144 ----a-w- c:\program files\UnHackMe\hackmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ins\\utorrent\\uTorrent-1.6.1.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent185\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008.01.11. 23:58 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007.09.04. 11:14 6528]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008.12.07. 20:52 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008.12.07. 20:52 242896]
R1 BC_BFish;BC_BFish;c:\windows\system32\drivers\BC_BFISH.SYS [2002.08.16. 7:09 14592]
R1 BC_DES;BC_DES;c:\windows\system32\drivers\BC_DES.SYS [2002.08.16. 7:09 23104]
R1 BC_Gost;BC_Gost;c:\windows\system32\drivers\BC_GOST.SYS [2002.08.16. 7:09 10144]
R1 BC_RIJN;BC_RIJN;c:\windows\system32\drivers\bc_rijn.sys [2002.08.16. 7:09 32640]
R1 BC_TFISH;BC_TFISH;c:\windows\system32\drivers\BC_TFISH.SYS [2002.08.16. 7:09 21600]
R1 bcbus;BestCrypt bus driver;c:\windows\system32\drivers\bcbus.sys [2002.08.16. 7:09 24800]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.14. 15:47 107256]
R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2002.08.16. 7:09 8416]
R1 GtTdiFltr;GtTdiFltr;c:\windows\system32\drivers\GtTdiFltr.sys [2008.02.08. 16:39 4864]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010.03.13. 9:16 308064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009.05.14. 15:47 731840]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007.12.18. 13:48 196704]
R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun [?]
R2 Kilgray: memoQ update permissions manager. 979430.;Kilgray: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008.12.07. 20:47 732160]
R3 mhk;mhk;c:\windows\system32\drivers\mhk.sys [2002.08.16. 7:09 6272]
R3 moh;moh;c:\windows\system32\drivers\moh.sys [2002.08.16. 7:09 3328]
R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010.04.17. 14:14 34952]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007.05.29. 11:01 6912]
R3 RTL8187B;Realtek RTL8187B vezeték nélküli 802.11b/g 54Mbps USB 2.0 hálózati adapter;c:\windows\system32\drivers\RTL8187B.sys [2008.12.07. 20:29 288000]
S0 ltzklvlc;ltzklvlc; [x]
S1 ethewlwj;ethewlwj;c:\windows\system32\drivers\ethewlwj.sys --> c:\windows\system32\drivers\ethewlwj.sys [?]
S1 ethhetaa;ethhetaa;c:\windows\system32\drivers\ethhetaa.sys --> c:\windows\system32\drivers\ethhetaa.sys [?]
S1 ethjtdvv;ethjtdvv;c:\windows\system32\drivers\ethjtdvv.sys --> c:\windows\system32\drivers\ethjtdvv.sys [?]
S1 ethnzesu;ethnzesu;c:\windows\system32\drivers\ethnzesu.sys --> c:\windows\system32\drivers\ethnzesu.sys [?]
S1 ethoikjz;ethoikjz;c:\windows\system32\drivers\ethoikjz.sys --> c:\windows\system32\drivers\ethoikjz.sys [?]
S1 ethptxyw;ethptxyw;c:\windows\system32\drivers\ethptxyw.sys --> c:\windows\system32\drivers\ethptxyw.sys [?]
S1 ethvdnea;ethvdnea;c:\windows\system32\drivers\ethvdnea.sys --> c:\windows\system32\drivers\ethvdnea.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008.02.18. 17:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008.02.08. 13:00 59648]
S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2009.02.12. 13:47 18816]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010.04.17. 14:23 24416]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002.08.16. 7:09 83456]
S4 kxuyua;kxuyua; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - hidpp
.
Contents of the 'Scheduled Tasks' folder

2010-06-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-15 20:18]
.
.
------- Supplementary Scan -------
.
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm
IE: MINDEN letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\8d05g8ez.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPnsv_vp3_mp3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 11:25
Windows 5.1.2600 Szervizcsomag 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: MemoQ update permissions manager. 978527.]
"ImagePath"="c:\program files\Kilgray\MemoQ\AUClient.exe -PermissionManagerRun"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidpp]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1692)
c:\windows\system32\hplun.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1748)
c:\windows\system32\hplun.dll
.
Completion time: 2010-06-16 11:27:16
ComboFix-quarantined-files.txt 2010-06-16 09:27

Pre-Run: 2 990 891 008 bájt szabad
Post-Run: 4 247 769 088 bájt szabad

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /noexecute=optin /fastdetect

- - End Of File - - 543725EFFF20AA3E99DB158F37C49111

--



stell írta:
Igen a geped tele van rootkitel meg trojaval,ezert rogton futtatod a combofixet,es megengeded neki feltelepiteni a javito konzolat,,a logjat majd tedd ide,
http://virus-stell.blogspot.com/2010/04/combofix.html


szer. jún. 16, 2010 15:44
Profil Privát üzenet küldése
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: Vírus vagy mi lehet???
Igen a geped tele van rootkitel meg trojaval,ezert rogton futtatod a combofixet,es megengeded neki feltelepiteni a javito konzolat,,a logjat majd tedd ide,
http://virus-stell.blogspot.com/2010/04/combofix.html


hétf. jún. 14, 2010 15:41
Profil Privát üzenet küldése Honlap
Hozzászólások megjelenítése:  Rendezés  
Hozzászólás a témához   [ 1736 hozzászólás ]  Oldal Előző  1 ... 6, 7, 8, 9, 10, 11, 12 ... 35  Következő

Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 11 vendég


Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Keresés:
Ugrás:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség