Terminál Fórum https://forum.technokrata.hu/forum/ |
|
Vírus vagy mi lehet??? https://forum.technokrata.hu/forum/viewtopic.php?f=15&t=20774 |
Oldal: 4 / 35 |
Szerző: | stell [ szer. szept. 07, 2011 10:12 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Mikkor ra klikelsz az NETWORK ikonra, akkor ha DHCP_IP van akor automatikusan bealitja, ha nincsen dinamikus IP, akkor be kell irnod az IP- |
Szerző: | tomee005 [ szer. szept. 07, 2011 10:02 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Végignéztem az egész menürendszert, de csak olyat találtam hogy mini windows de az 98 és nem grafikus. A windows xp pe menüpontban elindul egy mini xp meg az opera is, de nem tudok vele a netre kapcsolódni. Ott is próbáltam a restore dolgot, de enter után semmi nem történik. |
Szerző: | stell [ szer. szept. 07, 2011 9:37 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
na ,ok, Akkor igyu. A menuben valaszd ki a Hiren"s bootcd Futtasd>>a menuben valaszt ki Minixp Megvarod meg be bootol az asztara, ez az asztal a Hiren"s asztala, itt 2x ra klikelsz a Network>>>ikonra>>azrtan az Diskety>>aztan Boot WinTools>> Browsers>>>>Opera>>>es ha mar itt leszel akkor irjal . |
Szerző: | tomee005 [ szer. szept. 07, 2011 9:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Azt írja hogy nem lehet futtatni a programot dos módban. |
Szerző: | stell [ szer. szept. 07, 2011 9:12 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ok, akkor eloszor megnezuk, maradt e visszalitasi pont, ha mardt akkor visszaalitod, egy kesobbi pontra, igy termeszetesen viszza altsuk a fertozeseket is, ha nincsen mar visszalitasi pont,akkor irjal Tehat a parancssorba ird be ezt a parancsot, %Systemroot%/system32/restore/rstrui.exe Enter, ha van valasz vastag datumot, ha nincsen akkor akarmijet, |
Szerző: | tomee005 [ szer. szept. 07, 2011 9:08 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen ez a főmenü megjelenik.A parancssorba be tudok lépni. |
Szerző: | stell [ szer. szept. 07, 2011 9:04 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
http://wxpee.hu/simplicity/ Tehat ez van?? Es a parancssorba betudsz lepni?? |
Szerző: | tomee005 [ szer. szept. 07, 2011 8:58 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sajnos nem sima win-em van hanem simplicity extended edition. Nem találok olyan lehetőséget hogy javítás. Milyen lehetőség van még ? Ha egy másik windowst is tennék fel másik meghajtóra, arról tudnám pótolni a fájlokat ? |
Szerző: | stell [ szer. szept. 07, 2011 8:47 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nem, minden megmarad, csak a rendszerfajlokat at irja, a javito telepites, figyelmesen olvasd el ami a blogomban van, ot le van irva es ne tevedj meg, inkab olvasd el tobbszor. http://www.virus-stell.com/2010/04/javi ... -2000.html |
Szerző: | tomee005 [ szer. szept. 07, 2011 8:40 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Az email-ek és a többi beállításom törlődnek ezzel ? Az e-mailek outlook expressben vannak. A rendszer visszaállítást újra bekapcsoltam, ez okozhatta a problémát ? |
Szerző: | stell [ szer. szept. 07, 2011 8:36 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Csinald ezt stell írta: Na, ez csunya fertozes lesz, van e telepito lemezed?? ha van akkor csinalj Javito telepitest, mert kitoroltel, valami rendszer fajlot. http://www.virus-stell.com/2010/04/javi ... -2000.html ha kesz lesz irjal. |
Szerző: | tomee005 [ szer. szept. 07, 2011 8:34 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen van. |
Szerző: | stell [ szer. szept. 07, 2011 8:19 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Na, ez csunya fertozes lesz, van e telepito lemezed?? ha van akkor csinalj Javito telepitest, mert kitoroltel, valami rendszer fajlot. http://www.virus-stell.com/2010/04/javi ... -2000.html ha kesz lesz irjal. |
Szerző: | tomee005 [ szer. szept. 07, 2011 8:15 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sajnos közben elment az egér és a billentyűzet a gépemről ezért most semmit nem tudok csinálni rajta. Most egy másik gépről írok. A windows előtt megy mind a kettő, de a windowsban egyik sem. Nem tölti be a drivereket szerintem. Ezt hogy lehet helyrehozni ? |
Szerző: | stell [ szer. szept. 07, 2011 8:01 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Ok, probald meg meg egtszer az AVPTOOL al csokkentet modban, halozat nelkul, a skent, ha ott se menne akkor irjal,ha keri a restartot, akkor megint csak csokkentet modba tedd. |
Szerző: | tomee005 [ kedd szept. 06, 2011 21:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
A programokat leszedtem, amiket kértél. Az AVPTOOL programmal nem sokra mentem. Először azt írta, hogy vírust talált és az újraindítás után tudja csak eltávolítani, de az újraindítás után nem csinált semmit. Aztán 2. alkalommal elindítottam a programot és már 1%-nál kilépett. Az újraindítás előtt ezt a két log fájlt tudtam csak menteni. Status: Detected (events: 1) 2011.09.06. 21:40:05 Detected Trojan program Backdoor.Win32.ZAccess.ob c:\WINDOWS\1740172446:1628653464.exe High Status: Will be deleted when the computer is restarted (events: 1) 2011.09.06. 21:41:59 Will be deleted when the computer is restarted Trojan program Backdoor.Win32.ZAccess.ob c:\WINDOWS\1740172446:1628653464.exe High Status: Disinfected (events: 1) 2011.09.06. 21:42:13 Disinfected Trojan program Rootkit.Win32.ZAccess.e c:\WINDOWS\system32\drivers\serial.sys High |
Szerző: | stell [ kedd szept. 06, 2011 14:24 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
AZ nem program, hanem virus, es igen veszejes, mert megfertozte a rendszer fajlokat,Most pontosan csinald amit irok, mert ez Fileinfector virus, ezert lehet egy csomo fertozes. 1:Szed le a geprol a vezerlo pulto altal ezeket a programokat: Idézet: c:\program files\Spyware Doctor c:\program files\Spyware Terminator c:\program files\Lavasoft\Ad-Aware\ c:\program files\AVG9 AZ AVG9 hez hasznald a letelepito seged programot is http://www.virus-stell.com/2010/04/anti ... ramok.html 2:Kikapcsolod a rendszer visszaalitasat, es at viszgalod a Gepet az AVPTOOL programal, ugy alitsd be ahogy le van irva, a vegen csinalj logot es tedd ide Letöltés 11 verziót http://www.virus-stell.com/2010/04/avptool.html A logot a vegen majd csinald igy. klik jobb oldalon fent az jedzet tomb ikonjara aztan baloldalt kozepen a fullre Detected threats>.aztan kozepen>> SAVE>>adj neki nevet, es tedd az asztalra, aztan ide a forumba, es aztan meglatom hogy mi van. |
Szerző: | tomee005 [ kedd szept. 06, 2011 13:54 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia ! A gépet újraindítottam csokkentett módban és úgy csináltam mindent ahogy leírtad. A RogueKiller lefutott a naplókat lejjebb bemásolom. A Malwarebytes programot nem engedte használni a vírus. Először elindult a vizsgálat de aztán egyszercsak kilépett. Aztán már nem tudtam hozzáférni. A swmbr szintén kilépett. A combofix lement a naplót bemásolom. Azt már észrevettem, hogy a 1740172446:1628653464.exe nevű program eltűnt a futó folyamatok listájáról. Ez milyen program lehetett ? Még egyszer köszönöm a fáradozásaidat ! RogueKiller V5.3.4 [08/30/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Rendszergazda [Admin rights] Mode: Remove -- Date : 09/06/2011 13:47:25 Bad processes: 2 [SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc] [RESIDUE] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc] Registry Entries: 4 [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Particular Files / Folders: HOSTS File: 127.0.0.1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt RogueKiller V5.3.4 [08/30/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Rendszergazda [Admin rights] Mode: HOSTSFix -- Date : 09/06/2011 13:48:56 Bad processes: 1 [SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc] HOSTS File: 127.0.0.1 localhost Resetted HOSTS: 127.0.0.1 localhost Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V5.3.4 [08/30/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Rendszergazda [Admin rights] Mode: ProxyFix -- Date : 09/06/2011 13:49:23 Bad processes: 1 [SUSP PATH] 1740172446:1628653464.exe -- c:\windows\1740172446:1628653464.exe -> KILLED [TermProc] Registry Entries: 0 Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ComboFix 11-09-06.01 - Rendszergazda 011.09.06. 14:10:54.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.511.389 [GMT 2:00] Running from: c:\documents and settings\Rendszergazda.DEMO-DE1F798F41\Asztal\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\demo\Application Data\PriceGong c:\documents and settings\demo\Application Data\PriceGong\Data\1.xml c:\documents and settings\demo\Application Data\PriceGong\Data\a.xml c:\documents and settings\demo\Application Data\PriceGong\Data\b.xml c:\documents and settings\demo\Application Data\PriceGong\Data\c.xml c:\documents and settings\demo\Application Data\PriceGong\Data\d.xml c:\documents and settings\demo\Application Data\PriceGong\Data\e.xml c:\documents and settings\demo\Application Data\PriceGong\Data\f.xml c:\documents and settings\demo\Application Data\PriceGong\Data\g.xml c:\documents and settings\demo\Application Data\PriceGong\Data\h.xml c:\documents and settings\demo\Application Data\PriceGong\Data\i.xml c:\documents and settings\demo\Application Data\PriceGong\Data\j.xml c:\documents and settings\demo\Application Data\PriceGong\Data\k.xml c:\documents and settings\demo\Application Data\PriceGong\Data\l.xml c:\documents and settings\demo\Application Data\PriceGong\Data\m.xml c:\documents and settings\demo\Application Data\PriceGong\Data\mru.xml c:\documents and settings\demo\Application Data\PriceGong\Data\n.xml c:\documents and settings\demo\Application Data\PriceGong\Data\o.xml c:\documents and settings\demo\Application Data\PriceGong\Data\p.xml c:\documents and settings\demo\Application Data\PriceGong\Data\q.xml c:\documents and settings\demo\Application Data\PriceGong\Data\r.xml c:\documents and settings\demo\Application Data\PriceGong\Data\s.xml c:\documents and settings\demo\Application Data\PriceGong\Data\t.xml c:\documents and settings\demo\Application Data\PriceGong\Data\u.xml c:\documents and settings\demo\Application Data\PriceGong\Data\v.xml c:\documents and settings\demo\Application Data\PriceGong\Data\w.xml c:\documents and settings\demo\Application Data\PriceGong\Data\x.xml c:\documents and settings\demo\Application Data\PriceGong\Data\y.xml c:\documents and settings\demo\Application Data\PriceGong\Data\z.xml c:\documents and settings\demo\Dokumentumok\2010.doc c:\documents and settings\demo\WINDOWS c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory\SLAD.tmp.d533f5f6.ini c:\documents and settings\Rendszergazda\Local Settings\Application Data\ApplicationHistory\SLD.tmp.79e9943.ini c:\documents and settings\Rendszergazda\WINDOWS C:\DSC00254.JPG c:\program files\2 c:\program files\2\Trend Micro\HiJackThis\HiJackThis.exe c:\windows\assembly\GAC_MSIL\desktop.ini c:\windows\system32\metxveie.dll . Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063131.exe . Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP210\A0063716.exe . Infected copy of c:\program files\Avira\AntiVir Desktop\avguard.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP210\A0063718.exe . Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063046.exe . Infected copy of c:\program files\AVG\AVG9\avgwdsvc.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063042.exe . Infected copy of c:\windows\system32\brsvc01a.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063044.EXE . Infected copy of c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063041.exe . Infected copy of c:\windows\system32\FsUsbExService.Exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063040.Exe . Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063039.exe . Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063038.EXE . Infected copy of c:\program files\Spyware Doctor\pctsAuxs.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063035.exe . Infected copy of c:\program files\PC Connectivity Solution\ServiceLayer.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063033.exe . Infected copy of c:\program files\Spyware Terminator\sp_rsser.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063034.exe . Infected copy of c:\windows\system32\FsUsbExService.Exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063040.Exe Infected copy of c:\program files\PC Connectivity Solution\ServiceLayer.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063033.exe Infected copy of c:\program files\Spyware Terminator\sp_rsser.exe was found and disinfected Restored copy from - c:\system volume information\_restore{BFD3A365-01E3-411A-8198-F7DB1A6418A3}\RP208\A0063034.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_9eecb867 . . ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 ))))))))))))))))))))))))))))))) . . 2011-09-06 11:52 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-06 11:52 . 2011-09-06 11:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2011-09-06 11:52 . 2011-09-06 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-06 11:52 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-06 11:47 . 2011-09-06 11:49 -------- d-----w- C:\stell 2011-09-05 20:31 . 2011-09-05 20:31 -------- d-----w- c:\documents and settings\demo\Application Data\Avira 2011-09-05 20:29 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-09-05 20:29 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-09-05 20:29 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-09-05 20:29 . 2011-09-05 20:29 -------- d-----w- c:\program files\Avira 2011-09-05 20:12 . 2011-09-05 20:12 388096 ----a-r- c:\documents and settings\demo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-05 19:48 . 2011-09-05 19:48 -------- d-----w- c:\documents and settings\Rendszergazda.DEMO-DE1F798F41 2011-09-05 19:40 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-09-05 19:39 . 2011-09-05 19:39 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2011-09-05 19:39 . 2011-09-05 19:39 -------- d-----w- c:\program files\Lavasoft 2011-08-15 10:57 . 2008-04-13 08:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2011-08-15 10:57 . 2008-04-13 08:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys 2011-08-15 10:56 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2011-08-15 09:32 . 2011-08-15 11:01 -------- d-----w- c:\documents and settings\demo\Application Data\Nokia 2011-08-15 09:21 . 2011-08-15 09:21 -------- d-----w- c:\program files\Common Files\PCSuite 2011-08-15 09:21 . 2011-08-15 09:21 -------- d-----w- c:\program files\Common Files\Nokia 2011-08-15 09:21 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2011-08-15 09:20 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2011-08-15 09:20 . 2011-05-18 08:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2011-08-15 09:20 . 2011-05-18 08:12 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2011-08-15 09:20 . 2011-05-18 08:13 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll 2011-08-15 09:20 . 2011-05-18 08:13 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll 2011-08-15 09:20 . 2011-05-18 08:12 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2011-08-15 09:20 . 2011-05-18 08:09 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2011-08-15 09:20 . 2011-08-15 09:21 -------- d-----w- c:\program files\Nokia 2011-08-15 09:18 . 2011-08-15 09:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations 2011-08-10 21:47 . 2011-08-10 21:47 -------- d-----w- c:\documents and settings\demo\Local Settings\Application Data\Threat Expert . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-03 10:29 . 2009-11-05 18:26 60416 ----a-w- c:\windows\ALCFDRTM.VER 2011-08-04 08:33 . 2011-08-04 08:33 1409 ----a-w- c:\windows\QTFont.for 2011-07-21 10:15 . 2009-04-26 11:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-16 10:43 . 2011-06-16 10:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2009-10-27 11:44 . 2009-04-26 10:41 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-10-27 11:44 . 2009-04-26 10:41 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-10-27 11:44 . 2009-04-26 10:41 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-10-27 11:44 . 2009-04-26 10:41 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-10-27 11:44 . 2009-04-26 10:41 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904] "EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Indˇt˘pult\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-22 09:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\Downloads\\utorrent.exe"= "d:\\WINDOWS\\utorrent.exe"= "c:\\Documents and Settings\\demo\\Asztal\\utorrent-1.5.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Documents and Settings\\demo\\Dokumentumok\\Downloads\\O&O Defrag Professional v11.5.4065 hun\\O&O Defrag Professional\\40000015400002i\\oodag.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= "c:\\Documents and Settings\\demo\\Dokumentumok\\Downloads\\O&O Defrag Professional Edition v14.1.431 - Portable\\O&O Defrag v14.1.431 - Portable.exe"= "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\demo\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\Program Files\\DVDVideoSoft\\Free Studio\\Free YouTube Download\\FreeYouTubeDownload.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\apnstub.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Documents and Settings\\Rendszergazda.DEMO-DE1F798F41\\Asztal\\aswMBR.exe"= . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010.04.05. 23:23 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011.09.05. 21:40 64288] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011.06.30. 19:40 207280] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010.04.05. 23:23 243152] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011.06.30. 19:40 229304] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010.02.18. 13:45 691696] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011.06.30. 19:48 51984] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011.06.30. 19:48 59664] S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2009.11.25. 14:11 19232] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010.04.05. 23:23 216400] S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011.02.17. 22:48 142592] S1 TRIXX;TRIXX;c:\program files\TRIXX\TRIXXDriver.sys [2005.08.16. 13:17 15360] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.09.05. 22:29 136360] S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010.06.22. 11:27 308136] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2011.06.30. 19:45 112592] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009.12.22. 23:08 233472] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010.08.12. 14:15 1355416] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.09.06. 13:52 366640] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2011.06.30. 19:39 358600] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009.12.22. 23:08 36608] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.09.06. 13:52 22712] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011.06.30. 19:39 70408] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009.12.22. 23:09 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009.12.22. 23:09 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009.12.22. 23:09 121856] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011.06.30. 19:48 33552] S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?] . Contents of the 'Scheduled Tasks' folder . 2011-08-31 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . 2011-08-30 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . 2011-06-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . 2011-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15] . 2011-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-1177238915-1003Core.job - c:\documents and settings\demo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 10:29] . 2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-1177238915-1003UA.job - c:\documents and settings\demo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-08 10:29] . . ------- Supplementary Scan ------- . LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.250.1 FF - ProfilePath - c:\documents and settings\Rendszergazda.DEMO-DE1F798F41\Application Data\Mozilla\Firefox\Profiles\y1bmz6g9.default\ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NPSStartup - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-06 14:35 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="639BEA9BE594ACC795BA9AE19BA37F960FF7DCAEDAD02205472A8D6703D7BE7ADE6E35BF8A09D2300C048CABC76561A4C32CD54C0C41F098C99DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC79338EDD5E5BE2F6E667D2BE00EC87778999126F830155C20F3B66609606BFF6F2FCEFFC11A440D750698AD2F4D7DED2CFB1A088081F300227A6DAE4C1B2A3B574389364075529976183225FB9249DD494FE6FC10F0E8BE0F723E4D0C0C13D424CB49F838BC21C6E9191F8E2F4FCE23CB315630A6CF01DE1190E0F24B6F0F3006E3A6288ACE556C2CE5F45DDC13162123A6C37D268912BCBD4A53861B79F469601F081A96BD62ABD40A190D6B0B4639EE85E7892BFDA95AAA98F9311CCD34474E0E675A0BF54FCCBBCED35D7C21C41EFB52B08C5A15C494CC953A6BDF1B594C69C0C8628903F4A1ED23EE46DEF246A5949F71CE9334ACB459CDFCCF79993EF84F8B7D701BF1FA0AB41F0A5A8A3ABE3F00349BE818BFDB56CBB02B55329DC24646CA2DCF01C1CA12A7C49CF213C34C28FF20D4E14B670B35C75716367772791E122E95BC0ED84049AAD6C0F708D66B3D4DE10FB2B34430574CDC3AC50D3AA2DBE7A1070BB6D4A12BBB1E5E432DC0BF52241884D56F93BFDD7F977BB2DFEC5027E09780CB3C905A89298A3A50AE6935B9D468C9B28EDBD086CE46C91A0AB772C68156D717C25EB3BE9A7787A9D5A91CC31501695B6EC589DE02D66FDD306665C099A9C386F94DE50CD551AE0155ABA460C73073D9DC7BB5021258EA9F2A8DAD832C798CD68A25E028F50A2281EFC6C5520FBA1E7F9413AC3E0536F0EABA6C1FA7581D3EFC8CD127D447912F56B4EA49C22E48D3EEE12CB3198F17C7B3383ABAEAD5F2B33F5084287C4624943334D85D50EE1D540A4660EE382F0099341384D77F42B587F5636DC732F5610DCAD6BD64AA0D6E9BDC4DD3FBC9DF04CCD90B380682B668010D7B2F4AD63D18F631991825B5D5D9DDDFC8CC3AFACCAE2F460D3412C76C3A6F56CCC40B30803D5CA371B98F988C2291A01F9A345B8064EA776EFB07FBD2BB31306C6971806D0D65C4D55CBAE2E0AA5BF08A389190B64F1D8975114342DB7772120D3F980095268B5260472939BE793704BF7C8DC335597CD9134D4AFB5B8A1AAB521882782D544C60E5E075AE245572289DC51530502E923B3497E690A33C70FC64A895B2AD989D4568F2AC35BC0B61F08A83DD59643FA47D1B5437023DCE30459E2E6FE7593BA7756369C281DABDE0589A74750C3A73D7CC213F5653EA1D28F76702F08A46B3D1CE6E4C773088ADCC5DB1A50C1ACF20B5AE1ED92FDD9A0560E296D9281B7FE5C856524B3243D18A6264CB4DC41B2991F4A104733833A" "OODEFRAG11.00.00.01WORKSTATION"="C48CED0D5A63710B70FC5CB7E6C41B80A823A79A7487826248653C97D23A8484764F6410B749B0439F3B4DC5F851CFD0EC4A1D1E5644075FE22F9AAED3D207157843E5162532464ED272B9A927A8D2B1836FC675EAF03018584118824F6CC53F451787FA2F1C5D4BCF75490E16F9309F96AA7FB48D140A055F17DD377B006F16BCCBE58F0517E58A3FEBA88F0E8BBA4BB9E6A166C2C7655291049963B29DF565A1B79D9679479116ACCF07407BB6831662648F89ADBA58616DAA7D1174698FA99B05D14907E3D8A488EE1624F068E39868372E8E1B2DBAC456843FBFE29836FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC79338EDD5E5BE2F6E667658C60D0AFE7CF7B4C0E688A19B6D9B9BC96BDC9807040A0C1BEEC62F3CD357F42DA5DEB440C6E6B64D0D72B5407552A43F45D04AFE588377385540000502BCB58A27E6B42BE848444664172D7CE7606740A3BDEDD36B347CD91345BE0345AD47615CF4A53224E38B98B16AC5A8A6B6039374F9870D506A4751029C048063D4E2147B08894FB983D44DD1CAB8856F78F30C5E1F53D5C5866C60F9F875C7562B010B354AC98B5468A18DF6CC6007773ACA9DE913B12061767D0855B05B35968B82EB6443F66DD4CDF9EF7F1D453D249162C94CE352FB1C1485349F2945D2806E49B125A4B7627B7BC74F0EEB68BF5796EF057E1B047E36CE9C79952175A8104F9AB6B47E2B7E4A46569F777CA228C169B6501E18003C5BFF4D715B6EF1EA3C001E4CB0E998C13C5E4032074F9856C4648AACC3E7C7DA078D360C0B3861375ABC5832188894ACFE108F7DF23AB1A0BC56196D838FEC8E666B6F50330C6157FCBD7F73DDF4D3B5BD2DEB692934DB6836499B329E5E5672A6E10DDABE69FF66E398CE45315879D9D87BFDFF42B52279484673F25319451A4089693E865857C92A27BA1007CDC231F01C245AAA2AFA7A19E85A89756F0F2B03F4545CF90EF5EE147003A3D3DF3718E564672B8075EEDB03C701831E866AC4E35DC55D89D5A4BF37D3A6E6FD37AA3BBB1E9A38B38DC206DFDEB6584CDE2D1221E5FD9E018456107308F305A0E22479FD11447706BABD8A696FC1E88BF5AABF342931EA65EB238FA5928A927929E5D52096E831829D128CE4EEE8599CB42F42F7C06A0CF232C58558C6E3464D629DC123C64B01CCED8107D7F4F8FF7D2955EE3BF041365ED3BBEBF6F94DF0326FC30C067A75B750DCD88ED98EF66440C538A460EA25DD19871DB05398DEF58235C3564972FC3026841FA7D1FE66609817D14AE803819665261949838915D9D408BBDA76FB05E0539CB48B0A80FA2AE0F9B0597C35F94D81E23438C4E1DD17044D20FD6252D5324AC04C32D6086DF" "OODEFRAG14.00.00.01PROFESSIONAL"="1F20F5E68E0D39D685606112E405D0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A2D97226D213B55527D2CC72F26A65268F44B2D247F00C27A6BE554B01957FA23B4F9B716F2B81AD08CBE800CBDD0DB610CB21B30F9DB00E7D79487E6ACD69BF1BAA2D86C04B9CB75E50A0F5343F12BF77AEC12045470D447DEFD6E98564ED6FA0F8BD12D047E08E749EDCBB1DDC26CCC299B654DA385CBAF4D97DBE62C36EA80A9F41D8F0C67BCC9A672CC7BABBDDBDF229469C84F23D36B6E2583E5707B43519F44F333AA27B6224CF3C298592B3C40CEF5A5CBBABB1CD96292C417E82E8B29546250E07E9D511E8F0E48138CB046B95F280093D4B20716FBFDEB2B63A1E924952A0E8766062EF45D71D83D408118D9E2D6BAE0BECD3DE9DAE7C12A0E8441B834EC6D76BFADE691705037B1F9B7F5AB68D6FE9E96279AC84EF32F024FAB5E417E140830E64EA3DC26ED6C41E8C59D57273876DE2B0A3C188F2D479E9912CDED9A85728C77B0BFC327CFCD11F960DD76A37527FC10FC9DD931B5A646104C7CAA5347D96C9D3A590CC8B0027B1AA690B3CA290FA1A6A470F143FDD02BCDA8B3E5C86C4B285328AB1866D8B5E2AEA25EF0772A7CD40E2D73B7A299DB570D2DE22DC98E6F33392686F50E7F0A32030DA5BEFD923794C4E209BBD197DF5B7DD0DB690573FE84E23D32C2233A4BAF08306F320FD30159CB3A43CD5C283CF12A2C58AE0214DAE94454621787C4076BC278936447A9FCAD25051FD42CB5BE0BE799C853C4A34FB0A109956D2E47F41E58CA9700CDBE85952947496825053DC47F088E0161BBD17F54F10AA3480C498955D8F472D24A592C4253F0D9E5E5E8BF248E5AAE4D055DE63004DD2A359140D3973CA33DFCA93DB97DB493F1E7914C7D0F772C323990AC1A0565B53AF6C17457EDECA7FE03714B1FC420D5E9018AF80B3A852E24E1B10454236240AE52A99F75C63654C71CAAD20681BE7EE07A60E3931370E11EB6CC0001E3CF9A2D8F70EF409F6D30CD4D40B4A945A1D481603340BA3340F2D7F99151E51371020A2AF071C80483409D31DF7E5FCA8D298D880479D29E7A66896222FE238A7005BDC1DBF6383B3875CBC5C673F646193E06B661433A3C887C7BD7BD11FF746447EA881135497CEB2F6DEC070324F184E7571EE071EB907C7A6088C663E77FB4007A992048A8260019C0F6D4B32868DD3FE0EC936455483E4B18CB1F6B96168B54806F83639D0631DE4A677D645963DDAF96D995624A3D1BD6AE5BBB523A5DDCEE9EAD0F1A55588993B0169938652D100B83C76C2CA19BD94A7B2EC741EF6E19666872D26A621B2EC618041A9234E2CBE5EAB6B7A5BE9C31291957E2BE4CBB0FD0B0F" . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe . ************************************************************************** . Completion time: 2011-09-06 14:38:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-06 12:37 ComboFix2.txt 2009-02-01 12:30 . Pre-Run: 2 563 665 920 bájt szabad Post-Run: 4 292 218 880 bájt szabad . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /nopae /fastdetect /bootlogo /noguiboot /noexecute=optin multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP extended" /noexecute=alwaysoff /nopae /fastdetect /bootlogo /noguiboot . - - End Of File - - 5B0D64843EA71166AFCA1DE1CB9654A7 |
Szerző: | stell [ hétf. szept. 05, 2011 21:44 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia Igen, biztosan tudok segiteni, de ma mar eleg oreg az ido, ezrt, megcsinalod igy ahogy leirom, es holnap, megnezem, es megcsinaljuk a pc-t. 1:ha nem engedi futtatnia hijackot, akkor biztos hogy virus, Rootkit, van a gepen, csinald igy, 2:Lemegy csokkentet modba a halozattal, 1: Indítsa újra a számítógépet csökkentett módban hálózattal. a:) Nyomja meg az F8 és tartsa lenyomva. b:) Meg kell nyomni az F8 billentyűt, mielőtt a Windows logó megjelenik. c:) Ha a Windows logó megjelenik, akkor próbálja meg ismét az F8 újra. d:) A képernyőn a nyíl gombokat a kívánt beállítás csökkentett módban, majd nyomja le az ENTER billentyűt. 3:Letoltod az RogueKillert az asztalra, es futtatod az 2,3,4 lehetoseget, ugy ahogy le van trva, a naplokat tedd ide http://www.virus-stell.com/p/ingyenes-h ... ogueKiller 4:Most nem szabad restartolni a gepet, de rogton futtatod a Malwarebytes programot, teljes vizsgalat,a talaltakot torlod anaplot tedd ide http://www.virus-stell.com/2010/04/malw ... lware.html 5:Futtatod a swmbr, a naplot tedd ide. http://www.virus-stell.com/p/ingyenes-h ... tml#aswmbr 6:Futtatod a combofixet a naplot tedd ide. http://www.virus-stell.com/2010/04/combofix.html Holnap folytassuk. |
Szerző: | tomee005 [ hétf. szept. 05, 2011 21:28 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szia Stell ! Szeretném a segítségedet kérni. Valami vírust szedhettem össze, mert amikor valamilyen weboldalt akarok megnyitni mindig reklám oldal jön be helyette. Akartam neked egyből egy Hijackthis logot küldeni, de a programhoz valami nem enged hozzáférni. Tudsz nekem segíteni ? Válaszodat előre is köszönöm ! Tomi |
Szerző: | stell [ pén. aug. 26, 2011 17:27 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Nincsen mit udv |
Szerző: | patrik [ pén. aug. 26, 2011 17:18 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
az avira a fájlt karanténba zárta. a tűzfalat telepítettem. semmi rosszat nem tapasztalok mindent nagyon köszönök stell, nagyon hálás vagyok a segítségedért |
Szerző: | stell [ pén. aug. 26, 2011 11:12 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Idézet: D:\letöltések\Jetico.Personal.Firewall.v2.0.0.35-EDGE-gospel tuttisarok.mlap.hu.rar Ha annak nezte akkor biztos valami crackolt, de hat nezd meg ott ahol irja, tehat a D:>>>meghajton, es az lletöltések >>Mappaban, ha nincsen ott akkor karantenba zarta, vagy torolte, ha ott van Torold, D:\letöltések\Jetico.Personal.Firewall Ok most mar renben van a gep, mar csak tuzfalat telepisc, az PCTOOLS ingyenes tuzfalat, es kesz. Ha minden jo akkor vegeztunk Meg telepitsd le a geprol a combofixet, |
Szerző: | patrik [ pén. aug. 26, 2011 9:08 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
az avira talált egy ilyen fájlt: D:\letöltések\Jetico.Personal.Firewall.v2.0.0.35-EDGE-gospel tuttisarok.mlap.hu.rar ,ami szerinte trójai,de én hiába keresem nem találom ezért nem tudom törölni. hogy szabaduljak meg tőle? a log: ComboFix 11-08-25.05 - Buci 011.08.26. 10:27:06.5.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.375 [GMT 2:00] Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . FILE :: "c:\windows\Tasks\MP Scheduled Scan.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Microsoft Security Client c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.cat c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.inf c:\program files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.cat c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.inf c:\program files\Microsoft Security Client\Antimalware\Drivers\mpnwmon\mpnwmon.sys c:\program files\Microsoft Security Client\Antimalware\EN-US\MpAsDesc.dll.mui c:\program files\Microsoft Security Client\Antimalware\EN-US\mpevmsg.dll.mui c:\program files\Microsoft Security Client\Antimalware\MpAsDesc.dll c:\program files\Microsoft Security Client\Antimalware\MpClient.dll c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe c:\program files\Microsoft Security Client\Antimalware\MpCommu.dll c:\program files\Microsoft Security Client\Antimalware\MpEvMsg.dll c:\program files\Microsoft Security Client\Antimalware\MpOAv.dll c:\program files\Microsoft Security Client\Antimalware\MpRTP.dll c:\program files\Microsoft Security Client\Antimalware\MpSvc.dll c:\program files\Microsoft Security Client\Antimalware\MsMpCom.dll c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Microsoft Security Client\Antimalware\MsMpLics.dll c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab c:\program files\Microsoft Security Client\Backup\en-us\epploc_x86.msi c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf c:\program files\Microsoft Security Client\Backup\en-us\setupres.dll.mui c:\program files\Microsoft Security Client\Backup\eppmanifest.dll c:\program files\Microsoft Security Client\Backup\hu-hu\amhelp.chm c:\program files\Microsoft Security Client\Backup\hu-hu\epploc.cab c:\program files\Microsoft Security Client\Backup\hu-hu\epploc_x86.msi c:\program files\Microsoft Security Client\Backup\hu-hu\eula.rtf c:\program files\Microsoft Security Client\Backup\hu-hu\setupres.dll.mui c:\program files\Microsoft Security Client\Backup\hu-hu\x86\amloc-hu-hu.msi c:\program files\Microsoft Security Client\Backup\setupres.dll c:\program files\Microsoft Security Client\Backup\x86\dw20shared.msi c:\program files\Microsoft Security Client\Backup\x86\epp.msi c:\program files\Microsoft Security Client\Backup\x86\legitlib.dll c:\program files\Microsoft Security Client\Backup\x86\mp_ambits.msi c:\program files\Microsoft Security Client\Backup\x86\setup.exe c:\program files\Microsoft Security Client\Backup\x86\sqmapi.dll c:\program files\Microsoft Security Client\Backup\x86\windows6.0-kb981889-v2.msu c:\program files\Microsoft Security Client\Backup\x86\windows6.1-kb981889.msu c:\program files\Microsoft Security Client\CleanUpPolicy.xml c:\program files\Microsoft Security Client\ConfigSecurityPolicy.exe c:\program files\Microsoft Security Client\en-us\amhelp.chm c:\program files\Microsoft Security Client\en-us\eula.rtf c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui c:\program files\Microsoft Security Client\en-us\setupres.dll.mui c:\program files\Microsoft Security Client\en-us\shellext.dll.mui c:\program files\Microsoft Security Client\eppmanifest.dll c:\program files\Microsoft Security Client\HU-HU\amhelp.chm c:\program files\Microsoft Security Client\HU-HU\eula.rtf c:\program files\Microsoft Security Client\HU-HU\MsMpRes.dll.mui c:\program files\Microsoft Security Client\HU-HU\setupres.dll.mui c:\program files\Microsoft Security Client\HU-HU\shellext.dll.mui c:\program files\Microsoft Security Client\LegitLib.dll c:\program files\Microsoft Security Client\MsMpRes.dll c:\program files\Microsoft Security Client\msseces.exe c:\program files\Microsoft Security Client\MsseWat.dll c:\program files\Microsoft Security Client\setup.exe c:\program files\Microsoft Security Client\setupres.dll c:\program files\Microsoft Security Client\shellext.dll c:\program files\Microsoft Security Client\sqmapi.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MsMpSvc -------\Legacy_MsMpSvc -------\Service_MsMpSvc -------\Service_MsMpSvc . . ((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 ))))))))))))))))))))))))))))))) . . 2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData 2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira 2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe 2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL 2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes 2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads 2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint 2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit 2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint 2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro 2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-25 09:36 . 2011-05-08 05:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-26 08:40 . 2011-08-26 08:40 16384 c:\windows\temp\Perflib_Perfdata_544.dat - 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe - 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll + 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll + 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys + 2011-08-25 09:45 . 2011-08-25 09:45 28160 c:\windows\Installer\b8eb1.msi + 2011-08-25 09:18 . 2011-08-25 09:18 49152 c:\windows\Installer\9add10.msi + 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi + 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys + 2011-08-25 09:45 . 2011-08-25 09:45 483840 c:\windows\Installer\b8eaa.msi + 2011-08-25 09:45 . 2011-08-25 09:45 301056 c:\windows\Installer\b8ea4.msi + 2011-08-25 09:16 . 2011-08-25 09:16 785920 c:\windows\Installer\9add07.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2011-04-21 05:53 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.08.24. 10:03 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712] R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ uInternet Connection Wizard,ShellNext = iexplore IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm IE: Crawler Search - tbr:iemenu IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.147.80.30 195.56.172.157 FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu . - - - - ORPHANS REMOVED - - - - . SafeBoot-MsMpSvc MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-26 10:41 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2616) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe . ************************************************************************** . Completion time: 2011-08-26 10:51:13 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-26 08:51 ComboFix2.txt 2011-08-25 15:18 ComboFix3.txt 2011-08-24 17:38 ComboFix4.txt 2011-08-14 09:10 ComboFix5.txt 2011-08-26 08:24 . Pre-Run: 3 907 764 224 bájt szabad Post-Run: 3 834 556 416 bájt szabad . - - End Of File - - 18837003A04069393F329711BE0F9E9C |
Szerző: | stell [ csüt. aug. 25, 2011 16:40 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad tedd ide. Kód: KILLALL:: SecCenter:: {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"=- Folder:: c:\program files\Microsoft Security Client File:: c:\windows\Tasks\MP Scheduled Scan.job |
Szerző: | patrik [ csüt. aug. 25, 2011 16:22 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
ComboFix 11-08-24.06 - Buci 011.08.25. 16:35:51.4.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.348 [GMT 2:00] Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpasbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpasdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpavbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpavdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FAD0E9A-4BF2-488D-8FFB-57705FB06DF9}\mpengine.dll c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavbase.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Quick\{310E3E7A-2E4F-40B0-BBE4-D17F0026CE56} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{319F6466-BCEB-4515-80DE-49BD95CF7E76} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{340F7A93-E9B6-4CF6-845E-7B1F96BECDAD} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{35AD74BB-B895-4EC9-9A66-785E89BE5CCB} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4EE45EC7-CF9E-4911-B10A-456F3C68FCCD} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{6E5F6249-3E59-47D1-8475-00E8782666D9} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7BF3C8E5-3AF3-4553-B874-9E4CC95318D8} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{7C5CB493-34FC-4965-953B-928ABB99B393} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{AC2BE64F-6F4C-46EF-8DB0-87B2FC839AE2} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BD8DD1BB-ABBD-4996-8BC1-29ED25080F04} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{ED1163D8-C6F1-44CE-9189-EB29524B6376} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Detections.log c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\History.Log c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Service\Unknown.Log c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.67 c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.80 c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\mpcache-076E9618DA0F8BF9012A6814F5725B94741EA271.bin.87 c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPDetection-08062011-085616.log c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MPLog-10092010-115752.log c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08102011-152833-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-075444-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-133000-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08112011-140241-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-072636-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-110614-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-143037-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-160126-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-161053-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-171824-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-173330-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-203043-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-215827-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-221657-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-223425-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08122011-225352-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-103459-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-105427-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-121727-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-134434-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-141948-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-150334-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08132011-180142-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-095344-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-100827-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-101217-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-101624-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-103358-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-105014-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-132856-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08142011-172017-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-102750-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-183300-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-184922-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08152011-185614-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08162011-064306-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08212011-181917-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-093830-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-131055-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-192026-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-193251-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08232011-200214-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-093413-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-183701-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-185220-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08242011-220835-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-081418-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-111555-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-111819-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-112349-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-113229-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-114500-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-142305-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-161719-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-162358-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing-08252011-163602-00000003-ffffffff.bin c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support\MpWppTracing.bin c:\documents and settings\Default User\IETldCache c:\documents and settings\Default User\IETldCache\index.dat c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpasbase.vdm c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpasdlta.vdm c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpavbase.vdm c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpavdlta.vdm c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpengine.dll c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpasbase.vdm c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpasdlta.vdm c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpavbase.vdm c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpavdlta.vdm c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpengine.dll c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpasbase.vdm c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpasdlta.vdm c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpavbase.vdm c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpavdlta.vdm c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpengine.dll c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpasbase.vdm c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpasdlta.vdm c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpavbase.vdm c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpavdlta.vdm c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpengine.dll c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpasbase.vdm c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpasdlta.vdm c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpavbase.vdm c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpavdlta.vdm c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpengine.dll c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpasbase.vdm c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpasdlta.vdm c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpavbase.vdm c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpavdlta.vdm c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpengine.dll c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpasbase.vdm c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpavbase.vdm c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpengine.dll c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpasbase.vdm c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpasdlta.vdm c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpavbase.vdm c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpavdlta.vdm c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpengine.dll c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpasbase.vdm c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpasdlta.vdm c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpavbase.vdm c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpavdlta.vdm c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpengine.dll c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpasbase.vdm c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpasdlta.vdm c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpavbase.vdm c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpavdlta.vdm c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpengine.dll c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware . . . . Failed to delete . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_GUPDATE -------\Legacy_MPKSL0C29A34B -------\Legacy_MPKSL15DEFB2B -------\Legacy_MPKSL19FD8693 -------\Legacy_MPKSL2E809B33 -------\Legacy_MPKSL37B02D4C -------\Legacy_MPKSL3F652946 -------\Legacy_MPKSL480D34F2 -------\Legacy_MPKSL5D15A75E -------\Legacy_MPKSL6F5D6229 -------\Legacy_MPKSL889ABABC -------\Legacy_MPKSL8ACB86C7 -------\Legacy_MPKSL8F16CB61 -------\Legacy_MPKSL916D6E3C -------\Legacy_MPKSL967D1F4C -------\Legacy_MPKSL9D929B10 -------\Legacy_MPKSLCC13E5ED -------\Legacy_MPKSLD7EE844B -------\Legacy_MPKSLE565BB83 -------\Legacy_MPKSLE66E30F7 -------\Legacy_MPKSLEDAB6BA5 -------\Legacy_MPKSLF3EDB394 -------\Legacy_MPKSLF80A10CA -------\Service_gupdate -------\Service_gupdatem -------\Service_MpKsl0c29a34b -------\Service_MpKsl15defb2b -------\Service_MpKsl19fd8693 -------\Service_MpKsl2e809b33 -------\Service_MpKsl37b02d4c -------\Service_MpKsl3f652946 -------\Service_MpKsl480d34f2 -------\Service_MpKsl5d15a75e -------\Service_MpKsl6f5d6229 -------\Service_MpKsl889ababc -------\Service_MpKsl8acb86c7 -------\Service_MpKsl8f16cb61 -------\Service_MpKsl916d6e3c -------\Service_MpKsl967d1f4c -------\Service_MpKsl9d929b10 -------\Service_MpKslcc13e5ed -------\Service_MpKsld7ee844b -------\Service_MpKsle565bb83 -------\Service_MpKsle66e30f7 -------\Service_MpKsledab6ba5 -------\Service_MpKslf3edb394 -------\Service_MpKslf80a10ca . . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData 2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira 2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe 2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL 2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes 2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads 2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint 2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit 2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint 2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro 2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-25 09:36 . 2011-05-08 05:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-25 15:05 . 2011-08-25 15:05 16384 c:\windows\temp\Perflib_Perfdata_590.dat - 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe - 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll + 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll + 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys + 2011-08-25 09:45 . 2011-08-25 09:45 28160 c:\windows\Installer\b8eb1.msi + 2011-08-25 09:18 . 2011-08-25 09:18 49152 c:\windows\Installer\9add10.msi + 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi + 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-04-18 11:18 . 2011-04-18 11:18 165648 c:\windows\system32\drivers\MpFilter.sys + 2011-08-25 09:45 . 2011-08-25 09:45 483840 c:\windows\Installer\b8eaa.msi + 2011-08-25 09:45 . 2011-08-25 09:45 301056 c:\windows\Installer\b8ea4.msi + 2011-08-25 09:16 . 2011-08-25 09:16 785920 c:\windows\Installer\9add07.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= . R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712] R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925] . Contents of the 'Scheduled Tasks' folder . 2011-08-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ uInternet Connection Wizard,ShellNext = iexplore IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm IE: Crawler Search - tbr:iemenu IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.147.80.30 195.56.172.157 FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-25 17:06 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4036) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe . ************************************************************************** . Completion time: 2011-08-25 17:18:11 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-25 15:18 ComboFix2.txt 2011-08-24 17:38 ComboFix3.txt 2011-08-14 09:10 ComboFix4.txt 2011-08-12 15:12 . Pre-Run: 4 016 627 712 bájt szabad Post-Run: 3 873 955 840 bájt szabad . - - End Of File - - 475AA49F0F58C24263A96E6ADF478E0F |
Szerző: | stell [ csüt. aug. 25, 2011 14:14 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Igen mert ez csak tele szemeteli a gepet, es a combofix scriptbe bele raktam hogy torolje le a combofix, tehat futtasd a combofixet a scriptel ahogy leirtam. a logot tedd ide |
Szerző: | patrik [ csüt. aug. 25, 2011 13:38 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
stell , nem tudom hogy hogyan vagy miért, de a microsoft security essentials újraéledt és megint működik. biztosan töröljem? |
Szerző: | stell [ csüt. aug. 25, 2011 10:44 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
igen,, |
Szerző: | patrik [ csüt. aug. 25, 2011 10:42 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a combofix nem fut le, csináljam csökkentett módban |
Szerző: | stell [ szer. aug. 24, 2011 19:49 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. Kód: KILLALL:: SecCenter:: {BCF43643-A118-4432-AEDE-D861FCBCFCDF} Folder:: c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures c:\documents and settings\Default User\IETldCache c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E01734B6-F72D-4B0E-8053-28FA89CFD579} c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware Driver:: MpKsl0c29a34b MpKsl15defb2b MpKsl19fd8693 MpKsl2e809b33 MpKsl37b02d4c MpKsl3f652946 MpKsl480d34f2 MpKsl5d15a75e MpKsl6f5d6229 MpKsl889ababc MpKsl8acb86c7 MpKsl8f16cb61 MpKsl916d6e3c MpKsl967d1f4c MpKsl9d929b10 MpKslcc13e5ed MpKsld7ee844b MpKsle565bb83 MpKsle66e30f7 MpKsledab6ba5 MpKslf3edb394 MpKslf80a10ca gupdate gupdatem |
Szerző: | patrik [ szer. aug. 24, 2011 18:43 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a zone alarmot leszedtem ComboFix 11-08-24.03 - Buci 011.08.24. 19:16:03.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.328 [GMT 2:00] Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . . ((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 ))))))))))))))))))))))))))))))) . . 2011-08-24 11:59 . 2011-08-24 11:59 -------- d-----w- c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures 2011-08-24 09:37 . 2011-08-24 09:37 -------- d-----w- c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures 2011-08-24 08:34 . 2011-08-24 10:39 -------- d-----w- c:\windows\system32\NtmsData 2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\documents and settings\Buci\Application Data\Avira 2011-08-24 08:03 . 2011-07-20 09:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-24 08:03 . 2011-07-20 09:30 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-24 08:03 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-08-24 08:03 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\program files\Avira 2011-08-24 08:03 . 2011-08-24 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-08-24 07:45 . 2011-08-24 07:58 59120008 ----a-w- C:\avira_antivir_personal_en.exe 2011-08-23 19:17 . 2011-08-23 19:17 -------- d-----w- c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures 2011-08-23 18:13 . 2011-08-23 18:14 -------- d-----w- c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures 2011-08-23 18:00 . 2011-08-23 18:00 -------- d-----w- c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures 2011-08-23 17:43 . 2011-08-23 17:43 -------- d-----w- c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures 2011-08-23 17:40 . 2011-08-23 17:40 -------- d-----w- c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures 2011-08-23 17:36 . 2011-08-23 17:37 -------- d-----w- c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures 2011-08-23 17:31 . 2011-08-23 17:31 -------- d-----w- c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures 2011-08-23 11:11 . 2011-08-23 11:11 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-08-23 11:10 . 2011-08-23 11:10 -------- d-----w- c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures 2011-08-23 07:51 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E01734B6-F72D-4B0E-8053-28FA89CFD579}\mpengine.dll 2011-08-15 16:49 . 2011-08-15 16:49 -------- d-----w- C:\_OTL 2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes 2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads 2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint 2011-08-09 21:15 . 2011-08-24 16:51 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit 2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-08-09 21:01 . 2011-08-24 16:52 -------- d-----w- c:\program files\CheckPoint 2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro 2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-14 11:32 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-12 02:44 . 2010-11-06 15:56 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-06-28 12:04 . 2011-05-08 05:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-24 16:53 . 2011-08-24 16:53 16384 c:\windows\Temp\Perflib_Perfdata_678.dat - 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe + 2008-10-22 09:47 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe - 2011-01-28 21:10 . 2010-02-22 14:27 18296 c:\windows\system32\spmsg.dll + 2011-01-28 21:10 . 2010-07-05 13:19 18296 c:\windows\system32\spmsg.dll + 2011-08-24 08:03 . 2010-06-17 13:27 28520 c:\windows\system32\drivers\ssmdrv.sys + 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi + 2011-08-14 11:32 . 2011-08-14 11:32 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-14 11:32 . 2011-08-14 11:32 328864 c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-08-24 11:57 . 2011-08-24 11:57 301056 c:\windows\Installer\eff846.msi + 2011-08-23 11:10 . 2011-08-12 02:44 7152464 c:\windows\TempF7B47891-3521-212E-BCCB-48D65ED247DD-Signatures\mpengine.dll + 2011-08-23 17:36 . 2011-08-12 02:44 7152464 c:\windows\TempE7AB819A-80D2-A4C7-3535-06C628A921FE-Signatures\mpengine.dll + 2011-08-23 18:00 . 2011-08-12 02:44 7152464 c:\windows\TempC98DC43A-1287-7204-AD9A-AE17FE841BAE-Signatures\mpengine.dll + 2011-08-23 17:43 . 2011-08-12 02:44 7152464 c:\windows\TempC263F84E-1A82-4361-806C-744FE35E2C12-Signatures\mpengine.dll + 2011-08-24 11:59 . 2011-08-12 02:44 7152464 c:\windows\TempB8331A47-C414-DA74-E851-B1B36C22842B-Signatures\mpengine.dll + 2011-08-24 09:37 . 2011-08-12 02:44 7152464 c:\windows\Temp76E3B201-9DBD-9B6E-E0CE-83EAB7BC53B3-Signatures\mpengine.dll + 2011-08-23 19:17 . 2011-08-12 02:44 7152464 c:\windows\Temp5C2E5488-E916-0D22-1D39-17AF43D6027B-Signatures\mpengine.dll + 2011-08-23 17:31 . 2011-08-12 02:44 7152464 c:\windows\Temp5B476C4E-9DBC-E8D2-E173-5F500903470E-Signatures\mpengine.dll + 2011-08-23 18:13 . 2011-08-12 02:44 7152464 c:\windows\Temp43FA2F2F-F199-F960-73C8-30BCB2741E15-Signatures\mpengine.dll + 2011-08-23 17:40 . 2011-08-12 02:44 7152464 c:\windows\Temp1D2F912C-DD6B-A657-595C-033B993406E3-Signatures\mpengine.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011.08.24. 10:03 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712] R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925] S1 MpKsl0c29a34b;MpKsl0c29a34b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys [?] S1 MpKsl15defb2b;MpKsl15defb2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys [?] S1 MpKsl19fd8693;MpKsl19fd8693;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys [?] S1 MpKsl2e809b33;MpKsl2e809b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys [?] S1 MpKsl37b02d4c;MpKsl37b02d4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys [?] S1 MpKsl3f652946;MpKsl3f652946;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys [?] S1 MpKsl480d34f2;MpKsl480d34f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys [?] S1 MpKsl5d15a75e;MpKsl5d15a75e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys [?] S1 MpKsl6f5d6229;MpKsl6f5d6229;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys [?] S1 MpKsl889ababc;MpKsl889ababc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys [?] S1 MpKsl8acb86c7;MpKsl8acb86c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys [?] S1 MpKsl8f16cb61;MpKsl8f16cb61;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys [?] S1 MpKsl916d6e3c;MpKsl916d6e3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0C84B86-0F88-4063-A552-1AB41F72F112}\MpKsl916d6e3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0C84B86-0F88-4063-A552-1AB41F72F112}\MpKsl916d6e3c.sys [?] S1 MpKsl967d1f4c;MpKsl967d1f4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys [?] S1 MpKsl9d929b10;MpKsl9d929b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys [?] S1 MpKslcc13e5ed;MpKslcc13e5ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys [?] S1 MpKsld7ee844b;MpKsld7ee844b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys [?] S1 MpKsle565bb83;MpKsle565bb83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys [?] S1 MpKsle66e30f7;MpKsle66e30f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys [?] S1 MpKsledab6ba5;MpKsledab6ba5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys [?] S1 MpKslf3edb394;MpKslf3edb394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys [?] S1 MpKslf80a10ca;MpKslf80a10ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys [?] S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MSMPSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ uInternet Connection Wizard,ShellNext = iexplore IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm IE: Crawler Search - tbr:iemenu IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.147.80.30 195.56.172.157 FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-24 19:32 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1792) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-24 19:38:39 ComboFix-quarantined-files.txt 2011-08-24 17:38 ComboFix2.txt 2011-08-14 09:10 ComboFix3.txt 2011-08-12 15:12 . Pre-Run: 4 180 860 928 bájt szabad Post-Run: 4 260 429 824 bájt szabad . - - End Of File - - 82C8B518D22814BE02D5B6BCA575E6A0 A firefox most működik |
Szerző: | stell [ szer. aug. 24, 2011 13:51 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Szed le ezt a ZoneAlarm tuzfalat is, es tedd ide a combofix logjat http://www.virus-stell.com/2010/04/combofix.html |
Szerző: | patrik [ szer. aug. 24, 2011 12:49 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a gépem hihetetlenül lassú lett, a security essentialst pedig 1 hiba miatt nem engedi eltávolítani |
Szerző: | stell [ szer. aug. 24, 2011 7:38 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
:1>>security essentials<<szed le a geprol, es rakd fel az FREEE AVIRAT. Avira AntiVir Personal - Free Antivirus http://www.avira.com/en/avira-free-antivirus 2:Windows Tuzfal ot van a ZoneAlarm, ezert a Windows tuzfalat nem kell kapcsolgatni se ki se be, ,ugy se er semmit se. Kiprobalni. |
Szerző: | patrik [ kedd aug. 23, 2011 19:32 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
bekapcsoltam a gépem és eldobtam az agyam a microsoft security essentials egyszerűen nem indul el egyszer sikerült megnyitnom és és azt írta hogy nem eredeti a program, pedig biztos az a frissítéseket pedig nem engedi valami telepíteni http://kepfeltoltes.hu/view/110823/4825 ... es.hu_.jpg a windows tűzfalat pedig minden indításkor újra be kell kapcsolnom pedig azt írja be van kapcsolva az MBAM pedig semmi vírust nem talált most mit tegyek ? |
Szerző: | integral [ kedd aug. 23, 2011 9:00 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Sziasztok! Nem találtam igazán témába vágó topikot (mert nem vírusról van szó szerintem) ezért ide írok. Szóval van egy freeweb.hu-s oldalam. És ott ha ftp-vel csatlakozom olyan fájlok vannak, amiket nme én töltöttem fel. ilyenek (171 Byte mindegyik): AnthonyMoore43.html CarlBrown40.html stb a html file ezt tartalmazza: <meta http-equiv="Refresh" content="0; URL=http://7daily-job.net/finance-news7/"><html><script>parent.location.href='http://7daily-job.net/finance-news7/'</script></html> Hogy kerülhettek ezek a fájlok a tárhelyemre? Mindenesetre most letörlöm ezeket. |
Szerző: | patrik [ hétf. aug. 15, 2011 18:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
All processes killed ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully. C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully. HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ not found. C:\Program Files\Mozilla Firefox\searchplugins\bluu.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found. File C:\Program Files\Crawler\Toolbar\ctbr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully. File C:\Program Files\Crawler\Toolbar\ctbr.dll not found. Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found. File C:\Program Files\Crawler\Toolbar\ctbr.dll not found. Registry value HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found. File C:\Program Files\Crawler\Toolbar\ctbr.dll not found. C:\WINDOWS\002576_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\SET3A.tmp deleted successfully. C:\WINDOWS\System32\SET3F.tmp deleted successfully. C:\WINDOWS\tasks\MpIdleTask.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully. C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe moved successfully. C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt moved successfully. File C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Buci ->Temp folder emptied: 5649702 bytes ->Temporary Internet Files folder emptied: 38846094 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49589672 bytes ->Flash cache emptied: 848 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 2026072 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 3273692 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7234579 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 102,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.26.4 log created on 08152011_184902 Files\Folders moved on Reboot... C:\Documents and Settings\Buci\Local Settings\Temp\~DFFB3D.tmp moved successfully. File\Folder C:\WINDOWS\temp\ZLT06bca.TMP not found! Registry entries deleted on Reboot... ------------------ a gép jónak tünik de sajnos a firefox még mindig nem működik . ha törölném és újra letölteném az megoldaná? elfelejtettem mondani hogy 16-án nyáritáborba kell mennem, de addig amíg ott vagyok nem fog senki se a géphez nyúlni. csak jövőhét hétfőn fogok hazaérkezni minden segítséget nagyon szépen köszönök |
Szerző: | stell [ hétf. aug. 15, 2011 11:58 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Futtasd ujbol az OTL programot, az ablakjaba masold be a textet, es most vigyaz.Most benyomod a RunFix gombot, a logot a restart utan tedd ide, es probald ki a gepet es ird le mi a helyzet. Kód: :OTL IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.11.06 18:27:21 | 000,000,000 | ---D | M] [2011.05.08 07:53:33 | 000,002,933 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bluu.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2011.08.15 10:44:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.15 10:44:14 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.01.30 11:56:29 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe [2011.07.30 12:25:21 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt [2011.07.30 12:25:21 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt :reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] "" =- :Commands [emptytemp] [clearallrestorepoints] [start explorer] [Reboot] |
Szerző: | patrik [ hétf. aug. 15, 2011 11:09 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
< MD5 for: SVCHOST.EXE > [2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008.04.14 18:02:30 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=05194D8A92CF7E559C1A38FC134C966A -- C:\WINDOWS\system32\svchost.exe [2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe < MD5 for: TCPIP.SYS > [2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: USERINIT.EXE > [2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 18:02:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B0DDDFC8361952B956EF9475244F40BD -- C:\WINDOWS\system32\userinit.exe [2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 18:02:32 | 000,509,952 | ---- | M] (Microsoft Corporation) MD5=15D1D956D9F01E51E6623EDB31EA43B6 -- C:\WINDOWS\system32\winlogon.exe [2004.08.18 14:00:00 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe < MD5 for: WS2_32.DLL > [2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll [2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll [2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll [2008.04.14 18:02:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=EA551E1AB5BA99DA3397517BDD278E94 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.04.14 21:09:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.04.14 21:09:14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.04.14 21:09:14 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs < %systemroot%\system32\drivers\*.sys /3 > < %systemroot%\system32\*.* /3 > [2011.08.14 13:32:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [2011.08.12 16:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Files - Unicode (All) ========== [2011.07.30 12:25:21 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt [2011.07.30 12:25:21 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Buci\Asztal\«•»P?T?IK?SZ«•».txt) -- C:\Documents and Settings\Buci\Asztal\«•»PΛTЯIKΘSZ«•».txt < End of report > |
Szerző: | patrik [ hétf. aug. 15, 2011 11:07 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
otl.txt OTL logfile created on: 2011.08.15. 10:40:18 - Run 1 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buci\Asztal Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 511,49 Mb Total Physical Memory | 224,91 Mb Available Physical Memory | 43,97% Memory free 1,97 Gb Paging File | 1,45 Gb Available in Paging File | 73,47% Paging File free Paging file location(s): D:\pagefile.sys 1536 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 5,53 Gb Free Space | 37,79% Space Free | Partition Type: NTFS Drive D: | 59,87 Gb Total Space | 56,98 Gb Free Space | 95,17% Space Free | Partition Type: NTFS Computer Name: SZAMITOGEP | User Name: Buci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe PRC - [2011.07.08 07:55:36 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011.06.16 18:20:10 | 000,071,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.05.30 13:39:00 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe ========== Modules (No Company Name) ========== MOD - [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.07.08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.16 18:22:36 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011.05.30 13:39:02 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009.04.14 20:41:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) ========== Driver Services (SafeList) ========== DRV - [2011.08.15 10:28:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C86A340E-4B72-423C-AA5E-0FF24943D492}\MpKsl3ed45888.sys -- (MpKsl3ed45888) DRV - [2011.07.08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.16 18:20:10 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant) DRV - [2011.05.30 13:38:54 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2004.08.17 16:19:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.05.06 05:15:18 | 000,020,156 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv) DRV - [2001.08.17 22:13:12 | 000,016,925 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w940nd.sys -- (w89c940) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/ IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.11.06 18:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.08.10 10:43:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 14:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 19:16:09 | 000,000,000 | ---D | M] [2009.09.24 11:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions [2009.07.05 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2011.08.11 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions [2011.08.11 13:34:36 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} [2011.08.07 09:19:25 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack [2011.05.08 07:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp [2011.06.23 11:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.16 12:30:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.23 11:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.06.28 14:04:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.08 07:53:33 | 000,002,933 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bluu.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2011.05.01 06:33:28 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011.05.08 07:53:33 | 000,000,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml [2011.05.01 06:33:28 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml [2011.05.08 07:53:33 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml [2011.05.08 07:53:33 | 000,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml [2011.05.08 07:53:33 | 000,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml O1 HOSTS File: ([2011.08.14 10:50:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\ShellBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.147.80.30 195.56.172.157 O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.14 19:24:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com) Drivers32: VIDC.ACDV - ACDV.dll File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com) Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.14 18:44:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011.08.14 17:26:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011.08.12 21:33:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Buci\Recent [2011.08.12 21:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes [2011.08.12 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.12 21:17:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.12 21:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.08.12 21:16:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.12 21:08:13 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe [2011.08.12 16:25:02 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011.08.12 16:20:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011.08.12 16:20:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011.08.12 16:20:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011.08.12 16:20:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011.08.12 16:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011.08.12 16:19:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.08.12 14:54:04 | 004,171,976 | R--- | C] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe [2011.08.12 11:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\rsit [2011.08.12 11:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Downloads [2011.08.10 10:54:16 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011.08.10 10:43:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011.08.09 23:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Dokumentumok\ForceField Shared Files [2011.08.09 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Application Data\CheckPoint [2011.08.09 23:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011.08.09 23:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\ZoneAlarm_Security_Suite [2011.08.09 23:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Local Settings\Application Data\Conduit [2011.08.09 23:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security_Suite [2011.08.09 23:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point [2011.08.09 23:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2011.08.09 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2011.08.09 21:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011.08.09 15:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2011.08.09 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner [2011.08.09 15:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2011.08.09 15:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011.08.07 19:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\klánlogo [2011.07.18 20:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011.07.18 17:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat progik [2011.07.18 15:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buci\Asztal\vbs-bat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2011.08.15 10:44:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.15 10:44:14 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.15 10:35:45 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe [2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011.08.15 10:27:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.14 13:32:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.08.14 10:50:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.08.14 10:28:37 | 004,171,976 | R--- | M] (Swearware) -- C:\Documents and Settings\Buci\Asztal\ComboFix.exe [2011.08.14 10:21:07 | 000,555,008 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe [2011.08.12 21:17:23 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.08.12 21:17:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2011.08.12 21:11:15 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Buci\Asztal\mbam-setup.exe [2011.08.12 16:25:11 | 000,000,336 | RHS- | M] () -- C:\boot.ini [2011.08.12 16:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.12 16:09:53 | 000,000,220 | ---- | M] () -- C:\Boot.bak [2011.08.12 11:29:30 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe [2011.08.10 13:49:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.08.09 23:31:11 | 000,411,107 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2011.08.09 23:15:42 | 000,000,139 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT [2011.08.09 20:50:10 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [2011.08.09 15:34:45 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk [2011.07.27 17:36:11 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\Buci\Asztal\Microsoft Office Word 2003.lnk [2011.07.25 17:09:21 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011.07.19 13:55:50 | 000,008,937 | ---- | M] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme [2011.07.19 09:36:26 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.15 10:35:19 | 000,579,584 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\OTL.exe [2011.08.14 10:19:12 | 000,555,008 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RogueKiller.exe [2011.08.12 21:17:23 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Buci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.08.12 21:17:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2011.08.12 16:25:11 | 000,000,220 | ---- | C] () -- C:\Boot.bak [2011.08.12 16:25:05 | 000,260,272 | R-S- | C] () -- C:\cmldr [2011.08.12 16:20:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011.08.12 16:20:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011.08.12 16:20:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011.08.12 16:20:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011.08.12 16:20:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011.08.12 11:26:41 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Buci\Asztal\RSIT.exe [2011.08.09 23:21:10 | 000,411,107 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2011.08.09 15:42:23 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT [2011.08.09 15:34:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\CCleaner.lnk [2011.08.09 15:33:04 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.09 15:33:03 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.07.19 13:55:49 | 000,008,937 | ---- | C] () -- C:\Documents and Settings\Buci\Dokumentumok\Kedvenc téma.Theme [2011.06.28 09:46:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2011.06.22 15:26:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WA.INI [2011.06.19 08:49:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.20 15:51:26 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI [2010.12.14 19:23:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TC.INI [2010.12.14 19:19:58 | 000,246,784 | ---- | C] () -- C:\WINDOWS\UN160407.EXE [2009.07.05 15:23:09 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.06.24 09:43:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.04.22 22:21:29 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Buci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.14 21:46:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.04.14 21:28:06 | 000,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.04.14 21:13:17 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.04.14 21:10:22 | 001,482,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.04.14 20:36:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll [2009.04.14 20:36:55 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2009.04.14 20:36:54 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.04.14 20:36:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.04.14 20:36:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009.04.14 20:09:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.04.14 20:09:32 | 000,004,437 | ---- | C] () -- C:\WINDOWS\mozver.dat [2009.04.14 19:44:25 | 000,003,005 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.04.14 19:34:03 | 000,020,156 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys [2009.04.14 19:28:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.04.14 19:21:13 | 000,021,948 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.18 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.18 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.18 14:00:00 | 000,303,356 | ---- | C] () -- C:\WINDOWS\System32\perfh00E.dat [2004.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.18 14:00:00 | 000,264,338 | ---- | C] () -- C:\WINDOWS\System32\perfi00E.dat [2004.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.18 14:00:00 | 000,057,716 | ---- | C] () -- C:\WINDOWS\System32\perfc00E.dat [2004.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.18 14:00:00 | 000,043,990 | ---- | C] () -- C:\WINDOWS\System32\perfd00E.dat [2004.08.18 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.18 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.18 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.18 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems [2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation [2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint [2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON [2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn [2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions [2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer [2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire [2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP [2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy [2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth [2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace [2011.08.15 10:33:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011.08.15 11:09:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job ========== Purity Check ========== ========== Custom Scans ========== < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s > "ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 18:02:12 | 000,015,360 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] "" = < c:\windows\*.* /U > [4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ] < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > [2009.04.14 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2011.03.03 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009.10.18 11:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8 [2011.08.09 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2011.08.12 21:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.09.30 08:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2011.02.09 18:21:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2009.04.14 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2011.02.11 18:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011.03.16 12:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.09.30 08:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AcrobatUpdater.exe [2010.09.21 20:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\AdobeARM.exe [2010.09.21 20:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\6128\ReaderUpdater.exe < %APPDATA%\*. > [2009.04.14 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ACD Systems [2011.02.20 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Adobe [2011.03.15 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Blender Foundation [2011.08.09 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\CheckPoint [2009.04.22 22:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\COWON [2010.12.06 22:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Help [2009.04.14 19:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Identities [2010.12.11 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\ImgBurn [2011.02.24 18:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\iSpring Solutions [2009.04.18 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\KompoZer [2011.01.24 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\LimeWire [2009.05.23 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Macromedia [2011.08.12 21:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Malwarebytes [2011.08.09 15:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Media Player Classic [2011.04.22 16:28:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Buci\Application Data\Microsoft [2011.01.15 20:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\mIRC [2009.09.24 11:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Mozilla [2010.12.11 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\MusicIP [2009.04.17 07:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Nero [2011.05.19 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\OpenCandy [2011.01.24 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\pokerth [2009.05.30 13:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Real [2011.01.30 11:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\SendSpace [2011.02.11 14:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\skypePM [2009.07.05 15:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Sun [2009.04.14 20:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Talkback [2009.04.14 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buci\Application Data\Yahoo! < %APPDATA%\*.exe /s > [2009.07.05 15:56:27 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\crashreporter.exe [2009.07.05 15:56:28 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\updater.exe [2009.07.05 15:56:28 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpcshell.exe [2009.07.05 15:56:28 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe [2009.07.05 15:56:28 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpidl.exe [2009.07.05 15:56:28 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe [2009.07.05 15:56:28 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xpt_link.exe [2009.07.05 15:56:29 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe [2009.07.05 15:56:30 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Buci\Application Data\LimeWire\browser\xulrunner\xulrunner.exe [2010.09.01 15:52:56 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe [2011.05.19 17:14:57 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\OpenCandy\OpenCandy_7B3A6BBE1A944741A1FD9613005D549E\LatestDLMgr.exe [2011.01.30 11:56:29 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Buci\Application Data\SendSpace\GamesBar-Silent.rsendspace.asendspace.dl.exe < MD5 for: AGP440.SYS > [2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: AUTOCHK.EXE > [2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\cmdcons\autochk.exe [2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe [2008.04.14 18:02:08 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=73D5C3AA8CD7A8FEDC05A6AD6BCFE684 -- C:\WINDOWS\system32\autochk.exe [2004.08.18 14:00:00 | 000,605,184 | ---- | M] (Microsoft Corporation) MD5=9E8636075B6F0F16C8724E12EC084F2C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe < MD5 for: CDROM.SYS > [2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys < MD5 for: CRYPTSVC.DLL > [2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll [2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll [2008.04.14 18:01:48 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=13CB7FC794D005D60712FDD9F1362235 -- C:\WINDOWS\system32\cryptsvc.dll [2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll < MD5 for: EVENTLOG.DLL > [2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 18:01:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\eventlog.dll [2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.18 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\explorer.exe [2008.04.14 18:02:16 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=AD3A8A9E8914439852A98CE48015E237 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe < MD5 for: HAL.DLL > [2004.08.18 14:00:00 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll [2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll [2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL [2004.08.18 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll < MD5 for: ISAPNP.SYS > [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys [2010.12.30 14:55:16 | 023,900,123 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys [2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys [2008.04.14 17:40:20 | 000,037,504 | ---- | M] (Microsoft Corporation) MD5=3685529CAA2B14C9632E85E265BA293B -- C:\WINDOWS\system32\drivers\isapnp.sys [2004.08.18 14:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys < MD5 for: LSASS.EXE > [2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe [2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ERDNT\cache\lsass.exe [2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe [2008.04.14 18:02:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=21844F6DA13ECE4737D0B7524EDEB6EC -- C:\WINDOWS\system32\lsass.exe < MD5 for: NDIS.SYS > [2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 18:01:56 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:47:21 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=EDA679C0437291C5E283466E91F86F8D -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 18:01:59 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\scecli.dll [2004.08.18 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: SMSS.EXE > [2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe [2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe [2008.04.14 18:02:29 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=A03C3BF7E45ECC9775D3CE653086FAA1 -- C:\WINDOWS\system32\smss.exe [2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE |
Szerző: | patrik [ hétf. aug. 15, 2011 10:56 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
extras.txt OTL Extras logfile created on: 2011.08.15. 10:40:18 - Run 1 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buci\Asztal Windows XP Home Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 511,49 Mb Total Physical Memory | 224,91 Mb Available Physical Memory | 43,97% Memory free 1,97 Gb Paging File | 1,45 Gb Available in Paging File | 73,47% Paging File free Paging file location(s): D:\pagefile.sys 1536 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 5,53 Gb Free Space | 37,79% Space Free | Partition Type: NTFS Drive D: | 59,87 Gb Total Space | 56,98 Gb Free Space | 95,17% Space Free | Partition Type: NTFS Computer Name: SZAMITOGEP | User Name: Buci | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-507921405-1770027372-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B97B645-6C43-4BE7-8E73-4941D8841A29}" = ZoneAlarm Security "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live feltöltőeszköz "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{257A92C3-7E41-4678-9144-6920F4289D0F}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5007F899-36E1-410D-9E82-A62F4A281A57}" = Microsoft Antimalware Service HU-HU Language Pack "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5FA49211-47D3-47C4-9050-684B9972E607}" = ZoneAlarm Firewall "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{642EAFE2-3C9C-42CD-A43D-490DC1249A8A}" = Microsoft Antimalware Service HU-HU Language Pack "{6850DD2F-1DDC-4438-95DC-03CFBC0405FB}" = Adobe Setup "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{733EB793-0840-4D69-97AA-6934FC79DB16}" = Windows Live bejelentkezési segéd "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client HU-HU Language Pack "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99A98C71-A900-44E7-AD98-70E6368FB4D0}" = Windows Live Essentials "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1038-7B44-A94000000001}" = Adobe Reader 9.4.5 - Hungarian "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio "{E66F3AFD-643B-4001-A3B3-35616CCFECEA}" = Adobe Photoshop CS3 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_6ba4f64693cf3ffde4382ffeebd542f" = Adobe Photoshop CS3 "CCleaner" = CCleaner "Cheat Engine 6.0_is1" = Cheat Engine 6.0 "CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard "EVEREST Home Edition_is1" = EVEREST Home Edition v1.51 "FotoMorph" = Digital Photo Software FotoMorph 12.2 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.20 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware 1.51.1.1800 verzió "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 5.0 (x86 hu)" = Mozilla Firefox 5.0 (x86 hu) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero8Lite_is1" = Nero 8 Micro 8.1.1.0 "Totalcmd" = Total Commander (Remove or Repair) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "ZoneAlarm Pro" = ZoneAlarm Pro "ZoneAlarm Toolbar" = ZoneAlarm Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011.08.13. 10:05:43 | Computer Name = SZAMITOGEP | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot, P8 NIL, P9 NIL, P10 NIL. Error - 2011.08.13. 10:09:39 | Computer Name = SZAMITOGEP | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8107.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot, P8 NIL, P9 NIL, P10 NIL. Error - 2011.08.13. 12:03:24 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.14. 3:54:51 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.14. 4:09:11 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.14. 4:55:55 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.14. 7:29:46 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.14. 7:30:51 | Computer Name = SZAMITOGEP | Source = WmiAdapter | ID = 4099 Description = A szolgáltatás megnyitása sikertelen. Error - 2011.08.14. 11:21:05 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2011.08.15. 4:28:26 | Computer Name = SZAMITOGEP | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. [ System Events ] Error - 2011.08.14. 4:51:36 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023 Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2 Error - 2011.08.14. 4:51:37 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%2 Error - 2011.08.14. 7:29:45 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023 Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2 Error - 2011.08.14. 7:29:45 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%2 Error - 2011.08.14. 7:30:53 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7009 Description = Várakozó időkorlát (30000 ms) - a(z) WMI teljesítményadapter szolgáltatás kapcsolódása. Error - 2011.08.14. 7:30:53 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7000 Description = A szolgáltatás (WMI teljesítményadapter) a következő hiba következtében leállt: %%1053 Error - 2011.08.14. 11:21:04 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023 Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2 Error - 2011.08.14. 11:21:04 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%2 Error - 2011.08.15. 4:28:25 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7023 Description = A szolgáltatás (Kiszolgáló) leállt a következő hibával: %%2 Error - 2011.08.15. 4:28:25 | Computer Name = SZAMITOGEP | Source = Service Control Manager | ID = 7001 Description = A(z) Számítógép-tallózó szolgáltatás függ a(z) Kiszolgáló szolgáltatástól, amely a következő hiba miatt nem tudott elindulni: %%2 < End of report > |
Szerző: | stell [ vas. aug. 14, 2011 18:51 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Letolteni az asztalra>OTListIt2>> http://oldtimer.geekstogo.com/OTL.exe -Futatni -bepipazni -Scan all users. -Lop check. -Purity check. -v sekciobaExtra Registry>bepotyozni>Use SafeList -az ablakjaba -customscan/fixes masold be a textet-es klik RUNSCAN -5-10 perc mulva add logot tedd ide -OTL.txt (az asztalon lesz). -exras.txt-a talcan lesz. Kód: netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys autochk.exe /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT |
Szerző: | patrik [ vas. aug. 14, 2011 17:53 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a firefoxal ugyanaz a helyzet, megnyílik de pár másodperc múlva már nem reagál semmire. 5-10 percenként állandóan kapok egy ilyen üzenetet: Malwarebytes' Anti-Malware Hozzáférés sikeresen blokkolásra került potenciálisan rosszindulató webhelyhez: 64.135.77.30 Tipus: kimenő viszont a gépem érezhetően gyorsabb lett |
Szerző: | stell [ vas. aug. 14, 2011 15:39 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
Na mi van??, van e javulas???ird meg, mert kristaj gombom nincsen |
Szerző: | patrik [ vas. aug. 14, 2011 10:25 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a rogue killer logjai RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Buci [Admin rights] Mode: Remove -- Date : 08/14/2011 10:21:28 Bad processes: 0 Registry Entries: 1 [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) HOSTS File: 127.0.0.1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt ----- RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Buci [Admin rights] Mode: HOSTSFix -- Date : 08/14/2011 10:22:10 Bad processes: 0 HOSTS File: 127.0.0.1 localhost Resetted HOSTS: 127.0.0.1 localhost Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt ----- RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Buci [Admin rights] Mode: ProxyFix -- Date : 08/14/2011 10:22:19 Bad processes: 0 Registry Entries: 0 Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ----- RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Buci [Admin rights] Mode: DNSFix -- Date : 08/14/2011 10:22:27 Bad processes: 0 Registry Entries: 0 Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ----- RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html Operating System: Windows XP (5.1.2600 Szervizcsomag 3) 32 bits version Started in : Safe mode with network support User: Buci [Admin rights] Mode: Shortcuts HJfix -- Date : 08/14/2011 10:25:11 Bad processes: 0 File attributes restored: Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 6 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 97 / Fail 0 My documents: Success 6 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 701 / Fail 2 Backup: [NOT FOUND] Drives: [A:] \Device\Floppy0 -- 0x2 --> Skipped [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\HarddiskVolume2 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\CdRom1 -- 0x5 --> Skipped Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt |
Szerző: | patrik [ vas. aug. 14, 2011 10:21 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
a combofix logja ComboFix 11-08-14.02 - Buci 011.08.14. 10:34:03.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.511.282 [GMT 2:00] Running from: c:\documents and settings\Buci\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Buci\Asztal\CFScript.txt.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SP_RSDRV2 . . ((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 ))))))))))))))))))))))))))))))) . . 2011-08-14 08:51 . 2011-08-14 08:51 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl393531fb.sys 2011-08-13 13:10 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\mpengine.dll 2011-08-12 19:17 . 2011-08-12 19:17 -------- d-----w- c:\documents and settings\Buci\Application Data\Malwarebytes 2011-08-12 19:17 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-12 19:16 . 2011-08-12 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-12 19:16 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 19:16 . 2011-08-12 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-12 09:25 . 2011-08-12 09:25 -------- d-----w- c:\documents and settings\Buci\Downloads 2011-08-10 08:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 08:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-09 21:17 . 2011-08-09 21:17 -------- d-----w- c:\documents and settings\Buci\Application Data\CheckPoint 2011-08-09 21:16 . 2011-08-09 21:16 -------- d-----w- c:\program files\Conduit 2011-08-09 21:15 . 2011-08-11 11:50 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\ZoneAlarm_Security_Suite 2011-08-09 21:15 . 2011-08-11 11:50 -------- d-----w- c:\documents and settings\Buci\Local Settings\Application Data\Conduit 2011-08-09 21:15 . 2011-08-09 21:16 -------- d-----w- c:\program files\ZoneAlarm_Security_Suite 2011-08-09 21:01 . 2011-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint 2011-08-09 21:01 . 2011-08-09 21:05 -------- d-----w- c:\program files\CheckPoint 2011-08-09 19:27 . 2011-08-12 09:34 -------- d-----w- c:\program files\trend micro 2011-08-09 13:38 . 2011-08-13 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-08-09 13:33 . 2011-08-09 13:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-08-09 13:32 . 2011-08-09 13:32 -------- d-----w- c:\program files\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-17 09:55 . 2011-05-14 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-13 03:39 . 2010-11-06 15:56 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10 . 2009-04-14 17:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:30 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:30 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:30 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-18 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-06-28 12:04 . 2011-05-08 05:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-12_15.04.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-14 08:51 . 2011-08-14 08:51 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat + 2011-08-13 08:39 . 2011-08-13 08:39 22016 c:\windows\Installer\48bc6.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3ce45c4f-bfff-4988-9a3c-a75c1f491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3CE45C4F-BFFF-4988-9A3C-A75C1F491319}"= "c:\program files\ZoneAlarm_Security_Suite\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-06-16 71824] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-05-30 738944] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . R1 MpKsl393531fb;MpKsl393531fb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl393531fb.sys [2011.08.14. 10:51 28752] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011.05.30. 13:38 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2011.05.30. 13:39 493184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011.08.12. 21:17 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011.08.12. 21:16 22712] R3 w89c940;Winbond W89C940 PCI Ethernet adapter illesztőprogram;c:\windows\system32\drivers\w940nd.sys [2009.04.14. 21:15 16925] S1 MpKsl0c29a34b;MpKsl0c29a34b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{828DFC66-1D78-432E-917D-BD628211CBD2}\MpKsl0c29a34b.sys [?] S1 MpKsl15defb2b;MpKsl15defb2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE86A431-6C69-4F3F-AEFE-35B6F278797A}\MpKsl15defb2b.sys [?] S1 MpKsl19fd8693;MpKsl19fd8693;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4DB3EC4A-C852-4F8F-B289-EF0BAFA284FA}\MpKsl19fd8693.sys [?] S1 MpKsl2e809b33;MpKsl2e809b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B48867F-D46A-4394-9B20-BAE3BD5BB4DB}\MpKsl2e809b33.sys [?] S1 MpKsl37b02d4c;MpKsl37b02d4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFC08C25-520E-4BD7-BB12-A3C3962D07E9}\MpKsl37b02d4c.sys [?] S1 MpKsl3f652946;MpKsl3f652946;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl3f652946.sys [?] S1 MpKsl480d34f2;MpKsl480d34f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E53BB5AD-F951-421C-90A7-90C735C2CEEB}\MpKsl480d34f2.sys [?] S1 MpKsl5d15a75e;MpKsl5d15a75e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FEE356-BE7D-4F93-930A-E18318148F18}\MpKsl5d15a75e.sys [?] S1 MpKsl6f5d6229;MpKsl6f5d6229;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB4ABD46-B3CB-4C03-BAC3-F1502C029CDB}\MpKsl6f5d6229.sys [?] S1 MpKsl889ababc;MpKsl889ababc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsl889ababc.sys [?] S1 MpKsl8acb86c7;MpKsl8acb86c7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl8acb86c7.sys [?] S1 MpKsl8f16cb61;MpKsl8f16cb61;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07383701-C80F-4861-B4B5-08B201A42636}\MpKsl8f16cb61.sys [?] S1 MpKsl967d1f4c;MpKsl967d1f4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69E4F918-467C-4B8B-A3DC-0D1C2184262B}\MpKsl967d1f4c.sys [?] S1 MpKsl9d929b10;MpKsl9d929b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB7236-1F6A-4218-98EF-DE22D418D325}\MpKsl9d929b10.sys [?] S1 MpKslcc13e5ed;MpKslcc13e5ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B42127DA-979D-4782-B5D6-D938B159D65F}\MpKslcc13e5ed.sys [?] S1 MpKsld7ee844b;MpKsld7ee844b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33E059AB-571B-4E45-B7E6-A1E1495D0E2F}\MpKsld7ee844b.sys [?] S1 MpKsle565bb83;MpKsle565bb83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D103C46D-4420-44A8-A5E8-176A70A6B5F3}\MpKsle565bb83.sys [?] S1 MpKsle66e30f7;MpKsle66e30f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A5A050A-63F3-4D46-BA5A-DEBD984CA5D9}\MpKsle66e30f7.sys [?] S1 MpKsledab6ba5;MpKsledab6ba5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBB53815-0B13-432B-A6AD-2AEC39BD595F}\MpKsledab6ba5.sys [?] S1 MpKslf3edb394;MpKslf3edb394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72673709-5B85-476C-B0F0-46F43E5CA58A}\MpKslf3edb394.sys [?] S1 MpKslf80a10ca;MpKslf80a10ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D4675B4-F95A-4C65-8D74-215C84FD4C92}\MpKslf80a10ca.sys [?] S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.08.09. 15:32 136176] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL393531FB . Contents of the 'Scheduled Tasks' folder . 2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-09 13:32] . 2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-09 13:32] . 2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . 2011-08-14 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Download All using 4shared Desktop - d:\letöltések\Új mappa\4shared Desktop\down_all.htm IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.147.80.30 195.56.172.157 FF - ProfilePath - c:\documents and settings\Buci\Application Data\Mozilla\Firefox\Profiles\6duokbw8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=hu . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-14 10:52 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(496) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(552) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(3272) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************** . Completion time: 2011-08-14 11:10:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-14 09:09 ComboFix2.txt 2011-08-12 15:12 . Pre-Run: 5 973 786 624 bájt szabad Post-Run: 5 921 320 960 bájt szabad . - - End Of File - - 5AD1668C5D41C03C30C29CABEF475E56 |
Szerző: | stell [ szomb. aug. 13, 2011 17:23 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
1: Indítsa újra a számítógépet Csökkentett mód hálózattal. a:) Ha indul a számítógép, nyomja meg az F8 és tartsa lenyomva. b:) Meg kell nyomni az F8 hamarabb mint a Windows logó megjelenik. c:) Ha megjelenik a Windows logó, akkor Indítsa újra a számítógépet, és ismételje meg az F8 újra. d:) A képernyőn a nyílbillentyűkkel jelölje ki a kívánt opciót Csökkentett mód hálózattal , majd nyomja le az ENTER billentyűt. |
Szerző: | patrik [ szomb. aug. 13, 2011 17:13 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
hogyan kell csökkentett módba menni a hálózattal? (a zone alarm most újra működik) |
Szerző: | stell [ szomb. aug. 13, 2011 15:36 ] |
Hozzászólás témája: | Re: Vírus vagy mi lehet??? |
nem kell varni orakat, ha nem futt le CC 20,30 mulva akkor irni Igen az Malwarebytes blokol igen sok karos Ip cimet. Lemesz csokkentet modba a halozatall/ letoltod az RogueKillert az asztalra http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe Futtatod>>nyomod a bilenntyun az 2 szamot, es az Entert>.ad logot tedd ide, aztan ujbol futtatod, nyod a 3 szmaot, es enter< logot tedd ide, aztan ugyanigy az 4,5,6 szamokat,logokat ide. Es most itten csokkentet modban megcsinalod a combofixel ujbol a scriptet ahogy leirtam.,logot tedd ide. |
Oldal: 4 / 35 | Időzóna: UTC + 1 óra |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |