OK-meg fixeld le ezekett a dolgokatt es aztan keresd a WIN CD-telepito lemezt,mertt ugy nezki hogy Slipstreamot megyunk csinalni.

O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Exif Launcher.lnk = ?
Egyelore enyi

Mielőtt másolom, egy megjegyzés.
Az Open process manager-re kattintva nem volt ott a q.exe, csak amikor én kézzel megnyitottam. Akkor pedig lehetett már Kill process.

Itt az új logfile:
---------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:19, on 2008.01.13.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\q\Asztal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {F0B6F8BC-DE30-47F2-A346-DA1FC3A9B2BC} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://neptun1.ppke.hu/msrdp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

--
End of file - 6225 bytes

Meg csinald meg eztett:
Mostan kinyitod a hijackot>klik >scan>klik main menu>klik open the misc tools section>
Klik open process manager>megtalalod eztett>klik> C:\DOCUME~1\q\Asztal\q.exe<klik aloll a gombra> KILLPROCESS<restart.uj hj logott es leirni mivan..

1. Nos rendszer-visszaállítási pontot nem engedélyez. Csak a kb. 1 órával ezelőtti pont sötét, a többire kattintani se lehet. Pedig eddig volt több pont is. Azért megpróbáltam az egyetlen létezőt, semmi siker.

2. A Windows cd-t nem találom... Grat magamnak. Megkeresem, aztán jövök megint. Addig is reménykedem, hogy "visszajönnek" az eltűnt visszaállítási pontok. Kösz az eddigieket is.

Arrol van szo hogy nemolhesuk meg meg,Mertt meghall minden.Muszaj visza tenni a windows aztan elbanunk velee.
1:start>futats>beirni>msconfig>ok>Allol gomb>futtatni a system ujitasat>A job oldalon fellul bepontozni>visza alitani a systemett>allol kovetkezo>itt a kalendaron kivalasztol ojan napott ami az ellot voltt mikor felraktad eztt a scodatt>ha van vastag datum kivalasztod aztatt,ha nincsen akorr akarr mijett klik>tovab.Ha nemmukodig bezarni mindent>akkor,csinalod igy.

1:beirod a parancssorba >SFC/SCANNOW<Keri a telepito lemezet .beteszed.>Ha kinyilik bezarod.Ha megcsinalja >Restart>ujbol megkeresni ha van e marr EXPLORER>EXE.Es majd meglassuk.

Szóval jól beleszaladtam... A kutyafáját!

Na varj egy csepett gondokozok.mertt ez egy csunya WORM es nemtudom hogy mitt fog csinalni ha megoljuk.Azertt nemis mennek nekunk rendesen a scen progik.

Ez a Dokumentumok.exe - jól gondoltam. Annak explorer.exe az eredeti neve.
Szerintem a flyakite osx átnevezte...
És egy kocka alakú kék smiley.

Nezd meg meg egyszer ugy nezki mint egy szamitogep>jobklik>tulajdonsag>verzio>eredeti neve.Enek kell lenie.

explorer.exe nincs, csak C:\Windows\explorer file. Windows Explorer Command típusú file, azt írja.

Na ok:
Mostan ird be START>kereses>mindent ...>explorer.exe<ok.Ha megtalalja ird meg.

Megtörtént. Ez itt a logja.
----------------------------------------------------------------------

SDFix: Version 1.126

Run by q on 2008.01.13. at 11:55

Microsoft Windows XP [verziószám: 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Ok:Mostan kapcsold ki a szysztem visza alitasat.Restart es futatsd meg egyszer az SDFIXET-Csokentett modban.

Itt a main.txt

------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by q on 2008-01-13 10:50:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-01-13 09:51:12 UTC - RP156 - Deckard's System Scanner Restore Point
22: 2008-01-13 08:05:12 UTC - RP155 - ComboFix created restore point
21: 2008-01-12 20:53:56 UTC - RP154 - ComboFix created restore point
20: 2008-01-12 18:14:41 UTC - RP153 - FlyakiteOSX v3.5
19: 2008-01-12 08:02:39 UTC - RP152 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-25 10:51:01 UTC - RP134 - Removed MP3 Player Utilities 4.07


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 192 MiB (512 MiB recommended).


-- HijackThis (run as q.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:17, on 2008.01.13.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\q\Asztal\dss.exe
C:\DOCUME~1\q\Asztal\q.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {F0B6F8BC-DE30-47F2-A346-DA1FC3A9B2BC} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://neptun1.ppke.hu/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40C24230-47D8-4561-92F6-0FF5D9E1FE26}: NameServer = 84.2.44.1 84.2.46.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

--
End of file - 6294 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\q\Asztal\backups\) --------------------

backup-20080112-214940-174 O4 - HKCU\..\RunOnce: [] OSK.exe
backup-20080112-214940-394 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080112-214940-604 O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>

S3 catchme - c:\docume~1\q\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0100\1010100
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0100\1010100
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI modem
Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_14571043&REV_A0\3&61AAA01&0&0E
Manufacturer:
Name: PCI modem
PNP Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_14571043&REV_A0\3&61AAA01&0&0E
Service:


-- Files created between 2007-12-13 and 2008-01-13 -----------------------------

2008-01-13 10:18:36 0 d-------- C:\WINDOWS\ERUNT
2008-01-13 10:10:37 0 d-------- C:\WINDOWS\CSC
2008-01-12 10:28:15 0 d-------- C:\Program Files\VividLyrics
2008-01-12 08:54:30 0 d-------- C:\Program Files\ObjectDock
2008-01-12 08:54:29 0 d-------- C:\Program Files\RK Launcher
2008-01-12 08:54:27 0 d-------- C:\Program Files\iColorFolder
2008-01-12 08:54:25 0 d-------- C:\Program Files\WinRoll
2008-01-12 08:54:25 0 d-------- C:\Program Files\UberIcon
2008-01-12 08:54:25 0 d-------- C:\Program Files\Tiger System Preferences v2
2008-01-12 08:54:24 0 d-------- C:\Program Files\YzShadow
2008-01-10 21:24:30 0 d-------- C:\Program Files\YzShadow(2)
2008-01-10 21:24:30 0 d-------- C:\Program Files\WinRoll(2)
2008-01-10 21:24:29 0 d-------- C:\Program Files\UberIcon(2)
2008-01-10 21:24:27 0 d-------- C:\Program Files\Tiger System Preferences v2(2)
2008-01-10 21:24:23 0 d-------- C:\Program Files\iColorFolder(2)
2008-01-10 21:24:22 0 d-------- C:\Program Files\RK Launcher(2)
2008-01-10 21:24:20 0 d-------- C:\Program Files\ObjectDock(2)
2008-01-06 17:31:51 0 d-------- C:\Documents and Settings\q\UserData
2008-01-04 17:58:32 6553600 --a------ C:\Documents and Settings\q\ntuser.dat
2008-01-02 13:16:21 0 d--h----- C:\WINDOWS\FlyakiteOSX
2007-12-31 15:57:35 0 d-------- C:\Documents and Settings\q\Application Data\Help
2007-12-31 12:59:44 425984 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-31 12:59:44 446464 --a------ C:\WINDOWS\system32\vp31vfw.dll <Not Verified; On2.com; On2_VP3>
2007-12-31 12:59:43 593938 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-31 12:59:43 74240 --a------ C:\WINDOWS\system32\MACDec.dll <Not Verified; Matthew T. Ashland; Monkey's Audio>
2007-12-31 12:59:43 221184 --a------ C:\WINDOWS\system32\kl_upx.exe <Not Verified; The UPX Team http://upx.sf.net; UPX>
2007-12-31 12:59:43 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-12-31 12:59:42 1581056 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-12-31 12:59:42 1122304 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-12-31 12:59:42 1552384 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-12-31 12:59:42 1650688 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-12-31 12:59:42 77824 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-12-31 12:59:42 65536 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-12-31 12:59:42 65536 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-12-31 12:59:42 77824 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-12-31 12:59:41 27648 --a------ C:\WINDOWS\system32\ir50_lcs.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
2007-12-31 12:59:40 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2007-12-31 12:59:40 33280 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-12-31 12:59:39 421888 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2007-12-31 12:59:39 286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1>
2007-12-31 12:59:39 1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1>
2007-12-31 12:59:37 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-12-31 12:59:37 237568 --a------ C:\WINDOWS\system32\OggDS.dll <Not Verified; ; Ogg DirectShow(tm) Filter Collection>
2007-12-31 12:59:37 45056 --a------ C:\WINDOWS\system32\ogg.dll
2007-12-31 12:59:36 2770 --a------ C:\WINDOWS\system32\xvidmerit.reg
2007-12-31 12:59:36 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-12-31 12:59:34 95800 --a------ C:\WINDOWS\system32\bass.dll <Not Verified; Un4seen Developments; >
2007-12-31 12:59:19 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2007-12-31 12:59:17 0 d-------- C:\WINDOWS\system32\embedded
2007-12-30 23:22:10 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-12-30 23:22:06 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-12-30 09:38:34 3532 --a------ C:\drmHeader.bin
2007-12-28 13:55:40 0 d-------- C:\Documents and Settings\q\.scribus
2007-12-25 22:30:36 77824 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Aldus Corporation; Twain_32 Source Manager>
2007-12-25 22:30:34 0 d-------- C:\Adobe
2007-12-25 22:29:05 298496 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-12-25 22:28:59 0 d-------- C:\Documents and Settings\q\WINDOWS
2007-12-25 11:51:19 0 d-------- C:\WINDOWS\system32\recover
2007-12-24 12:50:55 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-12-24 12:50:38 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-12-24 12:49:08 0 d-------- C:\Program Files\QuickTime
2007-12-24 12:48:43 0 d-------- C:\WINDOWS\system32\QuickTime
2007-12-24 12:48:16 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-21 17:27:18 0 d-------- C:\Program Files\AviSynth 2.5
2007-12-21 17:26:47 0 d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-12-19 11:27:02 0 d-------- C:\Documents and Settings\Internet\Application Data\Adobe
2007-12-18 18:55:16 0 d-------- C:\Documents and Settings\Sára\Application Data\Skype
2007-12-18 14:27:15 0 d-------- C:\Documents and Settings\Marci\Application Data\Publish Providers
2007-12-18 14:25:44 0 d-------- C:\Documents and Settings\Marci\Application Data\Sony
2007-12-17 11:36:33 2068 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-17 11:35:33 0 d-------- C:\Documents and Settings\q\Application Data\Publish Providers
2007-12-17 11:24:26 0 d-------- C:\Program Files\Microsoft SQL Server
2007-12-17 11:23:52 0 d-------- C:\Documents and Settings\q\Application Data\Sony
2007-12-17 11:21:08 0 d-------- C:\Program Files\Vstplugins
2007-12-17 11:20:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-17 10:55:17 0 d-------- C:\Documents and Settings\q\Application Data\Sony Setup
2007-12-17 10:54:35 0 d-------- C:\Program Files\Sony Setup


-- Find3M Report ---------------------------------------------------------------

2008-01-12 19:31:28 0 d-------- C:\Program Files\Messenger
2008-01-12 19:31:27 0 d-------- C:\Program Files\Windows NT
2008-01-12 19:31:27 0 d-------- C:\Program Files\Movie Maker
2008-01-12 19:27:36 0 d-------- C:\Program Files\YzShadow
2008-01-12 19:22:13 219136 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® operációs rendszer>
2008-01-12 08:55:42 0 d-------- C:\Documents and Settings\q\Application Data\uTorrent
2008-01-12 08:54:00 0 d-------- C:\Program Files\MSN Messenger
2008-01-12 08:53:14 0 d-------- C:\Program Files\YzShadow(2)
2008-01-10 20:13:31 0 d-------- C:\Documents and Settings\q\Application Data\Skype
2008-01-02 13:35:17 1368064 --a------ C:\WINDOWS\Dokumentumok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® operációs rendszer>
2008-01-02 13:32:27 0 d-------- C:\Documents and Settings\q\Application Data\AVG7
2008-01-02 13:17:01 219136 --a------ C:\WINDOWS\system32\utheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® operációs rendszer>
2007-12-29 10:11:20 0 d-------- C:\Documents and Settings\q\Application Data\Macromedia
2007-12-29 10:10:54 11210 --a------ C:\WINDOWS\mozver.dat
2007-12-18 15:12:30 416660 --a------ C:\WINDOWS\system32\perfh00E.dat
2007-12-18 15:12:30 93144 --a------ C:\WINDOWS\system32\perfc00E.dat
2007-11-22 22:58:57 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 13:55:46 0 d-------- C:\Program Files\Google
2007-11-17 13:19:45 23154 --a------ C:\Documents and Settings\q\Application Data\Microsoft Access.ADR
2007-11-15 19:03:27 0 d-------- C:\Program Files\SONY
2007-11-15 19:03:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-01 12:55:22 335 --a------ C:\WINDOWS\nsreg.dat
2007-11-01 12:54:38 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2007-11-01 12:52:24 118784 --a------ C:\WINDOWS\GREUninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007.08.09. 17:54]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2007.10.10. 19:51]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002.02.04. 21:32]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007.12.20. 19:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007.07.12. 03:00]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004.01.14. 03:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007.12.24. 12:49]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006.02.26. 00:41]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003.12.08. 16:35]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004.08.18. 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006.12.18. 16:32]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007.01.19. 11:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004.10.13. 17:24]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005.12.18. 20:14]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006.02.24. 01:32]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006.02.24. 03:51]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005.10.19. 08:40]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006.01.01. 23:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*Restore"=C:\WINDOWS\system32\restore\rstrui.exe -c
"SDFix"=C:\SDFix\RunThis.bat /second

C:\Documents and Settings\q\Start Menu\Programs\Indˇt˘pult\
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2005.07.14. 23:13:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007.08.09. 18:37:23]
Exif Launcher.lnk - D:\Program Files\FinePixViewer\QuickDCF.exe [2007.08.13. 16:22:22]
Microsoft Office OneNote 2003 Quick Launch.lnk - D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003.08.06. 12:23:32]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e857ec40-5d34-11dc-bc3a-00e018dc2cc4}]
verb1\command- F:\desktop.exe




-- End of Deckard's System Scanner: finished at 2008-01-13 10:53:11 ------------

OK:
Ittem WORMOK-meg trojak vannak,Letoltodd ezt a progitt es futtato rendes modban.Ha kerdez beleegyezell amitt ad ide teszed.

http://deckard.geekstogo.com/dss.exe

Csinal 2-txt-Te ide teszed csak a Main.txt.
Tehat az asztalra teszed -mindent bezarsz es futtatod.

Hát ez nem sok.
Azt mondta, újraindulás után elindítja magától a sdfixet még1szer, de nem tette.

-----------------------------------------------------------------------------
SDFix: Version 1.126

Run by q on 2008.01.13. at 10:19

Microsoft Windows XP [verziószám: 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Ha megkerhetnelek ne rakd kodba a logokatt mertt rontom a szememm,koszi

Mostan ugyanugy csinald meg:

Van egypar troja a lemezen leToltot ezt a programott>az asztalra teszed kicsomagolod fellrakod>feltevodik a C:\re.Re -LEMEGY-csokentett modba>kinyitod az SDFIX-ET-klik-RUN THIS.BAT-Kerdez ..Y>>Y..a scen ojan 5-percig tart>ha bevegzi megnyomoll akar mijen bilentyut>restart_es visza megy a gep windowsba.Itt az SDFIX-BEN megtalalod a Report.txt-es ide teszed.Ha veletlenul nemtudnal bekapcsolodni a netre,akorr alidst be visza a halozati kartyat DHCP-es ipconfig/all-parancs-DE EZ NEMVALOSZINU.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

De azért itt a combofix naplófájlja is:

Erre gondolsz? Hijack This? Mert ez más, mint amit a ComboFix logolt:

Mostan kinyitod a notepadot.Start>futatas beirod >notepad>eztette bele kopirozod ami pirosall vann



Mostan>a notepadon elso full>ballfelsosarokban>4-sor>lementenni mint....
A txt-hejet beteszed eztett>CFScript.txt<alatta bealitod >minden mapak<
legfelull>asztalra tenni<klik gomb letenni.Es mostan megcsinalod eztett


Utana amitt add ide teszed es uj HJT-logott.

Oké holnap jövök.
Kerestetem a géppel, de egyelőre úgy tűnik - most már véglegesen látszik -, hogy nincs explorer.exe !

De a dokumentumok.exe hozza be a mappát. Nem lehet, hogy ez az explorer? Olyan mac-es módon; talán ott így hívják, s átnevezte a prog...

ok:Mostan varjal meg ki elemzem ha ma nem de holnapra biztosan.Mertt az elso latasra vannak itt bajok.Tehatt ha nincsen explorer,csinald meg egyelore igy.
ctrl+alt+del>a futott dolgok nezd meg ha ottvan e az >Explorer.exe<ha ott van ra klikelsz>aloll a gombra klik bevegezni.
2:Ha nincsen ott>vagy ott voltt es bevegezted fojtatod igy>Balfelso sarokban az elso full>mapa>uj parancs vagy nemtudom pontosan de az elso sorr>kivalasztodd>megkeresed a windowsban velle az explorer.exe-fajlott>es ok.Restartt.

ComboFix 08-01-09.2 - q 2008-01-12 22:17:30.2 - NTFSx86
Running from: C:\Documents and Settings\q\Asztal\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 21:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:28 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\VividLyrics
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\YzShadow
2008-01-12 08:54 . 2008-01-12 19:31 <DIR> d-------- C:\Program Files\WinRoll
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\UberIcon
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\Tiger System Preferences v2
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\RK Launcher
2008-01-12 08:54 . 2008-01-12 21:14 <DIR> d-------- C:\Program Files\ObjectDock
2008-01-12 08:54 . 2008-01-12 19:12 <DIR> d-------- C:\Program Files\iColorFolder
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\YzShadow(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\WinRoll(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\UberIcon(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\Tiger System Preferences v2(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\RK Launcher(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\ObjectDock(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\iColorFolder(2)
2008-01-06 17:31 . 2008-01-12 08:55 <DIR> d-------- C:\Documents and Settings\q\UserData
2008-01-06 08:56 . 2008-01-06 08:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 08:56 . 2008-01-06 08:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 13:17 . 2004-08-18 13:00 219,136 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-01-02 13:16 . 2008-01-12 19:31 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2007-12-31 11:33 . 2007-12-31 16:05 13,030 --a------ C:\PDOXUSRS.NET
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-12-30 23:22 . 1999-11-12 05:11 216,576 --a------ C:\WINDOWS\system32\bdeadmin.cpl
2007-12-30 23:22 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-12-30 09:38 . 2007-12-30 09:41 3,532 --a------ C:\drmHeader.bin
2007-12-28 13:55 . 2007-12-28 14:55 <DIR> d-------- C:\Documents and Settings\q\.scribus
2007-12-25 22:30 . 1995-10-11 20:34 77,824 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2007-12-25 22:30 . 2007-12-25 22:30 148 --a------ C:\WINDOWS\Adobereg.db
2007-12-25 22:29 . 1997-02-28 07:29 298,496 --a------ C:\WINDOWS\uninst.exe
2007-12-25 22:28 . 2007-12-25 22:28 <DIR> d-------- C:\Documents and Settings\q\WINDOWS
2007-12-25 11:51 . 2007-12-25 11:51 <DIR> d-------- C:\WINDOWS\system32\recover
2007-12-24 12:50 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-12-24 12:50 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-12-24 12:49 . 2007-12-24 12:49 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 12:48 . 2007-12-24 12:50 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-24 12:48 . 2007-12-24 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-21 17:27 . 2007-12-21 17:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-21 17:26 . 2007-12-29 10:09 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-12-18 18:55 . 2007-12-20 18:55 <DIR> d-------- C:\Documents and Settings\Sára\Application Data\Skype
2007-12-18 14:27 . 2007-12-18 14:27 <DIR> d-------- C:\Documents and Settings\Marci\Application Data\Publish Providers
2007-12-18 14:25 . 2007-12-18 14:27 <DIR> d-------- C:\Documents and Settings\Marci\Application Data\Sony
2007-12-17 11:36 . 2007-12-24 12:10 2,068 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-17 11:35 . 2007-12-17 11:35 <DIR> d-------- C:\Documents and Settings\q\Application Data\Publish Providers
2007-12-17 11:25 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-17 11:25 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-17 11:24 . 2007-12-17 11:24 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-17 11:23 . 2007-12-23 10:23 <DIR> d-------- C:\Documents and Settings\q\Application Data\Sony
2007-12-17 11:21 . 2007-12-17 11:21 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-17 11:20 . 2007-12-17 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-17 10:55 . 2007-12-17 10:55 <DIR> d-------- C:\Documents and Settings\q\Application Data\Sony Setup
2007-12-17 10:54 . 2007-12-17 10:54 <DIR> d-------- C:\Program Files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 07:55 --------- d-----w C:\Documents and Settings\q\Application Data\uTorrent
2008-01-12 07:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 19:13 --------- d-----w C:\Documents and Settings\q\Application Data\Skype
2008-01-02 12:35 1,368,064 ----a-w C:\WINDOWS\Dokumentumok.exe
2008-01-02 12:32 --------- d-----w C:\Documents and Settings\q\Application Data\AVG7
2007-12-29 17:08 --------- d-----w C:\Documents and Settings\Sára\Application Data\AVG7
2007-12-26 20:06 --------- d-----w C:\Documents and Settings\Sára\Application Data\uTorrent
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\Marci\Application Data\AVG7
2007-12-19 10:17 --------- d-----w C:\Documents and Settings\Internet\Application Data\AVG7
2007-12-09 10:13 --------- d-----w C:\Documents and Settings\Vendég\Application Data\AVG7
2007-11-22 21:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-21 12:55 --------- d-----w C:\Program Files\Google
2007-11-15 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 18:03 --------- d-----w C:\Program Files\SONY
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-01 11:54 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2007-11-01 11:52 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
1996-12-04 21:00 73,184 ------w C:\Program Files\Common Files\Dao2535.tlb
1996-12-02 15:44 582,144 ------w C:\Program Files\Common Files\dao350.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 16:32 25365032]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1686016]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 20:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 01:32 188416]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 03:51 172032]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 08:40 393216]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-01 23:27 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-09 17:54 185632]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 19:03 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004-01-14 03:00 99840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-24 12:49 77824]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 00:41 118485]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="C:\WINDOWS\system32\restore\rstrui.exe" [2004-08-18 13:00 397824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:46 219136]

C:\Documents and Settings\q\Start Menu\Programs\Indˇt˘pult\
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2005-07-14 23:13:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-09 18:37:23]
Exif Launcher.lnk - D:\Program Files\FinePixViewer\QuickDCF.exe [2007-08-13 16:22:22]
Microsoft Office OneNote 2003 Quick Launch.lnk - D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 12:23:32]

S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e857ec40-5d34-11dc-bc3a-00e018dc2cc4}]
\shell\verb1\command - F:\desktop.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 22:21:01
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 22:22:30
ComboFix2.txt 2008-01-12 21:02:51
.
2008-01-12 08:11:01 --- E O F ---

Nem csináltam semmit, bezártam mindent, s megint nem rebootolt. Ellenben kiírta, hogy nem találja az C:\Windows\explorer.exe-t (nincs is ott!) - nem lehet, hogy ezért nincs autorestart? S ha én most újraindítom?

Azért itt a logfile:
------------------------------------------------------------------------

Futasad meg egyszer itt hianyzoznak dolgok,hamarab bevegezte a scentt,addig nebabralj semmit meg vagy nem restartol vagy maga kiadja a logott.Nemszabad semitt sem csinalnod ascen allatt bezarni mindent.

Nem restartolt, csak logolt. Másolom:
-------------------------------------------------------------------------------------

ComboFix 08-01-09.2 - q 2008-01-12 21:54:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.72 [GMT 1:00]
Running from: C:\Documents and Settings\q\Asztal\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 21:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:28 . 2008-01-12 10:32 <DIR> d-------- C:\Program Files\VividLyrics
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\YzShadow
2008-01-12 08:54 . 2008-01-12 19:31 <DIR> d-------- C:\Program Files\WinRoll
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\UberIcon
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\Tiger System Preferences v2
2008-01-12 08:54 . 2008-01-12 19:27 <DIR> d-------- C:\Program Files\RK Launcher
2008-01-12 08:54 . 2008-01-12 21:14 <DIR> d-------- C:\Program Files\ObjectDock
2008-01-12 08:54 . 2008-01-12 19:12 <DIR> d-------- C:\Program Files\iColorFolder
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\YzShadow(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\WinRoll(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\UberIcon(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\Tiger System Preferences v2(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\RK Launcher(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\ObjectDock(2)
2008-01-10 21:24 . 2008-01-12 08:53 <DIR> d-------- C:\Program Files\iColorFolder(2)
2008-01-06 17:31 . 2008-01-12 08:55 <DIR> d-------- C:\Documents and Settings\q\UserData
2008-01-06 08:56 . 2008-01-06 08:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 08:56 . 2008-01-06 08:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 13:17 . 2004-08-18 13:00 219,136 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-01-02 13:16 . 2008-01-12 19:31 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2007-12-31 11:33 . 2007-12-31 16:05 13,030 --a------ C:\PDOXUSRS.NET
2007-12-30 23:22 . 2007-12-30 23:22 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-12-30 23:22 . 1999-11-12 05:11 216,576 --a------ C:\WINDOWS\system32\bdeadmin.cpl
2007-12-30 23:22 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-12-30 09:38 . 2007-12-30 09:41 3,532 --a------ C:\drmHeader.bin
2007-12-28 13:55 . 2007-12-28 14:55 <DIR> d-------- C:\Documents and Settings\q\.scribus
2007-12-25 22:30 . 1995-10-11 20:34 77,824 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2007-12-25 22:30 . 2007-12-25 22:30 148 --a------ C:\WINDOWS\Adobereg.db
2007-12-25 22:29 . 1997-02-28 07:29 298,496 --a------ C:\WINDOWS\uninst.exe
2007-12-25 22:28 . 2007-12-25 22:28 <DIR> d-------- C:\Documents and Settings\q\WINDOWS
2007-12-25 11:51 . 2007-12-25 11:51 <DIR> d-------- C:\WINDOWS\system32\recover
2007-12-24 12:50 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-12-24 12:50 . 1999-11-10 11:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-12-24 12:49 . 2007-12-24 12:49 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 12:48 . 2007-12-24 12:50 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-24 12:48 . 2007-12-24 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-21 17:27 . 2007-12-21 17:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-21 17:26 . 2007-12-29 10:09 <DIR> d--hs---- C:\WINDOWS\system32\ShellDHCP
2007-12-18 18:55 . 2007-12-20 18:55 <DIR> d-------- C:\Documents and Settings\Sára\Application Data\Skype
2007-12-18 14:27 . 2007-12-18 14:27 <DIR> d-------- C:\Documents and Settings\Marci\Application Data\Publish Providers
2007-12-18 14:25 . 2007-12-18 14:27 <DIR> d-------- C:\Documents and Settings\Marci\Application Data\Sony
2007-12-17 11:36 . 2007-12-24 12:10 2,068 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-17 11:35 . 2007-12-17 11:35 <DIR> d-------- C:\Documents and Settings\q\Application Data\Publish Providers
2007-12-17 11:25 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-17 11:25 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-17 11:24 . 2007-12-17 11:24 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-17 11:23 . 2007-12-23 10:23 <DIR> d-------- C:\Documents and Settings\q\Application Data\Sony
2007-12-17 11:21 . 2007-12-17 11:21 <DIR> d-------- C:\Program Files\Vstplugins
2007-12-17 11:20 . 2007-12-17 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-17 10:55 . 2007-12-17 10:55 <DIR> d-------- C:\Documents and Settings\q\Application Data\Sony Setup
2007-12-17 10:54 . 2007-12-17 10:54 <DIR> d-------- C:\Program Files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 07:55 --------- d-----w C:\Documents and Settings\q\Application Data\uTorrent
2008-01-12 07:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 19:13 --------- d-----w C:\Documents and Settings\q\Application Data\Skype
2008-01-02 12:35 1,368,064 ----a-w C:\WINDOWS\Dokumentumok.exe
2008-01-02 12:32 --------- d-----w C:\Documents and Settings\q\Application Data\AVG7
2007-12-29 17:08 --------- d-----w C:\Documents and Settings\Sára\Application Data\AVG7
2007-12-26 20:06 --------- d-----w C:\Documents and Settings\Sára\Application Data\uTorrent
2007-12-24 16:57 --------- d-----w C:\Documents and Settings\Marci\Application Data\AVG7
2007-12-19 10:17 --------- d-----w C:\Documents and Settings\Internet\Application Data\AVG7
2007-12-09 10:13 --------- d-----w C:\Documents and Settings\Vendég\Application Data\AVG7
2007-11-22 21:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-21 12:55 --------- d-----w C:\Program Files\Google
2007-11-15 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 18:03 --------- d-----w C:\Program Files\SONY
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-01 11:54 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2007-11-01 11:52 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
1996-12-04 21:00 73,184 ------w C:\Program Files\Common Files\Dao2535.tlb
1996-12-02 15:44 582,144 ------w C:\Program Files\Common Files\dao350.dll
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 16:32 25365032]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1686016]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 20:14 27648]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 01:32 188416]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 03:51 172032]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 08:40 393216]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-01 23:27 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-09 17:54 185632]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 19:03 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [2004-01-14 03:00 99840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-24 12:49 77824]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 00:41 118485]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="C:\WINDOWS\system32\restore\rstrui.exe" [2004-08-18 13:00 397824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:46 219136]

C:\Documents and Settings\q\Start Menu\Programs\Indˇt˘pult\
Stardock ObjectDock.lnk - C:\Program Files\ObjectDock\ObjectDock.exe [2005-07-14 23:13:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-09 18:37:23]
Exif Launcher.lnk - D:\Program Files\FinePixViewer\QuickDCF.exe [2007-08-13 16:22:22]
Microsoft Office OneNote 2003 Quick Launch.lnk - D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 12:23:32]

S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e857ec40-5d34-11dc-bc3a-00e018dc2cc4}]
\shell\verb1\command - F:\desktop.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 21:59:49
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 22:02:17
.
2008-01-12 08:11:01 --- E O F ---

Nyisd ki a hijack progit>mostan a >Do a system scan only<gomb
Az ablackakban bepipazod ezeket-ne tevedj es aztan gomb>FIX.

2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
O4 - HKCU\..\RunOnce: [] OSK.exe
Egyelore csak ezekett,utanna letoltod ezt a progitt.

Es az asztalra teszed.

Futatod mint administrátor v normalis modban ,Mindent zarjal be-bongeszok,programok,kapcsoldki az AVG-pajzat is.
Ha keerdez kivalasztod az 1-lehetosegett-nembabralni semmit csak nezni.A gep restartol es ad combofix.txt-eztett ide teszed.



http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Stell!
Itt a log:
------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:33, on 2008.01.12.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ObjectDock\ObjectDock.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\Dokumentumok.exe
C:\Documents and Settings\q\Asztal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\RunOnce: [] OSK.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {F0B6F8BC-DE30-47F2-A346-DA1FC3A9B2BC} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://neptun1.ppke.hu/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40C24230-47D8-4561-92F6-0FF5D9E1FE26}: NameServer = 84.2.44.1 84.2.46.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

--
End of file - 6567 bytes

ryzsy en nemis vettem eszre hogy itt vagy,
Tehatt letoltod eztt a progoitt>klik gomb>do a system scan save log file<megvarod mitt add es ide teszed a logott.


http://www.james008.net/download/index.php?dlid=38

Sziasztok!

stell irányított ide a Windows fórumról, hátha segítetek.
Fölraktam a gépre a Flyakite OSX nevű, Macintosht szimuláló theme-et. Először ment is rendben, majd a következő induláskor már döcögött. Az üdvözlőképernyőn beírtam a jelszót, majd bejött a nagy semmi. Az Asztalt és a tálcát nem hozta be. Azóta feladatkezelővel defibrillálom mindig, s megnyitok egy böngészőt, abból pedig minden mást. Mit lehet tenni, hogy betöltse az asztalt (plusz a programokat, skype-t, vírusírtót stb.)?

Leszedtem a programot, és rendszer-visszaállítást is végeztem - semmi eredmény.