Megválaszolatlan hozzászólások | Aktív témák Pontos idő: szomb. ápr. 20, 2024 2:04

Fórum kezdőlap » Terminal.hu » security

Időzóna: UTC + 1 óra




Hozzászólás a témához  Oldal: 4 / 16
  [ 774 hozzászólás ]  Oldal Előző  1, 2, 3, 4, 5, 6, 7 ... 16  Következő
Nyomtatóbarát verzió Előző téma | Következő téma 
STELL Segit 
Szerző Üzenet
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Fertozest nemlatok,
Nevezd att az combofix ikonjat uninstall
es futtasd, klik ok,ok,ok, a combofix letelepitodik a geprol,
Tehat akkor ez minden.
csüt. márc. 21, 2013 9:18
Profil Privát üzenet küldése Honlap
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
javult igen, most jóval gyorsabban tölt be mindent
All processes killed
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sony PC Companion deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\PowerDVD12DMREngine deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\PowerDVD12Agent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 295121 bytes
->Temporary Internet Files folder emptied: 1828568 bytes
->Java cache emptied: 3164383 bytes
->FireFox cache emptied: 381891797 bytes
->Google Chrome cache emptied: 273543149 bytes
->Flash cache emptied: 12383 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2285 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50517 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 630,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03212013_090537

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
csüt. márc. 21, 2013 9:10
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Letolteni az asztalra az OTL.exe programot.
http://www.bleepingcomputer.com/download/otl/dl/93/
Futtatni>>Jobb klik mint Admin>>bealitast ugy hagyni ahogy van, ,,de meg pipazd be az ALLUSERS, ablakkocskat.
AZ aljan az, ablakjaba masold be a scriptet, a kod szo nelkul.
Kód:
:OTL
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"DAEMON Tools Lite"=-
"Facebook Update"=-
"Skype"=-
"Sony PC Companion"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerDVD12DMREngine"=-
"PowerDVD12Agent"=-
"Adobe ARM"=-
:Commands
[emptytemp]

es klikelj az RUNFIX gombra, a naplojat tedd ide,
Aztan ird meg ha van e javulas.
csüt. márc. 21, 2013 7:39
Profil Privát üzenet küldése Honlap
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
ComboFix 13-03-20.01 - User 013.03.20. 15:50:51.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.36.1038.18.2046.1059 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 14:56 . 2013-03-20 14:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-20 14:56 . 2013-03-20 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 10:56 . 2013-03-20 10:56 -------- d-----w- c:\windows\ERUNT
2013-03-20 10:55 . 2013-03-20 10:55 -------- d-----w- C:\JRT
2013-03-20 08:35 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8847BE8E-52FA-409E-ABF9-81E3F21E3850}\mpengine.dll
2013-03-18 14:59 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 15:38 . 2013-03-13 15:38 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 15:38 . 2013-03-13 15:38 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 14:47 . 2013-03-13 14:47 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2013-03-13 14:46 . 2013-03-13 15:00 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 14:46 . 2013-03-13 14:46 -------- d-----w- c:\windows\system32\Macromed
2013-03-13 14:26 . 2013-03-13 14:26 -------- d-----w- c:\programdata\McAfee
2013-03-13 14:25 . 2013-03-13 14:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-13 08:14 . 2013-01-08 08:27 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-13 08:14 . 2013-01-08 08:27 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40478D16-417B-4078-A8E8-B1B7A61DE79A}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 15:41 . 2011-03-09 13:23 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 15:00 . 2011-10-01 09:37 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 13:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:19 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2011-01-17 07:39 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-21 11:11 . 2012-06-23 15:48 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-21 11:11 . 2011-01-23 20:25 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-07 17:11 . 2013-01-07 17:11 208216 ----a-w- c:\windows\system32\drivers\21109372.sys
2013-01-05 05:53 . 2013-02-14 08:40 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 08:40 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 08:40 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 08:40 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 08:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 08:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 08:40 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 08:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 08:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 08:40 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 08:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 08:40 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 08:40 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-18 1077584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-08-16 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-08-16 374560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-09-07 100864]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-04 14448]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-22 834544]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/17 11:14];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-08-10 08:04 147704]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-08-16 90640]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-08-16 78352]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-08-16 295440]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704]
S3 NisSrv;Microsoft Hálózatfelügyelet;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 15:00]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4236947220-2871655594-1518355159-1001Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 11:25]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4236947220-2871655594-1518355159-1001UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-31 11:25]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4236947220-2871655594-1518355159-1001Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 17:15]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4236947220-2871655594-1518355159-1001UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 17:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportálás Microsoft Excel formátumba - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 213.46.246.54 213.46.246.53
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8zne0h2j.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Driver San Francisco - d:\myprog\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-20 15:58:53
ComboFix-quarantined-files.txt 2013-03-20 14:58
.
Pre-Run: 12 031 426 560 bájt szabad
Post-Run: 12 278 292 480 bájt szabad
.
- - End Of File - - 38A3D110CC7B65F799A66AE0462A0859
szer. márc. 20, 2013 15:59
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Ok, Futtasd az Combofixet, a naplojat tedd ide.
http://www.bleepingcomputer.com/combofi ... t-combofix
szer. márc. 20, 2013 14:34
Profil Privát üzenet küldése Honlap
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by User on 2013.03.20. at 11:56:14,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\complitly"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\simplytech"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8zne0h2j.default\conduitcommon
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8zne0h2j.default\prefs.js

user_pref("CT3088559..clientLogIsEnabled", true);
user_pref("CT3088559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3088559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3088559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT3088559.BrowserCompStateIsOpen_129603119646319811", true);
user_pref("CT3088559.CT3088559", "CT3088559");
user_pref("CT3088559.CurrentServerDate", "5-11-2011");
user_pref("CT3088559.DSInstall", true);
user_pref("CT3088559.DialogsAlignMode", "LTR");
user_pref("CT3088559.DialogsGetterLastCheckTime", "Sat Nov 05 2011 20:38:22 GMT+0100");
user_pref("CT3088559.DownloadReferralCookieData", "");
user_pref("CT3088559.EMailNotifierPollDate", "Sat Nov 05 2011 20:38:23 GMT+0100");
user_pref("CT3088559.FirstServerDate", "5-11-2011");
user_pref("CT3088559.FirstTime", true);
user_pref("CT3088559.FirstTimeFF3", true);
user_pref("CT3088559.FixPageNotFoundErrors", false);
user_pref("CT3088559.GroupingServerCheckInterval", 1440);
user_pref("CT3088559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT3088559.HPInstall", false);
user_pref("CT3088559.HasUserGlobalKeys", true);
user_pref("CT3088559.HomePageProtectorEnabled", false);
user_pref("CT3088559.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT3088559.Initialize", true);
user_pref("CT3088559.InitializeCommonPrefs", true);
user_pref("CT3088559.InstallationAndCookieDataSentCount", 1);
user_pref("CT3088559.InstallationType", "Unknown");
user_pref("CT3088559.InstalledDate", "Sat Nov 05 2011 20:38:25 GMT+0100");
user_pref("CT3088559.InvalidateCache", false);
user_pref("CT3088559.IsGrouping", false);
user_pref("CT3088559.IsInitSetupIni", true);
user_pref("CT3088559.IsMulticommunity", false);
user_pref("CT3088559.IsOpenThankYouPage", true);
user_pref("CT3088559.IsOpenUninstallPage", true);
user_pref("CT3088559.IsProtectorsInit", true);
user_pref("CT3088559.LanguagePackLastCheckTime", "Sat Nov 05 2011 20:38:25 GMT+0100");
user_pref("CT3088559.LanguagePackReloadIntervalMM", 1440);
user_pref("CT3088559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT3088559.LastLogin_3.7.0.6", "Sat Nov 05 2011 20:38:33 GMT+0100");
user_pref("CT3088559.LatestVersion", "3.5.0.12");
user_pref("CT3088559.Locale", "en");
user_pref("CT3088559.MCDetectTooltipHeight", "83");
user_pref("CT3088559.MCDetectTooltipShow", false);
user_pref("CT3088559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT3088559.MCDetectTooltipWidth", "295");
user_pref("CT3088559.MyStuffEnabledAtInstallation", true);
user_pref("CT3088559.OriginalFirstVersion", "3.7.0.6");
user_pref("CT3088559.RadioIsPodcast", false);
user_pref("CT3088559.RadioLastCheckTime", "Sat Nov 05 2011 20:38:25 GMT+0100");
user_pref("CT3088559.RadioLastUpdateIPServer", "3");
user_pref("CT3088559.RadioLastUpdateServer", "129603226867170000");
user_pref("CT3088559.RadioMediaID", "21958313");
user_pref("CT3088559.RadioMediaType", "Media Player");
user_pref("CT3088559.RadioMenuSelectedID", "EBRadioMenu_CT308855921958313");
user_pref("CT3088559.RadioShrinked", "shrinked");
user_pref("CT3088559.RadioShrinkedFromSetup", true);
user_pref("CT3088559.RadioStationName", "California%20Rock%20-%20Rock");
user_pref("CT3088559.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
user_pref("CT3088559.SHRINK_TOOLBAR", 0);
user_pref("CT3088559.SearchCaption", "Giveaway of the Day Customized Web Search");
user_pref("CT3088559.SearchEngineBeforeUnload", "Giveaway of the Day Customized Web Search");
user_pref("CT3088559.SearchFromAddressBarIsInit", true);
user_pref("CT3088559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3088559&SearchSource=2&q=");
user_pref("CT3088559.SearchInNewTabEnabled", true);
user_pref("CT3088559.SearchInNewTabIntervalMM", 1440);
user_pref("CT3088559.SearchInNewTabLastCheckTime", "Sat Nov 05 2011 20:38:33 GMT+0100");
user_pref("CT3088559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT3088559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT3088559.SearchInNewTabUserEnabled", false);
user_pref("CT3088559.SearchProtectorEnabled", true);
user_pref("CT3088559.SearchProtectorToolbarDisabled", false);
user_pref("CT3088559.SendProtectorDataViaLogin", true);
user_pref("CT3088559.ServiceMapLastCheckTime", "Sat Nov 05 2011 20:38:21 GMT+0100");
user_pref("CT3088559.SettingsLastCheckTime", "Sat Nov 05 2011 20:38:21 GMT+0100");
user_pref("CT3088559.SettingsLastUpdate", "1318850777");
user_pref("CT3088559.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3088559&SearchSource=13");
user_pref("CT3088559.ThirdPartyComponentsInterval", 504);
user_pref("CT3088559.ThirdPartyComponentsLastCheck", "Sat Nov 05 2011 20:38:21 GMT+0100");
user_pref("CT3088559.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT3088559.ToolbarShrinkedFromSetup", true);
user_pref("CT3088559.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3088559");
user_pref("CT3088559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3088559.UserID", "UN93321006283482191");
user_pref("CT3088559.ValidationData_Toolbar", 2);
user_pref("CT3088559.WeatherNetwork", "");
user_pref("CT3088559.WeatherPollDate", "Sat Nov 05 2011 20:38:24 GMT+0100");
user_pref("CT3088559.WeatherUnit", "C");
user_pref("CT3088559.alertChannelId", "1479923");
user_pref("CT3088559.approveUntrustedApps", false);
user_pref("CT3088559.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT3088559.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT3088559.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT3088559.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT3088559.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT3088559.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT3088559.backendstorage./9b+7e06cg5el8:", "6E6D6F726E746E6F7776");
user_pref("CT3088559.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737578747A74757D7C242F4B49474F42357D5D5C3D");
user_pref("CT3088559.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT3088559.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT3088559.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT3088559.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT3088559.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT3088559.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT3088559.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT3088559.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT3088559.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT3088559.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT3088559.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT3088559.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT3088559.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT3088559.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT3088559.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT3088559.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT3088559.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT3088559.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT3088559.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT3088559.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT3088559.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT3088559.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT3088559.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT3088559.backendstorage./9b-0?3g>d", "6B3C6D6B6F706D6D7A7273727320487D772025797C4F502A202456542A595A2A5B2A3130");
user_pref("CT3088559.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT3088559.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C6675
user_pref("CT3088559.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT3088559.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT3088559.backendstorage./9b5ba==9cjag", "6D683B3C6F406C747A4545737A7C764B7D4A7D217B");
user_pref("CT3088559.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F726E72746D7771757774");
user_pref("CT3088559.backendstorage./9b9643g3/9e", "6A");
user_pref("CT3088559.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT3088559.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT3088559.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT3088559.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT3088559.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT3088559.components.1000034", false);
user_pref("CT3088559.components.1000082", false);
user_pref("CT3088559.components.1000234", false);
user_pref("CT3088559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3088559.globalFirstTimeInfoLastCheckTime", "Sat Nov 05 2011 20:38:23 GMT+0100");
user_pref("CT3088559.homepageProtectorEnableByLogin", true);
user_pref("CT3088559.initDone", true);
user_pref("CT3088559.isAppTrackingManagerOn", true);
user_pref("CT3088559.isFirstRadioInstallation", false);
user_pref("CT3088559.myStuffEnabled", true);
user_pref("CT3088559.myStuffPublihserMinWidth", 400);
user_pref("CT3088559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3088559.myStuffServiceIntervalMM", 1440);
user_pref("CT3088559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3088559.revertSettingsEnabled", true);
user_pref("CT3088559.searchProtectorDialogDelayInSec", 10);
user_pref("CT3088559.searchProtectorEnableByLogin", true);
user_pref("CT3088559.testingCtid", "");
user_pref("CT3088559.toolbarAppMetaDataLastCheckTime", "Sat Nov 05 2011 20:38:21 GMT+0100");
user_pref("CT3088559.toolbarContextMenuLastCheckTime", "Sat Nov 05 2011 20:38:25 GMT+0100");
user_pref("CT3088559.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitSearchList", "Giveaway of the Day Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1475575/HU", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT3088559", "\"1315933121\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... &locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... er=3.7.0.6", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT3088559", "\"634553316085800000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... =CT3088559", "\"1318850777\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... z/idel.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... z/maxi.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... nimize.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... z/play.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... y_mini.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... z/stop.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... uz/vol.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"1d81252562c31be757300e4205a85371\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8zne0h2j.default\\conduitCommon\\modules\\3.7.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT3088559");
user_pref("CommunityToolbar.ToolbarsList2", "CT3088559");
user_pref("CommunityToolbar.ToolbarsList4", "CT3088559");
user_pref("CommunityToolbar.globalUserId", "5c3f0df7-57ba-4974-b587-f30c6d8b2ec6");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3088559");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Nov 05 2011 20:38:25 GMT+0100");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Nov 05 2011 20:38:32 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Nov 05 2011 20:38:23 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "f88b27c1-92e2-4981-9370-54c1a2e1a7ca");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8zne0h2j.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013.03.20. at 12:01:45,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
szer. márc. 20, 2013 12:03
Profil Privát üzenet küldése
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
# AdwCleaner v2.115 - Logfile created 03/20/2013 at 11:51:40
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\SimplyGen

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (hu)

-\\ Google Chrome v25.0.1364.172

*************************

AdwCleaner[S1].txt - [621 octets] - [20/03/2013 11:51:40]

########## EOF - C:\AdwCleaner[S1].txt - [680 octets] ##########
szer. márc. 20, 2013 11:54
Profil Privát üzenet küldése
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/20/2013 11:49:55 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



Program finished at: 03/20/2013 11:50:07 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
szer. márc. 20, 2013 11:50
Profil Privát üzenet küldése
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
oké köszi, csak nem voltam benne biztos hogy ezek kellenek az enyémhez is
szer. márc. 20, 2013 11:48
Profil Privát üzenet küldése
nbela
gyémánt tag

Csatlakozott: pén. aug. 06, 2004 22:20
Hozzászólások: 3533
Tartózkodási hely: Miskolc
Hozzászólás Re: STELL Segit
Igen, de természetesen a saját gépeden - mivel most azzal van problémád...
(Csak azé pofiztam bele, hogy mire a Mester megjön, már kész adatok várják és ne a kérdésed :) )
szer. márc. 20, 2013 11:46
Profil Privát üzenet küldése
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
az nem az én gépem volt hanem egy ismerősé :) akkor is csináljam meg amiket küldtél?
szer. márc. 20, 2013 9:33
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
szia
Meg mndig anyi keves MEMORIAD van ?/,ha jol emlekszem akkor talan 256MB-volt, vagy tevedek??

1:RKILL- futtatni naplojat tedd ide.
http://download.bleepingcomputer.com/grinler/rkill.com

2:De azon felul futtasd le az ADWcleanert>>DELETE
http://www.viruskasino.com/2012/09/adwcleaner.html
Naplojat ide tenni.

3:junkware removal>.naplojat tedd ide.
http://www.bleepingcomputer.com/downloa ... oval-tool/
kedd márc. 19, 2013 19:02
Profil Privát üzenet küldése Honlap
dori0227
ezüst tag

Csatlakozott: pén. jan. 18, 2013 22:27
Hozzászólások: 57
Hozzászólás Re: STELL Segit
szia Stell!
eléggé belassult a gépem, tudsz segíteni?
kedd márc. 19, 2013 9:51
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Meh csinalhatsz egy torezedes mentest evvel a programmal.
http://www.piriform.com/defraggler

Igen, ugyes voltal, :D
Nincsen mitt szia.
csüt. márc. 14, 2013 15:14
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
Remélem sikerül ez is. (hát szerintem páran nem nézték ki ezt belőlem :))
Nagyon szépen köszönöm a segítségét! (azért sokkal jobb lett, mert amikor leírok egy szót majdnem ugyanolyan gyorsan ki is írja és nem kell várni, mire "utolér " a gép. )
Köszönöm szépen!
csüt. márc. 14, 2013 14:46
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Mar jobb nem lesz, telepitsd le a combofixet,
Nevezd at az combofix ikonjat uninstall
es futtasd, klik, ok, ok, ok, a combofix letelepitodik a geprol.
Telepisrd fell az ingyenes AVIRAT

Es ez lesz talan minden.
csüt. márc. 14, 2013 14:20
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A06938A9-8ADB-4212-BFA2-725776187663}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A06938A9-8ADB-4212-BFA2-725776187663}\ not found.
HKU\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\WINNT_x86_64-msvc\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\WINNT_x86_64-msvc folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\WINNT_x86-msvc\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\WINNT_x86-msvc folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Linux_x86_64-gcc3\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Linux_x86_64-gcc3 folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Linux_x86-gcc3\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Linux_x86-gcc3 folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Darwin_x86_64-gcc3\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Darwin_x86_64-gcc3 folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Darwin\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform\Darwin folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\platform folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\defaults\preferences folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\defaults folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\components folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted\chrome folder moved successfully.
C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}\ not found.
C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult\Uninstall Webroot RunOnce.lnk moved successfully.
C:\Documents and Settings\Rendszergazda\Application Data\wruninstall.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Starting removal of ActiveX control {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kátai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16227914 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Rendszergazda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03142013_135901

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
csüt. márc. 14, 2013 14:14
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Futtasd ujbol az OTL.exe programot,, de most az also ablakaba masold be ezt a scriptet.
De most ra klikelsz az RUNFIX gombra.
A naplojat tedd ide,
Kód:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{A06938A9-8ADB-4212-BFA2-725776187663}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2012.07.04 10:48:04 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted
2013.03.13 13:49:05 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\searchplugins\ashampoo-hu-customized-web-search.xml
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult\Uninstall Webroot RunOnce.lnk = C:\Documents and Settings\Rendszergazda\Application Data\wruninstall.exe (Webroot Software, Inc.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
:Commands
[emptytemp]
csüt. márc. 14, 2013 13:52
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
OTL logfile created on: 2013.03.14. 13:09:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kátai\Asztal
Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

631,48 Mb Total Physical Memory | 254,76 Mb Available Physical Memory | 40,34% Memory free
970,20 Mb Paging File | 648,38 Mb Available in Paging File | 66,83% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,08 Gb Total Space | 12,98 Gb Free Space | 68,01% Space Free | Partition Type: NTFS

Computer Name: K-B4AF768DDF6B4 | User Name: Kátai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.14 12:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kátai\Asztal\OTL.exe
PRC - [2013.03.10 13:36:01 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.15 11:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.11.18 14:15:18 | 000,262,144 | ---- | M] (D-Link) -- C:\Program Files\D-Link AirPlus\AIRPLUS.EXE


========== Modules (No Company Name) ==========

MOD - [2013.03.10 13:35:50 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.28 18:02:19 | 014,718,320 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2008.04.15 11:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.03.10 13:35:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:02:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009.09.21 14:56:30 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra)
DRV - [2009.02.11 13:32:11 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2008.04.13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 09:36:08 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio)
DRV - [2008.04.13 09:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003.09.08 15:06:00 | 000,255,360 | ---- | M] (D-Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2002.07.23 21:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002.02.08 08:01:46 | 000,142,748 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\..\SearchScopes\{A06938A9-8ADB-4212-BFA2-725776187663}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-329068152-113007714-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.13 13:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 13:34:20 | 000,000,000 | ---D | M]

[2009.07.15 15:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Extensions
[2013.03.13 14:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions
[2012.07.04 10:48:04 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted
[2013.03.13 13:49:05 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\searchplugins\ashampoo-hu-customized-web-search.xml
[2013.03.10 13:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.17 17:23:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.03.10 13:36:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.12.14 16:36:45 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml
[2012.12.14 16:36:45 | 000,001,841 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2012.12.14 16:36:45 | 000,001,187 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2012.12.14 16:36:45 | 000,001,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml

O1 HOSTS File: ([2013.03.13 20:41:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Kátai\Start Menu\Programs\Indítópult\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE (D-Link)
O4 - Startup: C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult\Uninstall Webroot RunOnce.lnk = C:\Documents and Settings\Rendszergazda\Application Data\wruninstall.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-113007714-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-113007714-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-113007714-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-113007714-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.24.187.210 212.24.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E108FE8-3D9A-41A8-8209-0C252ACED78B}: DhcpNameServer = 212.24.187.210 212.24.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9E7F3B9-8322-4841-8F23-EDBA3719AA5C}: NameServer = 212.24.187.210
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Lanka.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 15:09:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.14 12:37:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.03.14 12:37:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.14 12:33:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kátai\Asztal\OTL.exe
[2013.03.13 20:45:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013.03.13 18:22:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.03.13 18:22:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.03.13 18:22:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.03.13 18:22:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.03.13 18:22:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.13 18:09:05 | 005,038,936 | R--- | C] (Swearware) -- C:\Documents and Settings\Kátai\Asztal\ComboFix.exe
[2013.03.13 14:20:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kátai\Recent
[2013.03.13 14:02:49 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013.03.13 14:02:48 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013.03.10 15:12:37 | 000,000,000 | ---D | C] -- C:\rsit
[2013.03.10 13:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006.12.08 12:16:52 | 001,670,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2006.12.08 12:16:52 | 000,484,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2006.12.08 12:16:52 | 000,074,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll

========== Files - Modified Within 30 Days ==========

[2013.03.14 13:01:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.14 12:39:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.14 12:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.14 12:38:56 | 662,228,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.14 12:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kátai\Asztal\OTL.exe
[2013.03.13 22:00:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.03.13 20:41:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.03.13 20:21:31 | 005,038,936 | R--- | M] (Swearware) -- C:\Documents and Settings\Kátai\Asztal\ComboFix.exe
[2013.03.13 14:00:18 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.03.13 13:56:39 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Kátai\Asztal\adwcleaner.exe
[2013.03.10 13:36:14 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Kátai\Asztal\RSIT.exe
[2013.03.01 03:28:00 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.02.28 18:02:21 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.28 18:02:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.03.13 22:00:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.03.13 18:22:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.03.13 18:22:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.03.13 18:22:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.03.13 18:22:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.03.13 18:22:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.03.13 13:56:36 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Kátai\Asztal\adwcleaner.exe
[2013.03.10 13:35:56 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Kátai\Asztal\RSIT.exe
[2012.02.16 19:43:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.01 17:20:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.18 11:55:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kátai\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.19 18:47:34 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Kátai\Application Data\com.blocksoft.pairs
[2006.12.08 12:16:54 | 001,413,862 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2006.12.08 12:16:54 | 001,128,177 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2006.12.08 12:16:54 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2006.12.08 12:16:54 | 000,183,321 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2006.12.08 12:16:54 | 000,181,745 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2006.12.08 12:16:54 | 000,138,977 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2006.12.08 12:16:54 | 000,134,631 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2006.12.08 12:16:54 | 000,091,265 | ---- | C] () -- C:\Program Files\OCT2006_xinput_x64.cab
[2006.12.08 12:16:54 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2006.12.08 12:16:54 | 000,049,149 | ---- | C] () -- C:\Program Files\OCT2006_xinput_x86.cab
[2006.12.08 12:16:54 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2006.12.08 12:16:52 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab
[2006.12.08 12:16:52 | 001,363,684 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2006.12.08 12:16:52 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2006.12.08 12:16:52 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2006.12.08 12:16:52 | 001,085,608 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2006.12.08 12:16:52 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2006.12.08 12:16:52 | 000,179,247 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2006.12.08 12:16:52 | 000,133,297 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2006.12.08 12:16:52 | 000,082,384 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2006.12.08 12:16:52 | 000,041,991 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2006.12.08 12:16:50 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab
[2006.12.08 12:16:50 | 001,575,336 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2006.12.08 12:16:50 | 001,572,114 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2006.12.08 12:16:50 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2006.12.08 12:16:50 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2006.12.08 12:16:50 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2006.12.08 12:16:50 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2006.12.08 12:16:50 | 000,213,767 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2006.12.08 12:16:50 | 000,193,435 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2006.12.08 12:16:50 | 000,192,680 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2006.12.08 12:16:50 | 000,146,559 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2006.12.08 12:16:48 | 004,163,518 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2006.12.08 12:16:48 | 001,398,718 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2006.12.08 12:16:48 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2006.12.08 12:16:48 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2006.12.08 12:16:48 | 001,116,109 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2006.12.08 12:16:48 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2006.12.08 12:16:48 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2006.12.08 12:16:48 | 000,917,318 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2006.12.08 12:16:48 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab
[2006.12.08 12:16:48 | 000,183,863 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2006.12.08 12:16:48 | 000,180,021 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2006.12.08 12:16:48 | 000,138,195 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2006.12.08 12:16:48 | 000,133,991 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2006.12.08 12:16:48 | 000,088,102 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2006.12.08 12:16:48 | 000,087,989 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2006.12.08 12:16:48 | 000,047,018 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2006.12.08 12:16:48 | 000,046,898 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.16 10:10:45 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.16 10:10:20 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.15 11:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
csüt. márc. 14, 2013 13:26
Profil Privát üzenet küldése
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
OTL Extras logfile created on: 2013.03.14. 13:09:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kátai\Asztal
Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

631,48 Mb Total Physical Memory | 254,76 Mb Available Physical Memory | 40,34% Memory free
970,20 Mb Paging File | 648,38 Mb Available in Paging File | 66,83% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,08 Gb Total Space | 12,98 Gb Free Space | 68,01% Space Free | Partition Type: NTFS

Computer Name: K-B4AF768DDF6B4 | User Name: Kátai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-113007714-1060284298-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1 -- [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2011.04.15 12:18:37 | 000,000,000 | ---D | M]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live feltöltőeszköz
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{257A92C3-7E41-4678-9144-6920F4289D0F}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{396B26FB-1D23-43FD-A964-A4A3A223D1F1}_is1" = Pairs 2.1.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{733EB793-0840-4D69-97AA-6934FC79DB16}" = Windows Live bejelentkezési segéd
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A98C71-A900-44E7-AD98-70E6368FB4D0}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1038-7B44-A95000000001}" = Adobe Reader 9.5.0 - Hungarian
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"abramania - mahjongg" = abramania - mahjongg 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BetűzzElek - Szókirakó játék_is1" = BetűzzElek program eltávolítása
"BoXiKoN" = BoXiKoN (remove only)
"CCleaner" = CCleaner
"GEKKO Mahjongg" = Gekko Mahjongg
"ie8" = Windows Internet Explorer 8
"Joemino 2.0_is1" = Joemino 2.0
"Jumper_is1" = Jumper 1.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"Konyi Gumidomino 1.1" = Gumidominó 1.1 (csak törlés)
"Mah Jong Quest_is1" = Mah Jong Quest
"Mahjong Escape: Ancient China 1.0.0.5" = Mahjong Escape: Ancient China 1.0.0.5
"MahJong Suite Graphics Pack Volume 2_is1" = MahJong Suite Graphics Pack Volume 2 - v2.9
"MahJong Suite_is1" = MahJong Suite 2011 v8.0
"Mozilla Firefox 19.0.2 (x86 hu)" = Mozilla Firefox 19.0.2 (x86 hu)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SolSuite" = SolSuite
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2011.06.22. 8:29:01 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1001
Description = Hibasor: 1578443712.

Error - 2011.06.22. 8:29:04 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: farmfrenzy3_america.wrp.exe, verzió: 0.5.0.0, hibás
modul: farmfrenzy3_america.wrp.exe, verzió: 0.5.0.0, memóriacím: 0x001fa726.

Error - 2011.06.22. 8:29:08 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1001
Description = Hibasor: 1578443712.

Error - 2011.06.22. 8:29:16 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: farmfrenzy3_america.wrp.exe, verzió: 0.5.0.0, hibás
modul: farmfrenzy3_america.wrp.exe, verzió: 0.5.0.0, memóriacím: 0x001fa726.

Error - 2011.06.23. 6:42:22 | Computer Name = K-B4AF768DDF6B4 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: firefox.exe, verzió: 1.9.2.4127, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2011.06.23. 6:42:24 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: plugin-container.exe, verzió: 1.9.2.4127, hibás
modul: ntdll.dll, verzió: 5.1.2600.6055, memóriacím: 0x0000100b.

Error - 2011.06.23. 6:42:37 | Computer Name = K-B4AF768DDF6B4 | Source = Application Error | ID = 1001
Description = Hibasor: -1884762006.

Error - 2011.06.23. 6:42:46 | Computer Name = K-B4AF768DDF6B4 | Source = Application Hang | ID = 1001
Description = Hibasor: -1883328116.

Error - 2011.07.17. 14:24:18 | Computer Name = K-B4AF768DDF6B4 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: msnmsgr.exe, verzió: 14.0.8117.416, nem
válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2011.07.17. 14:24:30 | Computer Name = K-B4AF768DDF6B4 | Source = Application Hang | ID = 1001
Description = Hibasor: 00000009.

[ System Events ]
Error - 2013.02.01. 13:53:35 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.02.02. 15:38:31 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1002
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához tartozó
192.168.1.100 IP-cím bérletét a DHCP kiszolgáló (192.168.1.254) elutasította. (A
DHCP-kiszolgáló DHCPNACK üzenetet küldött)

Error - 2013.02.03. 11:49:22 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1002
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához tartozó
192.168.1.101 IP-cím bérletét a DHCP kiszolgáló (192.168.1.254) elutasította. (A
DHCP-kiszolgáló DHCPNACK üzenetet küldött)

Error - 2013.02.28. 12:26:45 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.03.01. 16:36:21 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.03.07. 13:56:44 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.03.08. 14:10:44 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.03.12. 11:14:52 | Computer Name = K-B4AF768DDF6B4 | Source = Dhcp | ID = 1001
Description = A számítógép a(z) 00134648D2DF hálózati című hálózati kártyához a
DHCP-kiszolgáló nem rendelt hálózati címet. A következő hiba történt: %%1223. A számítógép
továbbra is megpróbál címet igényelni a hálózati cím kiszolgálójától (DHCP).

Error - 2013.03.13. 15:28:11 | Computer Name = K-B4AF768DDF6B4 | Source = Service Control Manager | ID = 7034
Description = A(z) Alkalmazási réteg átjárószolgáltatása szolgáltatás váratlanul
leállt. Ez a(z) 1. alkalommal fordult elő.

Error - 2013.03.13. 15:28:11 | Computer Name = K-B4AF768DDF6B4 | Source = Service Control Manager | ID = 7034
Description = A(z) Nyomtatásisor-kezelő szolgáltatás váratlanul leállt. Ez a(z)
1. alkalommal fordult elő.


< End of report >
csüt. márc. 14, 2013 13:22
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Se virus, se Adware, mert namlatok itt ojasmit, tobnyire csak nagyrakaritas, kinai IOBIT szemet, a sok Toolbar szemet, feleslegesen futto programok, meg program maradvanyok.

Futtasd meg egyszer az OTL.exe programot, pipazd be az ALUSER ablakot, a tobbi bealitasd hagyd ugy, es most klikelj az SCAN gombra
Majd add 2-darab logot, naplot, tedd ide okket.
csüt. márc. 14, 2013 13:04
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kátai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 139892473 bytes
->Flash cache emptied: 766 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Rendszergazda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1617213 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03142013_123722

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Kedves Stell! Végigfuttattam, és van javulás, ez tény, de nem az igazi.. Nem értem... tudom nem nagy gép, kicsi teljesítménnyel, de már volt rajta sokkal több program és sokkal gyorsabban reagált a parancsüzenetekre, míg most szinte csak pár játék van rajta. Valami visszafogja? Amiket csináltunk, azok vírust vagy adwaréket írtott ki?
csüt. márc. 14, 2013 12:56
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
ok.
Letolteni az asztalra az OTL.exe programot.
http://www.bleepingcomputer.com/download/otl/dl/93/
Futtatni>>bealitast ugy hagyni ahogy van, ,,de meg pipazd be az ALLUSERS, ablakkocskat.
AZ aljan az, ablakjaba masold be a scriptet, a kod szo nelkul.
Kód:
:Commands
[emptytemp]


es klikelj az RUNFIX gombra, a naplojat tedd ide,
Aztan ird meg ha van e javulas.
csüt. márc. 14, 2013 7:55
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
ComboFix 13-03-13.02 - Kátai 013.03.13. 20:28:21.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.631.429 [GMT 1:00]
Running from: c:\documents and settings\Kátai\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Kátai\Asztal\CFScript.txt
.
FILE ::
"c:\documents and settings\Rendszergazda\Start Menu\Programs\Indítópult\Uninstall Webroot RunOnce.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IObit
c:\program files\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-08-27-15-40-22.log
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-09-03-20-11-51.log
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-09-10-17-38-04.log
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-09-17-19-16-38.log
c:\program files\IObit\Smart Defrag 2\Log\SDBootTime_2012-09-24-16-46-55.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))
.
.
2013-03-10 14:12 . 2013-03-10 14:13 -------- dc----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 17:02 . 2012-07-09 13:53 691568 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 17:02 . 2012-07-09 13:53 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-15 10:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2009-02-09 11:19 2071168 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2009-04-16 09:10 2194560 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2009-04-16 09:10 1876224 -c--a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2009-04-16 09:10 1295872 -c--a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2008-04-15 10:00 148992 -c--a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:20 . 2008-12-20 22:47 916480 -c--a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2009-01-30 07:16 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-12-20 22:46 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:41 . 2009-04-16 09:10 385024 -c--a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-15 10:00 290560 -c--a-w- c:\windows\system32\atmfd.dll
2006-12-08 11:16 . 2006-12-08 11:16 74520 -c--a-w- c:\program files\DSETUP.dll
2006-12-08 11:16 . 2006-12-08 11:16 484632 -c--a-w- c:\program files\DXSETUP.exe
2006-12-08 11:16 . 2006-12-08 11:16 1670936 -c--a-w- c:\program files\dsetup32.dll
2013-03-10 12:36 . 2013-03-10 12:33 263064 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Rendszergazda\Start Menu\Programs\Indítópult\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Rendszergazda\Application Data\wruninstall.exe [2012-8-26 7021336]
.
c:\documents and settings\Kátai\Start Menu\Programs\Indítópult\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-7-15 262144]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2009.07.15. 16:40 142748]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 17:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.24.187.210 212.24.160.1
TCP: Interfaces\{E9E7F3B9-8322-4841-8F23-EDBA3719AA5C}: NameServer = 212.24.187.210
FF - ProfilePath - c:\documents and settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-13 20:41
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-13 20:45:45 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-13 19:45
ComboFix2.txt 2013-03-13 17:42
.
Pre-Run: 14 136 659 968 bájt szabad
Post-Run: 14 098 341 888 bájt szabad
.
- - End Of File - - B6A3FD3894BAEF43E452D080B10CB83C
szer. márc. 13, 2013 20:55
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Igen,pontosan igy, ahogy irod, mert az Malwrebytest csak itt ,ott kell hasznalni,es ez neked mar most nem kell, ha kelesz akkor mindig friset letolteni, es a hasznalata utan vissza letelepiteni a geprol.
szer. márc. 13, 2013 19:28
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
Bocsánat, hogy visszakérdezek: Először telepítsem le és utána csináljam az a Script-et?
szer. márc. 13, 2013 19:25
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
:arrow: Telepisd le a szamitogeprol az Malwarebytes programot.

:arrow: Script készítés:
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.
Az naplojat Tedd ide.
Kód:
KILLALL::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
File::
c:\documents and settings\Rendszergazda\Start Menu\Programs\Indítópult\Uninstall Webroot RunOnce.lnk
Driver::
WinRing0_1_2_0
MBAMScheduler
MBAMService
MBAMProtector
Folder::
c:\program files\IObit
ClearJavaCache::
szer. márc. 13, 2013 19:05
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
ComboFix 13-03-13.01 - Kátai 013.03.13. 18:28:00.12.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.631.348 [GMT 1:00]
Running from: c:\documents and settings\Kátai\Asztal\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))
.
.
2013-03-10 14:12 . 2013-03-10 14:13 -------- dc----w- C:\rsit
2013-03-10 12:48 . 2012-12-14 15:49 21104 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 12:48 . 2013-03-10 12:49 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 17:02 . 2012-07-09 13:53 691568 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 17:02 . 2012-07-09 13:53 71024 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-15 10:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2009-02-09 11:19 2071168 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2009-04-16 09:10 2194560 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2009-04-16 09:10 1876224 -c--a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2009-04-16 09:10 1295872 -c--a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2008-04-15 10:00 148992 -c--a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:20 . 2008-12-20 22:47 916480 -c--a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2009-01-30 07:16 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2008-12-20 22:46 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:41 . 2009-04-16 09:10 385024 -c--a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-15 10:00 290560 -c--a-w- c:\windows\system32\atmfd.dll
2006-12-08 11:16 . 2006-12-08 11:16 74520 -c--a-w- c:\program files\DSETUP.dll
2006-12-08 11:16 . 2006-12-08 11:16 484632 -c--a-w- c:\program files\DXSETUP.exe
2006-12-08 11:16 . 2006-12-08 11:16 1670936 -c--a-w- c:\program files\dsetup32.dll
2013-03-10 12:36 . 2013-03-10 12:33 263064 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-12-19 3273136]
.
c:\documents and settings\Rendszergazda\Start Menu\Programs\Indítópult\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Rendszergazda\Application Data\wruninstall.exe [2012-8-26 7021336]
.
c:\documents and settings\Kátai\Start Menu\Programs\Indítópult\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-7-15 262144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07 843712 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 20:51 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013.03.10. 13:49 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013.03.10. 13:49 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013.03.10. 13:48 21104]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2009.07.15. 16:40 142748]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 17:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.24.187.210 212.24.160.1
TCP: Interfaces\{E9E7F3B9-8322-4841-8F23-EDBA3719AA5C}: NameServer = 212.24.187.210
FF - ProfilePath - c:\documents and settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-13 18:38
Windows 5.1.2600 Szervizcsomag 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2013-03-13 18:42:10
ComboFix-quarantined-files.txt 2013-03-13 17:42
.
Pre-Run: 14 139 961 344 bájt szabad
Post-Run: 14 170 734 592 bájt szabad
.
- - End Of File - - F5770D322479DC03F58F59C6916B28BD
szer. márc. 13, 2013 18:47
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Semmi baj, van ido..
Futtasd le az combofixet a naplojat ide tenni.
Letolteni az asztalra>futtasd<<mindig klikelni Ok,ok,ok, aztan csak varni a naplojara, majd kinyilik magatol, es a tartalmat tedd ide.
http://www.bleepingcomputer.com/downloa ... fix/dl/12/
szer. márc. 13, 2013 15:47
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
Megérkeztem, bocsánat, de vagy munka volt, vagy a vihar miatt Net nem volt. Mióta itt jártam annyi változtatás lett a gépen, hogy a Pandát leszedtem, mert lejárt a próbaverzió, remélem nem gond. Amúgy változatlanul iszonyatosan lassú...


# AdwCleaner v2.114 - Logfile created 03/13/2013 at 14:17:13
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Szervizcsomag 3 (32 bits)
# User : Kátai - K-B4AF768DDF6B4
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Kátai\Asztal\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\CT2481035
Folder Deleted : C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\{6ef56a35-13a0-4571-aa84-9303d9f41bdd}
Folder Deleted : C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\Smartbar
Folder Deleted : C:\Documents and Settings\Kátai\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481035
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT2481035 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (hu)

File : C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\prefs.js

C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\user.js ... Deleted !

Deleted : user_pref("CT2481035.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2481035.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2481035.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2481035.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2481035.FirstTime", "true");
Deleted : user_pref("CT2481035.FirstTimeFF3", "true");
Deleted : user_pref("CT2481035.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT2481035.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT248[...]
Deleted : user_pref("CT2481035.UserID", "UN46003870876531505");
Deleted : user_pref("CT2481035.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2481035.autoDisableScopes", -1);
Deleted : user_pref("CT2481035.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2481035.defaultSearch", "true");
Deleted : user_pref("CT2481035.embeddedsData", "[{\"appId\":\"129058859249188177\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2481035.enableAlerts", "false");
Deleted : user_pref("CT2481035.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT2481035.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2481035.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2481035.fixPageNotFoundError", "true");
Deleted : user_pref("CT2481035.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT2481035.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2481035.fixUrls", true);
Deleted : user_pref("CT2481035.homepageuserchanged", true);
Deleted : user_pref("CT2481035.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2481035.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2481035.isCheckedStartAsHidden", true);
Deleted : user_pref("CT2481035.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2481035.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT2481035.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2481035.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2481035.keyword", true);
Deleted : user_pref("CT2481035.lastVersion", "10.14.65.43");
Deleted : user_pref("CT2481035.migrateAppsAndComponents", true);
Deleted : user_pref("CT2481035.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.viruskasino.[...]
Deleted : user_pref("CT2481035.openThankYouPage", "false");
Deleted : user_pref("CT2481035.openUninstallPage", "false");
Deleted : user_pref("CT2481035.price-gong.isManagedApp", "true");
Deleted : user_pref("CT2481035.search.searchAppId", "129058859249188177");
Deleted : user_pref("CT2481035.search.searchCount", "0");
Deleted : user_pref("CT2481035.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT2481035.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT2481035.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2481035.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2481035.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2481035.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT2481035.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2481035.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2481035.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2481035.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2481035.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363178946787");
Deleted : user_pref("CT2481035.serviceLayer_services_appsMetadata_lastUpdate", "1363178946582");
Deleted : user_pref("CT2481035.serviceLayer_services_clientErrorLog_lastUpdate", "1346090292841");
Deleted : user_pref("CT2481035.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363178945804");
Deleted : user_pref("CT2481035.serviceLayer_services_location_lastUpdate", "1363179070089");
Deleted : user_pref("CT2481035.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363178949569");
Deleted : user_pref("CT2481035.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363178946236");
Deleted : user_pref("CT2481035.serviceLayer_services_searchAPI_lastUpdate", "1363179070061");
Deleted : user_pref("CT2481035.serviceLayer_services_serviceMap_lastUpdate", "1363179067904");
Deleted : user_pref("CT2481035.serviceLayer_services_setupAPI_lastUpdate", "1363179070716");
Deleted : user_pref("CT2481035.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363178945352");
Deleted : user_pref("CT2481035.serviceLayer_services_toolbarSettings_lastUpdate", "1363178940879");
Deleted : user_pref("CT2481035.serviceLayer_services_translation_lastUpdate", "1363178946620");
Deleted : user_pref("CT2481035.settingsINI", true);
Deleted : user_pref("CT2481035.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2481035.smartbar.CTID", "CT2481035");
Deleted : user_pref("CT2481035.smartbar.Uninstall", "0");
Deleted : user_pref("CT2481035.smartbar.toolbarName", "Ashampoo HU ");
Deleted : user_pref("CT2481035.startPage", "userChanged");
Deleted : user_pref("CT2481035.toolbarBornServerTime", "13-3-2013");
Deleted : user_pref("CT2481035.toolbarCurrentServerTime", "13-3-2013");
Deleted : user_pref("CT2481035.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT2481035_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo HU Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481035[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=F[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481035");
Deleted : user_pref("browser.search.defaultthis.engineName", "Ashampoo HU Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=C[...]
Deleted : user_pref("browser.search.selectedEngine", "Ashampoo HU Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.myfreezoo.hu/|hxxps://mail.google.com/mail/?shva=1[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481035&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1[...]
Deleted : user_pref("smartbar.originalSearchEngine", false);
Deleted : user_pref("tfp.CT2481035", true);

File : C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\eg9b3wg8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9814 octets] - [13/03/2013 14:17:13]

########## EOF - C:\AdwCleaner[S1].txt - [9874 octets] ##########
szer. márc. 13, 2013 14:43
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Udv
Letolteni az ADWcleanert, futtatni, es klik DELETE, a naplojat ide tenni.
http://www.viruskasino.com/2012/09/adwcleaner.html
hétf. márc. 11, 2013 11:49
Profil Privát üzenet küldése Honlap
mamika45
ezüst tag

Csatlakozott: vas. márc. 10, 2013 13:34
Hozzászólások: 10
Hozzászólás Re: STELL Segit
Kedves Stell!
Nem tudom hova sikeredett pár órával korábban írnom, azt hittem ide. Na mindegy... Lényeg az hogy Andrea - kataiandi - mamija vagyok, és ő mondta nyugodtan forduljak ide. Nagyon lassú a gépem, néha perceket kell várni arra,h reagáljon a parancsokra. Már-már mondhatnám nagyon idegesítő...
A Maldwarebyte nem talált semmit. Az RSIT pedig ezt dobta ki. Kérem szépen, ha ideje engedi segítsen. Köszönöm előre is!
Tehát az RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kátai at 2013-03-10 15:12:37
Microsoft Windows XP Professional Szervizcsomag 3
System drive C: has 13 GB (69%) free of 20 GB
Total RAM: 631 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:12:51, on 2013.03.10.
Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kátai\Asztal\RSIT.exe
C:\Program Files\trend micro\Kátai.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2481035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - (no file)
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E7F3B9-8322-4841-8F23-EDBA3719AA5C}: NameServer = 212.24.187.210
O22 - SharedTaskScheduler: Browseui előbetöltője - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Komponenskategóriák gyorsítótárazási szolgáltatása - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Logikai lemezkezelő felügyeleti szolgáltatás (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eseménynapló (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: IMAPI CD-égető COM-szolgáltatás (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting távoli asztalmegosztás (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Hálózati DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Hálózati DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Távoli asztal súgó-munkamenetének kezelője (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intelligens kártya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Teljesítménynaplók és riasztások (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Kötet árnyékmásolata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: A Windows Media Player hálózatmegosztási szolgáltatása (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7722 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default

prefs.js - "browser.startup.homepage" - "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?shva%3D1&ss=1&scc=1&ltmpl=default&ltmplcache=2#inbox|http://www.myfreezoo.hu/game/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2481035&SearchSource=2&q="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.171 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
msservice.js

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
creativecommons.xml
eBay-hu.xml
google.xml
sztaki-en-hu.xml
vatera.xml
wikipedia-hu.xml

C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\extensions\
{6ef56a35-13a0-4571-aa84-9303d9f41bdd}
{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

C:\Documents and Settings\Kátai\Application Data\Mozilla\Firefox\Profiles\y4t0jzqb.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2012-10-15 87176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{97ab88ef-346b-4179-a0b1-7445896547a5}
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2012-10-15 87176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PSUAMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [2012-11-14 32032]
"Panda Security URL Filtering"=C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe [2012-10-15 221832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-12-14 512360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2012-12-19 3273136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

C:\Documents and Settings\Kátai\Start Menu\Programs\Indítópult
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRkrn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRSVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\pandasecuritytb\dtUser.exe"="C:\Program Files\pandasecuritytb\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2013-03-10 15:12:37 ----DC---- C:\rsit
2013-03-10 13:48:57 ----AC---- C:\WINDOWS\system32\drivers\mbam.sys
2013-03-10 13:48:56 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2013-03-10 13:33:45 ----DC---- C:\Program Files\Mozilla Firefox
2013-02-20 16:47:34 ----AC---- C:\WINDOWS\system32\drivers\PSKMAD.sys
2013-02-14 21:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2778344$
2013-02-14 21:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2799494$
2013-02-14 21:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2013-02-14 21:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$

======List of files/folders modified in the last 1 month======

2013-03-10 15:12:44 ----DC---- C:\Program Files\trend micro
2013-03-10 15:11:57 ----DC---- C:\WINDOWS\system32\drivers
2013-03-10 14:41:21 ----DC---- C:\Program Files\Mozilla Maintenance Service
2013-03-10 14:41:10 ----RDC---- C:\Program Files
2013-03-10 13:56:19 ----DC---- C:\WINDOWS\temp
2013-03-10 13:48:36 ----DC---- C:\WINDOWS\Prefetch
2013-03-10 13:07:53 ----DC---- C:\WINDOWS
2013-03-10 13:06:07 ----DC---- C:\WINDOWS\system32\CatRoot2
2013-03-08 19:55:12 ----C---- C:\WINDOWS\SchedLgU.Txt
2013-02-28 18:02:26 ----DC---- C:\WINDOWS\system32
2013-02-28 18:02:21 ----AC---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-24 16:42:56 ----DC---- C:\Documents and Settings\Kátai\Application Data\MahJong Suite
2013-02-16 16:47:20 ----DC---- C:\WINDOWS\Debug
2013-02-14 21:07:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2013-02-14 21:07:21 ----HDC---- C:\WINDOWS\inf
2013-02-14 21:07:15 ----DC---- C:\WINDOWS\system32\dllcache
2013-02-14 21:07:01 ----HDC---- C:\WINDOWS\$hf_mig$
2013-02-14 21:06:28 ----SHDC---- C:\WINDOWS\Installer
2013-02-14 21:02:29 ----DC---- C:\Program Files\Internet Explorer
2013-02-14 19:26:16 ----DC---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 viaagp;VIA AGP buszszűrő; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-07-23 32128]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-02-11 9216]
R1 NNSALPC;NNSAlpc; C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys [2012-11-09 119208]
R1 NNSHTTP;NNSHttp; C:\WINDOWS\system32\DRIVERS\NNSHttp.sys [2012-11-09 139176]
R1 NNSIDS;NNSids; C:\WINDOWS\system32\DRIVERS\NNSIds.sys [2012-11-09 163112]
R1 NNSPICC;NNSPicc; C:\WINDOWS\system32\DRIVERS\NNSPicc.sys [2012-11-09 133544]
R1 NNSPIHS;NNSPihs; C:\WINDOWS\system32\DRIVERS\NNSPihs.sys [2012-11-09 63400]
R1 NNSPOP3;NNSPop3; C:\WINDOWS\system32\DRIVERS\NNSPop3.sys [2012-11-09 125480]
R1 NNSPROT;NNSProt; C:\WINDOWS\system32\DRIVERS\NNSProt.sys [2012-11-09 370216]
R1 NNSPRV;NNSPrv; C:\WINDOWS\system32\DRIVERS\NNSPrv.sys [2012-11-09 191528]
R1 NNSSMTP;NNSSmtp; C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys [2012-11-09 128040]
R1 NNSSTRM;NNSStrm; C:\WINDOWS\system32\DRIVERS\NNSStrm.sys [2012-11-09 276520]
R1 NNSTLSC;NNSTlsc; C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys [2012-11-09 133928]
R1 P3;Intel PentiumIII processzor-illesztőprogram; C:\WINDOWS\system32\DRIVERS\p3.sys [2009-04-16 46976]
R1 PSINKNC;PSINKnc; C:\WINDOWS\system32\DRIVERS\psinknc.sys [2012-11-09 178728]
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2012-11-09 149288]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2012-11-09 102184]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2012-11-09 114216]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2012-11-09 123560]
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-09-08 255360]
R3 NNSNAHS;Network Activity Hook Server Service; C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys [2012-10-22 38824]
R3 PSKMAD;PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [2012-11-07 46672]
R3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2002-02-08 142748]
R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 VIAudio;VIA AC'97 hangvezérlő(WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 catchme;catchme; \??\C:\DOCUME~1\KTAI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
S3 usbvideo;USB videoeszköz (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys []
S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-01-30 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-01-30 82944]
S4 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-11-12 140064]
R2 PSUAService;Panda Product Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-11-14 36640]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 251248]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-10 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;A Windows Media Player hálózatmegosztási szolgáltatása; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-10 919040]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]

-----------------EOF-----------------
vas. márc. 10, 2013 15:36
Profil Privát üzenet küldése
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
A ccleanert régóta használom :) Kiklikkeltem valamelyik nap egy halom progit, amik egyből indultak a win-nel együtt.
szer. feb. 27, 2013 15:30
Profil Privát üzenet küldése
Laci_L
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11868
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: STELL Segit
-kataiandi- írta:
... Ezt nem értem teljesen...

Én se nagyon. :)

De valószínűleg a tömörítés címén arra gondolt, hogy tisztítani, rendbe kell rakni a registry-t. Erre kétségtelenül vannak programok (pl a CCleaner is tudja), de nagyon ésszel kell bánni a használattal, mert olyan bejezéseket is törölhet, amitöl megborul a gép. A jobb programok csinálnak Backup-ot, de annak a visszarakása sem egyszerű.
Egyszóval: CCleaner-t használd (bal sáv > Rendszerleíró), és kész. Amit az törlésre ajánl, azt nyugodtan jóváhagyhatod.

A többi meg azt jelenti, hogy nem kell minden vacakot telepíteni (erről már írtam). Sok telepítő meg sem kérdezi, és már berakja magát (vagy valamelyik belső opcióját) az automatikusan indulók közé. Ilyenek az automatikus frissítések, a hírlevél, stb. Ha érdekel leírom, hol tudod ellenőrizni, hogy mik indulnak a Win-nel együtt.
szer. feb. 27, 2013 15:04
Profil Privát üzenet küldése
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
nacorvus írta:
Háát.. biztos ami biztos, én azét futtatnék utána egy regeditet és ott az összes MBAM kulcsot átadnám az enyészetnek..
utána tömöríteni a rendszerleírót=gyíkfű a gép alá és hasit.
Ashamphűű! :x

Szia!
Ezt nem értem teljesen... mit is csináljak? Ashampookat természetesen leszedtem 8)
szer. feb. 27, 2013 10:30
Profil Privát üzenet küldése
nacorvus
a fórum lelke
Avatar

Csatlakozott: vas. szept. 12, 2004 18:08
Hozzászólások: 6037
Tartózkodási hely: Usa
Hozzászólás Re: STELL Segit
Háát.. biztos ami biztos, én azét futtatnék utána egy regeditet és ott az összes MBAM kulcsot átadnám az enyészetnek..
utána tömöríteni a rendszerleírót=gyíkfű a gép alá és hasit.
Ashamphűű! :x

PS:win és ált minden op rendszer alatt érvényes:Minél kevesebb program ami automatikusan indul: InCd-virtualdrive vagy hasonlók,kodeckek betöltése induláskor :shock: ,messenger és egyéb üzenők..nem tudom a ma mi a divatos win alatt pl képszerkesző,win-office segéd etc.
Az asztalon(-okon=virtuális asztal, van ilyen akár win alatt is,bár ez a legújabb 'csempés' vers.-ből is kimaradt :wink: )minél kevesebb ikon vagy egy sem hiszen ott a tálcán,dockon,menüben stb,..amikor kell el kell indítani,egy kattintással v duplakkattal és fele akkora memóval is jóval kisebb pociigénnyel megy a vas 2x3 gyorsabban.
kedd feb. 26, 2013 22:46
Profil Privát üzenet küldése ICQ YIM Honlap
Laci_L
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11868
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: STELL Segit
stell írta:
Idézet:
... lefuttatni a malwarebytest, aztan letelepitni a geprol.

Nem kell feltétlenül leszedni, ha van hely maradhat. Bár kétségtelenül macerás megnyilvánulásai vannak: összeakad a NOD32-vel, és ilyenkor a 32GB-nál nagyobb külső meghajtót nem ismeri fel a gép. Már írtam nekik, hogy egyeztessenek már. Tudnak róla, de eddig nem javították. Azt sem tudom, melyiknek kellene.

Tehát: leírom, hátha érdekel valakit a Malwarebytes-el kapcsolatos beállítás -WinXP- (így nem akad össze, és a nagyméretű külső meghajtó használható):
1. MBAM ablak > Védelem > az első három pipát kivenni
2. MBAM ablak > Beállítások > Általános... > az első két pipát kivenni
3. MBAM ablak > Beállítások > Frissítés... > minden pipát kivenni
4. Windows > futtatás > services.msc > Mbamscheduler-t és a Mbamservices-t letiltani
5. Windows > futtatás > msconfig > Automatikus indítás-ban az mbamgui mellől kivenni a pipát
6. a gépet újraindítani
hétf. feb. 25, 2013 15:42
Profil Privát üzenet küldése
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
Rendben! Törlöm a mappákat és akkor szanálok egy pöttyet... van pár ashampoo és egyebek. Remélem maradék nélkül lejön mind..
hétf. feb. 25, 2013 9:04
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Idézet:
A C:/ meghajtón maradtak ilyen mappák, hogy: [_OTL], JRT, rsit, .... ezek is mehetnek a kukába?

Igen, azokat is torolheted.

Igen a Laci cimboranak igaza van, ijesmik mint Ashampoo, eg mittudom mijen optimalizo programok nem kellenek a rendszerbe.
Ez logika elen van hogy valami optimalizos programok,amit telepitsz mid beasa magat a rendszerbe, felfali a rendszernek addot memoriat es optimalizacios programnak nevezi magat.

Ugy ahogy a Laci irta, a redszerbe csak a virusvedelem kell, es az Xp-re meg Tuzfal is, mas semmi,untig eleg a CCleaner, is itt ott lefuttatni a malwarebytest, aztan letelepitni a geprol.
hétf. feb. 25, 2013 8:45
Profil Privát üzenet küldése Honlap
Laci_L
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11868
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: STELL Segit
-kataiandi- írta:
... A töredmezettmentesítőm Raxco (PerfectDisk) - azt hittem OI...
Ashampook mindig problémásak? ...

A Raxco-t nem ismerem, nem használom. De a Win-nek van sajátja is.
Az Ashampoo-t meg kerüld el. Mind bóvli. Más fórumtárs (Supervisor) már szívott vele sokat.

Kíváncsi vagyok mit mond erre stell. :shock:
vas. feb. 24, 2013 21:54
Profil Privát üzenet küldése
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
Értem, és köszönöm :). win7-van a gépemen. :)
A töredmezettmentesítőm Raxco (PerfectDisk) - azt hittem OI...
Ashampook mindig problémásak? (több ilyen kérdést nem itt teszek fel)

Stell- uccsó kérdés e témában:
A C:/ meghajtón maradtak ilyen mappák, hogy: [_OTL], JRT, rsit, .... ezek is mehetnek a kukába?
vas. feb. 24, 2013 20:50
Profil Privát üzenet küldése
Laci_L
a fórum lelke
Avatar

Csatlakozott: szer. márc. 24, 2004 13:43
Hozzászólások: 11868
Tartózkodási hely: Budapest, Solymár
Hozzászólás Re: STELL Segit
Miután megjavult a géped, mint outsider adnék tanácsot:
1. Csak olyan programot telepíts a gépedre, amire egyértelműen szükséged van, és több megbízható forrás is ajánlotta, kipróbálta.
2. Ha mindenképpen kísérletezni akarsz, annak sincs akadálya, de tudomásul kell venned, hogy fertőzést kaphatsz. Így minden adatodról legyen naprakész mentésed (nem a gépben, hanem valamilyen külső eszközön), és legyen partíció mentésed. Így ha elszáll a gép, vissza lehet térni az előző jó állapothoz. Erre a Win Rendszer helyreállítás teljesen alkalmatlan a legtöbb esetben, főleg a fertőzéseknél, csak a sok helyet foglalja.
3. Virtuális gépen kell futtatni minden olyan programot, ami ismeretlen, ellenőrizetlen, Crack, Patch, Keygen kell hozzá.
4. Ahogy stell írta, a kínai utánzat szoftverek jó esetben csak haszontalanok, de komoly kárt is tudnak okozni, talán még fertőzést is. Ilyenek pl: IObit..., Advanced..., XY kodekek..., stb.
5. És: evvel kellet volna kezdenem: mindig legyen a gépen működő, korrekt tűzfal, és antivírus. Ha Win7-ed van, ahhoz már nem nagyon kell tűzfal, jó a sajátja. Az XP-hez mindenképpen kell, a sajátja semmit sem ér. Mellesleg az antivírus nemigen szedi ki a fertőzést fájlból, adatfolyamból, csak karanténba rakja, és ezt jelzi.
vas. feb. 24, 2013 19:56
Profil Privát üzenet küldése
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
stell írta:
:D Koszi, egesegunkre.
Meg neked egy szep zenet, halgasd meg, igen szep>>.
http://www.youtube.com/watch?v=bOOOfK_heU4
Szia.
Udv

Tényleg szép!
További szép estét és hetet/évet...évtizedeket!! :wink: :mrgreen:
vas. feb. 24, 2013 16:47
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
:D Koszi, egesegunkre.
Meg neked egy szep zenet, halgasd meg, igen szep>>.
http://www.youtube.com/watch?v=bOOOfK_heU4
Szia.
Udv
vas. feb. 24, 2013 16:18
Profil Privát üzenet küldése Honlap
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
Köszi! Értem :) Szia!
Jutalmad így virtuálisan: !-F : https://encrypted-tbn0.gstatic.com/imag ... rlghRUzxwA
vas. feb. 24, 2013 16:11
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
csak azt ami kell, CCleaner Virusvedelem, es mas semmi,semmi ijen kinai szemetek minr adw-systemcare, meg mas szemetek, ez kinbai szemet lassan de biztosan szet szedi a rendszert,.
myfreezooval a probléma?, semmi csak nem tetszet hogy a att iranyitas volt, nyugodtan jatszhatod, tovabb.
Nincsen mitt,
Szia.
vas. feb. 24, 2013 15:58
Profil Privát üzenet küldése Honlap
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
Rendben! - Megtettem :)
Kérdés:
- te mit tennél hagynál a gépen, mint karbantartó stb... ccleaner gondolom az jó (?) töredezettmentesítő, vírusírtó meg ilyesmi...
- mi volt a myfreezooval a probléma? (szeretjük azt a játékot :) )

És kösziiiiii!!!!
vas. feb. 24, 2013 15:15
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Ok.
1:Nevezd att az combofix ikojat uninstall
futtasd, klik ok,ok,ok...
A combofix letelepitodik a geprol.

2Futtasd az ADWcleanert es klik Uninstall
ok

A tobbi programot amit hasznaltunk ,,torold, es kesz.
vas. feb. 24, 2013 15:00
Profil Privát üzenet küldése Honlap
-kataiandi-
arany tag

Csatlakozott: szomb. feb. 23, 2013 15:01
Hozzászólások: 122
Hozzászólás Re: STELL Segit
ComboFix 13-02-23.01 - Andi 013.02.24. 14:16:35.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.2534.1545 [GMT 1:00]
Running from: c:\users\Andi\Desktop\ComboFix.exe
Command switches used :: c:\users\Andi\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PROT6FLT
-------\Service_Prot6Flt
.
.
((((((((((((((((((((((((( Files Created from 2013-01-24 to 2013-02-24 )))))))))))))))))))))))))))))))
.
.
2013-02-24 13:23 . 2013-02-24 13:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-24 13:23 . 2013-02-24 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-24 12:13 . 2013-02-24 12:13 -------- d-----w- C:\_OTL
2013-02-24 10:29 . 2013-02-24 10:29 -------- d-----w- C:\rsit
2013-02-23 18:11 . 2013-02-23 18:11 -------- d-----w- c:\windows\ERUNT
2013-02-23 18:10 . 2013-02-23 18:10 -------- d-----w- C:\JRT
2013-02-23 17:53 . 2013-02-23 17:53 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2013-02-23 15:00 . 2013-02-23 15:00 -------- d-----w- c:\programdata\Malwarebytes
2013-02-22 21:03 . 2013-02-22 21:03 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EDF5DFD-8E51-4525-88D2-FB46FC111B24}\offreg.dll
2013-02-22 08:08 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EDF5DFD-8E51-4525-88D2-FB46FC111B24}\mpengine.dll
2013-02-13 20:45 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:45 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 06:53 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 06:53 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 06:53 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 06:53 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 06:53 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 06:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 06:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 06:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 06:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 06:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 06:52 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 06:52 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 20:54 . 2013-02-12 20:54 -------- d-----w- c:\users\Andi\AppData\Roaming\OpenOffice.org
2013-02-12 20:38 . 2013-02-12 20:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-02-06 17:06 . 2013-02-23 21:24 -------- d-----w- c:\users\Andi\AppData\Roaming\Skype
2013-02-06 17:06 . 2013-02-06 17:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-06 17:06 . 2013-02-06 17:06 -------- d-----r- c:\program files (x86)\Skype
2013-02-06 17:06 . 2013-02-06 17:06 -------- d-----w- c:\programdata\Skype
2013-02-06 15:28 . 2013-02-06 15:28 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-06 15:28 . 2013-02-06 15:28 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-06 15:28 . 2013-02-06 15:28 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-06 15:28 . 2013-02-06 15:28 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-06 15:28 . 2013-02-06 15:28 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-06 15:28 . 2013-02-06 15:28 188320 ----a-w- c:\windows\system32\java.exe
2013-02-06 15:28 . 2013-02-06 15:28 -------- d-----w- c:\program files\Java
2013-02-06 14:37 . 2013-02-06 15:40 -------- d-----w- c:\windows\SysWow64\Adobe
2013-02-04 14:59 . 2013-02-04 15:00 -------- d-----w- c:\program files (x86)\PhotoScape
2013-02-04 11:04 . 2013-02-04 11:04 -------- d-----w- c:\users\Andi\AppData\Local\Apple Computer
2013-01-29 20:09 . 2013-01-29 20:09 -------- d-----w- c:\users\Andi\AppData\Roaming\ExpressFiles
2013-01-26 06:51 . 2013-01-26 06:51 -------- d-----w- c:\users\Andi\AppData\Local\BVRP Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 10:34 . 2012-07-14 16:29 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 10:34 . 2011-12-03 14:07 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 20:51 . 2011-12-01 16:49 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 20:40 . 2013-01-08 20:40 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 20:40 . 2013-01-08 20:40 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-08 20:40 . 2013-01-08 20:40 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-08 20:40 . 2013-01-08 20:40 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-08 20:40 . 2013-01-08 20:40 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-08 20:40 . 2013-01-08 20:40 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-08 20:40 . 2013-01-08 20:40 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-08 20:40 . 2013-01-08 20:40 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-08 20:40 . 2013-01-08 20:40 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 20:40 . 2013-01-08 20:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 20:38 . 2013-01-08 20:38 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 20:38 . 2013-01-08 20:38 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-08 20:38 . 2013-01-08 20:38 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-08 20:38 . 2013-01-08 20:38 55296 ----a-w- c:\windows\SysWow64\cero.rs
2013-01-08 20:38 . 2013-01-08 20:38 55296 ----a-w- c:\windows\system32\cero.rs
2013-01-08 20:38 . 2013-01-08 20:38 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2013-01-08 20:38 . 2013-01-08 20:38 51712 ----a-w- c:\windows\system32\esrb.rs
2013-01-08 20:38 . 2013-01-08 20:38 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2013-01-08 20:38 . 2013-01-08 20:38 46592 ----a-w- c:\windows\system32\fpb.rs
2013-01-08 20:38 . 2013-01-08 20:38 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2013-01-08 20:38 . 2013-01-08 20:38 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-08 20:38 . 2013-01-08 20:38 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2013-01-08 20:38 . 2013-01-08 20:38 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2013-01-08 20:38 . 2013-01-08 20:38 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-08 20:38 . 2013-01-08 20:38 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2013-01-08 20:38 . 2013-01-08 20:38 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-08 20:38 . 2013-01-08 20:38 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2013-01-08 20:38 . 2013-01-08 20:38 40960 ----a-w- c:\windows\system32\cob-au.rs
2013-01-08 20:38 . 2013-01-08 20:38 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2013-01-08 20:38 . 2013-01-08 20:38 30720 ----a-w- c:\windows\SysWow64\usk.rs
2013-01-08 20:38 . 2013-01-08 20:38 30720 ----a-w- c:\windows\system32\usk.rs
2013-01-08 20:38 . 2013-01-08 20:38 2746368 ----a-w- c:\windows\system32\gameux.dll
2013-01-08 20:38 . 2013-01-08 20:38 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2013-01-08 20:38 . 2013-01-08 20:38 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2013-01-08 20:38 . 2013-01-08 20:38 23552 ----a-w- c:\windows\system32\oflc.rs
2013-01-08 20:38 . 2013-01-08 20:38 21504 ----a-w- c:\windows\SysWow64\grb.rs
2013-01-08 20:38 . 2013-01-08 20:38 21504 ----a-w- c:\windows\system32\grb.rs
2013-01-08 20:38 . 2013-01-08 20:38 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2013-01-08 20:38 . 2013-01-08 20:38 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2013-01-08 20:38 . 2013-01-08 20:38 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2013-01-08 20:38 . 2013-01-08 20:38 20480 ----a-w- c:\windows\system32\pegi.rs
2013-01-08 20:38 . 2013-01-08 20:38 20480 ----a-w- c:\windows\system32\pegi-pt.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-11 19:36 220632 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-11 19:36 220632 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-11 19:36 220632 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"avast"="d:\install\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-16 19456]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-12-16 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-12-16 30208]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-16 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-06-25 216080]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-04-12 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-03-24 412712]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 10:34]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 15:41]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 15:41]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233398410-2206852678-135025787-1000Core.job
- c:\users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 11:54]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233398410-2206852678-135025787-1000UA.job
- c:\users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 11:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-11 19:36 244696 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-11 19:36 244696 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-11 19:36 244696 ----a-w- c:\users\Andi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- d:\install\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.24.187.210 212.24.160.1
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\w8fznygo.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\install\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2013-02-24 14:29:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-24 13:29
ComboFix2.txt 2013-02-24 12:40
.
Pre-Run: 3 986 980 864 bájt szabad
Post-Run: 3 709 743 104 bájt szabad
.
- - End Of File - - 4314443CE7188ECD8AFB9D718D9F4A36
vas. feb. 24, 2013 14:34
Profil Privát üzenet küldése
stell
a fórum lelke
Avatar

Csatlakozott: vas. jún. 24, 2007 10:18
Hozzászólások: 6679
Tartózkodási hely: Revuca.S.k>>Szlovákia, nem tudok jól magyarul írni, ezért ilyen amit látsz,
Hozzászólás Re: STELL Segit
Script készítés:
Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad
és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett:
Kép
A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide.
Kód:
KILLALL::
Driver::
Prot6Flt
DDS::
uStart Page = hxxp://www.myfreezoo.hu/index/logout/#_ ... n=32603170
Extra::
FireFox::
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\w8fznygo.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva= ... 3&p=989621#p989621|http://www.myfreezoo.hu/index/logout/
RegLock::
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-2233398410-2206852678-135025787-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
ClearJavaCache::
vas. feb. 24, 2013 14:03
Profil Privát üzenet küldése Honlap
Hozzászólások megjelenítése:  Rendezés  
Hozzászólás a témához   Oldal: 4 / 16
  [ 774 hozzászólás ]  Oldal Előző  1, 2, 3, 4, 5, 6, 7 ... 16  Következő

Fórum kezdőlap » Terminal.hu » security

Időzóna: UTC + 1 óra


Ki van itt

Jelenlévő fórumozók: nincs regisztrált felhasználó valamint 34 vendég

Nem nyithatsz témákat ebben a fórumban.
Nem válaszolhatsz egy témára ebben a fórumban.
Nem szerkesztheted a hozzászólásaidat ebben a fórumban.
Nem törölheted a hozzászólásaidat ebben a fórumban.

Keresés:
Ugrás:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.
Magyar fordítás © Magyar phpBB Közösség