Terminál Fórum https://forum.technokrata.hu/forum/ |
|
atapi.sys trójai https://forum.technokrata.hu/forum/viewtopic.php?f=15&t=39150 |
Oldal: 3 / 3 |
Szerző: | stell [ hétf. márc. 08, 2010 20:57 ] |
Hozzászólás témája: | |
aha,ez lehetet egy veletlen restart is,meglassuk,csinald a malwarebytest. |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:51 ] |
Hozzászólás témája: | |
De még a OTL futtatás előtt indult újra... Ez bíztatóan hangzik Most jön a következő lépés, logolom, amint kész íme az OTL log: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1292428093-1770027372-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found. ADS C:\Documents and Settings\All Users\DRM:مهندسة deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:934D21CD deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Rendszergazda ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: user ->Temp folder emptied: 612742 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38115246 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 900 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 37,00 mb OTL by OldTimer - Version 3.1.35.0 log created on 03082010_204057 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Szerző: | stell [ hétf. márc. 08, 2010 20:44 ] |
Hozzászólás témája: | |
ot nembabralsz semmit csak azt csinald amit irtam,,most RUNFIX lesz. |
Szerző: | stell [ hétf. márc. 08, 2010 20:43 ] |
Hozzászólás témája: | |
igen mert adtam neki parancsot,,,aztan a logjat ide teszed a malwarenytesel gyors vizsgalatot csinalsz,a logot ide teszed,es aztan mar egy par lepes es keszek lesszunk, |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:43 ] |
Hozzászólás témája: | |
ugyanígy, mint az előbb?: - file age at valtoztani 30 > 7day ra. -bepipazni -Scan all users. -Lop check. -Purity check. -v sekciobaExtra Registry>bepotyozni>Use SafeList -az ablakjaba -customscan/fixes masold be a textet |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:40 ] |
Hozzászólás témája: | |
oké, most újraindult magától egyszercsak... |
Szerző: | stell [ hétf. márc. 08, 2010 20:36 ] |
Hozzászólás témája: | |
meg engedheted az deskop messenger futtasd az OTL programot es az ablakjaba customscan/fixes masold be a textet es most klik RUNFIX a logjat a restart utan tedd ide Kód: :OTL IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0 @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:934D21CD :commands [EmptyTemp] [start explorer] [Reboot] 2:lefuttatod a Malwarebytes programot a logjat tedd ide http://sites.google.com/site/virusstell ... rogramok-3 |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:32 ] |
Hozzászólás témája: | |
most látom, h a Dameontools-t mégsem szedte le, ezt csökentett módban nem láttam... most leszedtem a 'programok telepítése/törlése' dologgal. Most mindent elrontottam? |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:19 ] |
Hozzászólás témája: | |
Gyors kérdés: normal módban vagyok, indításkor a tűzfal blokkolta a "BackWeb-8876480"-t engedjem, vagy tartsam fenn a tiltást? |
Szerző: | stell [ hétf. márc. 08, 2010 20:13 ] |
Hozzászólás témája: | |
meg at vizsgalom a logot,csak nugodtan menj a rendes windowsba,,ne teveszen meg hogy a boot menuben van valasztas xp magyar recovery konzola a recovery konzolat a combofix telepitete fell,tehat kivalasztod az xp magyart es enter aztan ird meg ha mar ot leszel. |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:11 ] |
Hozzászólás témája: | |
PLUSZ van egy "extras" log is: OTL Extras logfile created on: 2010.03.08. 19:52:00 - Run 1 OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\user\Asztal Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 38,51 Gb Free Space | 12,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 100,01 Gb Total Space | 99,92 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive G: | 831,50 Gb Total Space | 646,38 Gb Free Space | 77,74% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 3,72 Gb Total Space | 0,14 Gb Free Space | 3,70% Space Free | Partition Type: FAT32 Drive J: | 1,89 Gb Total Space | 1,01 Gb Free Space | 53,56% Space Free | Partition Type: FAT Computer Name: GAJDOS-DESKTOP Current User Name: user Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 7 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup "{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max 2009 32-bit "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1DD47D49-F046-4919-831F-EE576A04D5B2}" = EOS Capture 1.1 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live feltöltőeszköz "{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}" = Imagesynth 2 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{274D87F9-1FD1-4E5E-81D1-5A060743298E}" = Imagesynth 2 Standalone "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max 2009 32-bit ProMaterials™ Library "{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max 2009 32-bit Movies "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD "{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37FF4E2A-5D07-4EF6-BE90-5C57000EA8BD}" = Support Videos 2 "{381E5158-D44E-4270-93E7-D121471ACEC1}" = modo Splash Kit "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BCD836E-FDBB-4898-87B1-3E0AF006FD00}" = Silo 2.1.1 "{3C146518-A710-4110-BF20-1A32E750F4CA}_is1" = iPhone Tunnel Suite v 2.0 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D63D27F-09D7-4420-9479-DD247CC31496}" = Windows Live Essentials "{5FCCD531-1B38-4A94-924C-127F722F1038}" = Nero 8 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F}" = Windows Live Messenger "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733EB793-0840-4D69-97AA-6934FC79DB16}" = Windows Live bejelentkezési segéd "{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In "{75B869DA-C51D-4021-B8C8-5C23F46E078F}" = ASUS Smart Doctor "{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "{816DAA3A-B289-4736-BE15-AFDE0A228618}" = Windows Live Sync "{891BB3F0-F157-4C82-8882-F920D7E9D42F}" = StitcherUnlimited2009 AdLM "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90546A9B-9B86-4D8A-B381-EF8D8AAE73E1}" = Extensis Suitcase 9.2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{977CEF18-AB33-4C8C-8D6A-B05972CA3F6C}" = UltraEdit v14.00a "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C31978A-E8DF-4CFE-879B-BB449B59C431}" = modo 401 Content "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1ED6E51-AC11-4F74-A802-F5BC7B5A8F4A}" = modo Support Videos "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AACCA3ED-9F2F-4336-8A80-B09D90DBB91B}" = Autodesk Stitcher Unlimited 2009 "{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0 "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1038-7B44-A90000000001}" = Adobe Reader 9 - Hungarian "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C16A6368-A3C4-47DB-A83E-49FE46E21831}" = ArtRage Wacom Edition "{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max 2009 32-bit Architectural Materials Library "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CADA5B76-F134-416A-997C-9A0E21FFC8C4}" = Silo 2.1 "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium "{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}" = EOS Viewer Utility 1.1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver "{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch "{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F523AC89-AD65-4B20-907B-925A05C08897}" = Windows Live Fotótár "{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries "{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card "{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit "{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC}" = modo 401 sp2 build 32834 "3D Object Converter for Windows 4.0" = 3D Object Converter for Windows 4.0 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium "ArchShaders for V-Ray vol.1_is1" = ArchShaders for V-Ray vol.1 "ArchShaders for V-Ray vol.2_is1" = ArchShaders for V-Ray vol.2 "Autodesk DWF Viewer" = Autodesk DWF Viewer "AVG8Uninstall" = AVG 8.5 "AviSynth" = AviSynth 2.5 "BS.Player ControlBar" = BS.Player ControlBar "BSPlayerf" = BS.Player FREE "CCleaner" = CCleaner "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "Crazybump" = Crazybump (remove only) "Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7 "DPP" = Canon Utilities Digital Photo Professional 3.4 "EOS Utility" = Canon Utilities EOS Utility "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02 "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "HHD Hex Editor 4.x" = HHD Software Free Hex Editor Neo 4.72 "HijackThis" = HijackThis 2.0.2 "InstallShield_{1DD47D49-F046-4919-831F-EE576A04D5B2}" = Canon Utilities EOS Capture 1.1 "InstallShield_{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}" = Imagesynth 2 "InstallShield_{274D87F9-1FD1-4E5E-81D1-5A060743298E}" = Imagesynth 2 Standalone "InstallShield_{381E5158-D44E-4270-93E7-D121471ACEC1}" = modo Splash Kit "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra "InstallShield_{75B869DA-C51D-4021-B8C8-5C23F46E078F}" = ASUS Smart Doctor "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor "InstallShield_{9C31978A-E8DF-4CFE-879B-BB449B59C431}" = modo 401 Content "InstallShield_{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}" = Canon Utilities EOS Viewer Utility 1.1 "InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver "InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC}" = modo 401 sp2 build 32834 "IrfanView" = IrfanView (remove only) "iSiloX" = iSiloX "KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full) "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "modoPresetLibrary_v1" = modoPresetLibrary_v1 from Null Studios | Institute "Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18) "MP4 to MP3 Converter" = MP4 to MP3 Converter "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "Sony Ericsson W800" = Sony Ericsson W800 Software "Stanza" = Stanza "Tablet Driver" = Tablet "Totalcmd" = Total Commander (Remove or Repair) "Videora iPod Converter" = Videora iPod Converter 4.05 "VLC media player" = VLC media player 1.0.3 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format Runtime "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiváló "winscp3_is1" = WinSCP 4.1.8 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "xvid" = XviD MPEG-4 Video Codec "YouTube Downloader App" = YouTube Downloader App 1.01 "ZillaTube" = ZillaTube 3.1 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010.02.25. 2:23:56 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: , verzió: 0.0.0.0, hibás modul: unknown, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.02.25. 14:30:01 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: , verzió: 0.0.0.0, hibás modul: unknown, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.02.25. 16:44:00 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: modo.exe, verzió: 401.32834.0.0, hibás modul: front4.dll, verzió: 401.0.0.32834, memóriacím: 0x0001c283. Error - 2010.03.03. 17:11:43 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: , verzió: 0.0.0.0, hibás modul: unknown, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.03.06. 15:03:57 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: , verzió: 0.0.0.0, hibás modul: unknown, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.03.07. 16:37:30 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: acrobat.exe, verzió: 8.0.0.456, hibás modul: msvcr80.dll, verzió: 8.0.50727.1433, memóriacím: 0x0001500a. Error - 2010.03.07. 18:32:23 | Computer Name = GAJDOS-DESKTOP | Source = Application Hang | ID = 1002 Description = Nem válaszoló alkalmazás: mbam.exe, verzió: 1.44.0.0, nem válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.03.07. 18:33:09 | Computer Name = GAJDOS-DESKTOP | Source = Application Hang | ID = 1002 Description = Nem válaszoló alkalmazás: mbam.exe, verzió: 1.44.0.0, nem válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.03.07. 18:33:40 | Computer Name = GAJDOS-DESKTOP | Source = Application Hang | ID = 1002 Description = Nem válaszoló alkalmazás: mbam.exe, verzió: 1.44.0.0, nem válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000. Error - 2010.03.07. 18:45:01 | Computer Name = GAJDOS-DESKTOP | Source = Application Error | ID = 1000 Description = Hibás alkalmazás: , verzió: 0.0.0.0, hibás modul: unknown, verzió: 0.0.0.0, memóriacím: 0x00000000. [ System Events ] Error - 2010.03.08. 14:12:35 | Computer Name = GAJDOS-DESKTOP | Source = DCOM | ID = 10005 Description = A DCOM a következő hibát észlelte :"%1084" EventSystem szolgáltatásnak "" paraméterekkel való indítása közben. Ezért a következő kiszolgálót nem sikerült futtatni: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010.03.08. 14:13:48 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7023 Description = A szolgáltatás (Számítógép-tallózó) leállt a következő hibával: %%1060 Error - 2010.03.08. 14:14:20 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7034 Description = A(z) mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.03.08. 14:14:20 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7034 Description = A(z) RaySat_3dsmax8 Server szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.03.08. 14:14:20 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7034 Description = A(z) Autodesk Licensing Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.03.08. 14:22:34 | Computer Name = GAJDOS-DESKTOP | Source = DCOM | ID = 10005 Description = A DCOM a következő hibát észlelte :"%1084" EventSystem szolgáltatásnak "" paraméterekkel való indítása közben. Ezért a következő kiszolgálót nem sikerült futtatni: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010.03.08. 14:23:39 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7026 Description = A következő boot- vagy rendszerindító illesztőprogram(ok) nem indult(ak) el: AsIO asuskbnt AvgLdx86 AvgMfx86 EIO_XP Fips intelppm SCDEmu Error - 2010.03.08. 14:35:52 | Computer Name = GAJDOS-DESKTOP | Source = DCOM | ID = 10005 Description = A DCOM a következő hibát észlelte :"%1084" EventSystem szolgáltatásnak "" paraméterekkel való indítása közben. Ezért a következő kiszolgálót nem sikerült futtatni: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010.03.08. 14:38:29 | Computer Name = GAJDOS-DESKTOP | Source = DCOM | ID = 10005 Description = A DCOM a következő hibát észlelte :"%1084" EventSystem szolgáltatásnak "" paraméterekkel való indítása közben. Ezért a következő kiszolgálót nem sikerült futtatni: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2010.03.08. 14:39:32 | Computer Name = GAJDOS-DESKTOP | Source = Service Control Manager | ID = 7026 Description = A következő boot- vagy rendszerindító illesztőprogram(ok) nem indult(ak) el: AsIO asuskbnt AvgLdx86 AvgMfx86 EIO_XP Fips intelppm SCDEmu < End of report > |
Szerző: | savi3 [ hétf. márc. 08, 2010 20:07 ] |
Hozzászólás témája: | |
OTL logfile created on: 2010.03.08. 19:52:00 - Run 1 OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\user\Asztal Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 38,51 Gb Free Space | 12,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 100,01 Gb Total Space | 99,92 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive G: | 831,50 Gb Total Space | 646,38 Gb Free Space | 77,74% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 3,72 Gb Total Space | 0,14 Gb Free Space | 3,70% Space Free | Partition Type: FAT32 Drive J: | 1,89 Gb Total Space | 1,01 Gb Free Space | 53,56% Space Free | Partition Type: FAT Computer Name: GAJDOS-DESKTOP Current User Name: user Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 7 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.03.08 19:44:45 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTL.exe PRC - [2010.02.22 22:13:43 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008.04.14 08:02:18 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.03.08 19:44:45 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2010.02.16 18:23:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.31 13:19:28 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.07.31 13:19:22 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.01.21 18:47:21 | 000,079,360 | ---- | M] (Autodesk) [Auto | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008.05.28 15:36:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2008.03.10 00:04:52 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2005.09.21 14:13:44 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8) SRV - [2005.01.10 12:10:38 | 000,729,088 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService) ========== Driver Services (SafeList) ========== DRV - [2009.07.31 13:19:31 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.07.31 13:19:31 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.04.29 18:50:52 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2008.12.26 00:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008.07.16 11:52:00 | 004,747,776 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.06.25 17:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.05.28 15:36:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) DRV - [2008.05.28 15:36:56 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D) DRV - [2008.05.28 15:36:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2008.04.13 08:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.12.17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2007.11.03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC) DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP) DRV - [2006.05.20 11:15:25 | 000,030,588 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu) DRV - [2006.05.04 19:02:58 | 000,380,928 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2005.06.13 09:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex) DRV - [2005.06.13 09:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2005.06.13 09:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm) DRV - [2005.06.13 09:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2005.06.13 09:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt) DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus) DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.04.26 06:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK) DRV - [2004.04.26 06:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou) DRV - [2004.04.26 06:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2004.04.26 06:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe) DRV - [2001.04.09 13:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: BSToolbar@toolbarnet.com:1.0.0.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.24 11:25:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010.01.28 21:56:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.22 22:13:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.22 22:13:48 | 000,000,000 | ---D | M] [2009.01.08 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2010.03.08 17:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7evaupyz.default\extensions [2009.01.14 19:29:29 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7evaupyz.default\searchplugins\bsplayer-search.xml [2010.03.07 21:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.09.25 07:56:08 | 000,001,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-hu.xml O1 HOSTS File: ([2010.03.08 19:22:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll () O3 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe () O4 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.) O4 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Suitcase Startup.lnk = C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe (Extensis Products Group) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1292428093-1770027372-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 1447300515 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.09 03:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.01.09 04:24:26 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error starting restore point: The function was called in safe mode. Error closing restore point: The sequence number is invalid. ========== Files/Folders - Created Within 7 Days ========== [2010.03.08 19:44:44 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTL.exe [2010.03.08 19:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.03.08 19:11:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.03.08 19:11:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.03.08 19:11:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.03.08 19:11:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.03.08 19:10:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.03.08 18:53:57 | 000,000,000 | ---D | C] -- C:\UsbFix [2010.03.08 18:21:00 | 000,000,000 | ---D | C] -- C:\_OTM [2010.03.08 18:18:30 | 000,508,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTM.exe [2010.03.08 18:17:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010.03.08 17:37:44 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\user\Asztal\SPTDinst-v162-x86.exe [2010.03.08 16:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.03.08 16:59:03 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.08 16:53:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent [2010.03.08 16:50:15 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.03.07 22:30:18 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.03.07 22:28:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.03.07 21:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2010.03.07 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009.06.11 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR [2009.04.14 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009.04.14 21:10:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009.02.04 23:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009.02.01 20:04:21 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll [2009.01.08 21:48:20 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2009.01.08 21:48:20 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2009.01.08 21:28:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2004.04.05 08:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL ========== Files - Modified Within 7 Days ========== [2010.03.08 19:44:45 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTL.exe [2010.03.08 19:42:12 | 001,053,710 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.08 19:42:12 | 000,439,588 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat [2010.03.08 19:42:12 | 000,435,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.08 19:42:12 | 000,095,622 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat [2010.03.08 19:42:12 | 000,068,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.03.08 19:38:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.03.08 19:35:52 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2010.03.08 19:35:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2010.03.08 19:22:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.03.08 19:22:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.03.08 19:14:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.03.08 19:13:49 | 000,012,407 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat [2010.03.08 19:03:56 | 003,882,589 | R--- | M] () -- C:\Documents and Settings\user\Asztal\macska.com.exe [2010.03.08 18:53:38 | 001,775,404 | ---- | M] () -- C:\Documents and Settings\user\Asztal\UsbFix.exe [2010.03.08 18:36:59 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\user\Asztal\SystemLook.exe [2010.03.08 18:18:30 | 000,508,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Asztal\OTM.exe [2010.03.08 18:10:30 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Adobe Acrobat Speed Launcher.lnk [2010.03.08 18:10:14 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.03.08 17:41:05 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003UA.job [2010.03.08 17:37:46 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\user\Asztal\SPTDinst-v162-x86.exe [2010.03.08 16:58:30 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\user\Asztal\RSIT.exe [2010.03.08 16:48:04 | 056,870,110 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.03.07 22:30:26 | 000,000,290 | RHS- | M] () -- C:\boot.ini [2010.03.07 20:41:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003Core.job [2010.03.07 12:53:20 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.07 12:53:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.03.06 18:26:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.03.03 21:07:32 | 003,094,528 | ---- | M] () -- C:\Documents and Settings\user\Asztal\Surrealism.pps ========== Files Created - No Company Name ========== [2010.03.08 19:11:34 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.03.08 19:11:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.03.08 19:11:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.03.08 19:11:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.03.08 19:11:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.03.08 19:03:23 | 003,882,589 | R--- | C] () -- C:\Documents and Settings\user\Asztal\macska.com.exe [2010.03.08 18:53:37 | 001,775,404 | ---- | C] () -- C:\Documents and Settings\user\Asztal\UsbFix.exe [2010.03.08 18:36:58 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\user\Asztal\SystemLook.exe [2010.03.08 16:58:26 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\user\Asztal\RSIT.exe [2010.03.07 22:30:25 | 000,000,220 | ---- | C] () -- C:\Boot.bak [2010.03.07 22:30:20 | 000,260,272 | ---- | C] () -- C:\cmldr [2010.03.03 21:07:03 | 003,094,528 | ---- | C] () -- C:\Documents and Settings\user\Asztal\Surrealism.pps [2009.09.08 17:40:31 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\evf2 [2009.09.08 17:33:57 | 000,000,015 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\regFN [2009.07.20 21:52:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND [2009.07.10 18:05:28 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe [2009.03.14 17:19:11 | 002,367,488 | ---- | C] () -- C:\WINDOWS\System32\frysdk32.dll [2009.02.11 16:50:34 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009.02.11 16:50:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009.02.11 16:50:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009.02.11 16:50:33 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009.02.11 16:50:33 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll [2009.02.06 11:42:59 | 000,000,046 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009.02.04 15:57:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll [2009.01.28 18:45:20 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.21 18:45:59 | 000,255,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2009.01.17 15:17:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Application Data\winscp.rnd [2009.01.14 19:44:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.01.13 14:48:56 | 000,295,028 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll [2009.01.09 12:27:54 | 000,002,988 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.01.09 12:08:58 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2009.01.09 04:16:26 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll [2009.01.09 04:16:26 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2009.01.09 04:16:24 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2009.01.09 04:16:24 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2009.01.09 04:13:29 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009.01.09 04:13:16 | 000,030,151 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009.01.09 04:13:16 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009.01.08 21:53:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009.01.08 21:53:11 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009.01.08 21:53:11 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009.01.08 21:53:11 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009.01.08 21:53:11 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009.01.08 21:53:11 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009.01.08 21:53:11 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009.01.08 21:53:11 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009.01.08 21:53:11 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009.01.08 21:36:38 | 000,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.08 21:25:18 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.01.08 21:25:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009.01.08 21:25:17 | 002,294,291 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009.01.08 21:25:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009.01.08 21:25:16 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.01.08 21:25:16 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.01.08 21:25:15 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.01.08 21:25:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.12.26 00:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.12.26 00:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.12.26 00:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.12.26 00:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.05.29 10:47:32 | 002,023,424 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll [2008.04.23 23:49:52 | 007,315,456 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll [2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2003.04.10 13:01:36 | 000,005,581 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2010.02.16 18:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2009.06.11 12:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009.01.09 17:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009.10.15 21:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrazyBump [2009.11.01 16:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\licensecb [2009.04.25 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009.01.22 19:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2009.07.20 16:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009.06.11 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR [2010.02.16 18:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk [2009.05.30 17:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVGTOOLBAR [2010.02.24 22:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus [2009.01.14 19:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer [2009.01.14 19:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro [2009.02.01 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon [2009.09.22 19:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech [2009.11.28 12:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Luxology [2009.04.06 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MAXON [2009.04.24 12:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MyPhoneExplorer [2009.01.28 11:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\onOne Software [2009.02.11 15:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Red Kawa [2009.02.11 12:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SharePod [2009.03.14 18:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thinstall [2009.01.22 20:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ubisoft ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2009.12.30 12:19:02 | 008,755,648 | ---- | M] (Vuze Inc.) -- C:\Vuze_Installer.exe < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2008.04.14 08:01:52 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 08:01:52 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\eventlog.dll [2008.04.14 08:01:52 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4BFA2DC223A814CCD1D07C6A0E26C72B -- C:\WINDOWS\system32\dllcache\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008.04.14 08:02:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 08:02:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\scecli.dll [2008.04.14 08:02:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=4F6A0B812BD286E97E26DF3E225ABCFB -- C:\WINDOWS\system32\dllcache\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008.04.14 08:01:58 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 08:01:58 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\netlogon.dll [2008.04.14 08:01:58 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A792F49B07A36D7F64D236C45BAC4A50 -- C:\WINDOWS\system32\dllcache\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008.04.13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008.04.13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < %SYSTEMDRIVE%\viamraid.sys /s /md5 > < %SYSTEMDRIVE%\nvata.sys /s /md5 > < %SYSTEMDRIVE%\NDIS.sys/s /md5 > Invalid Switch: s < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < %SYSTEMROOT%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0 @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:934D21CD < End of report > |
Szerző: | stell [ hétf. márc. 08, 2010 19:47 ] |
Hozzászólás témája: | |
Letolteni az asztalra>OTListIt2>> http://oldtimer.geekstogo.com/OTL.exe -Futatni - file age at valtoztani 30 > 7day ra. -bepipazni -Scan all users. -Lop check. -Purity check. -v sekciobaExtra Registry>bepotyozni>Use SafeList -az ablakjaba -customscan/fixes masold be a textet-es klik RUNSCAN -5-10 perc mulva add logot tedd ide -OTL.txt (az asztalon lesz). Kód: netsvcs %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %SYSTEMDRIVE%\nvatabus.sys /s /md5 %SYSTEMDRIVE%\viamraid.sys /s /md5 %SYSTEMDRIVE%\nvata.sys /s /md5 %SYSTEMDRIVE%\NDIS.sys/s /md5 %SYSTEMROOT%\*. /mp /s CREATERESTOREPOINT %SYSTEMROOT%\system32\*.dll /lockedfiles %SYSTEMROOT%\Tasks\*.job /lockedfiles |
Szerző: | savi3 [ hétf. márc. 08, 2010 19:43 ] |
Hozzászólás témája: | |
oké, nem megyek normal módba, mert úgy nem boot-ol... és lett egy internet Expoler az asztalon... |
Szerző: | savi3 [ hétf. márc. 08, 2010 19:39 ] |
Hozzászólás témája: | |
Köszönöm! Akkor megyek normal-ba, mert így kifolyik a szemem |
Szerző: | stell [ hétf. márc. 08, 2010 19:36 ] |
Hozzászólás témája: | |
ok,renbn van most mar mindegy hol vagy lehetsz mar a rendes windowsban is,,at vizsgalom a logot es megirom hogyan tovabb. |
Szerző: | savi3 [ hétf. márc. 08, 2010 19:34 ] |
Hozzászólás témája: | |
itt a log... az a baj, h még az elején rebootolt, és utána nem csökentett módba jött vissza.. aztán a következő reboot-nál megint csökkentett módba indítottam, most is abban vagyok. Ez rossz? ComboFix 10-03-08.01 - user 010.03.08. 19:14:22.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.2047.1582 [GMT 1:00] Running from: c:\documents and settings\user\Asztal\macska.com.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dokumentumok\Settings c:\windows\system32\ieuinit.inf c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 ))))))))))))))))))))))))))))))) . 2010-03-08 17:53 . 2010-03-08 18:10 -------- d-----w- C:\UsbFix 2010-03-08 17:21 . 2010-03-08 17:21 -------- d-----w- C:\_OTM 2010-03-08 15:59 . 2010-03-08 15:59 -------- d-----w- C:\rsit 2010-03-08 15:59 . 2010-03-08 15:59 -------- d-----w- c:\program files\trend micro 2010-03-08 15:50 . 2010-03-08 18:11 -------- d-----w- C:\ComboFix 2010-03-07 20:59 . 2010-03-07 20:59 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes 2010-03-07 20:59 . 2010-03-07 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-24 21:38 . 2010-02-24 21:38 -------- d-----w- c:\program files\CCleaner 2010-02-07 20:41 . 2010-02-07 20:41 -------- d-----w- C:\MODO_Config backup . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-08 18:18 . 2004-08-18 12:00 95842 ----a-w- c:\windows\system32\perfc00E.dat 2010-03-08 18:18 . 2004-08-18 12:00 439928 ----a-w- c:\windows\system32\perfh00E.dat 2010-03-08 18:13 . 2009-02-04 14:57 12407 ----a-w- c:\windows\system32\tablet.dat 2010-03-07 12:28 . 2009-12-26 11:37 -------- d-----w- c:\documents and settings\user\Application Data\vlc 2010-02-24 21:41 . 2009-01-09 16:08 -------- d-----w- c:\documents and settings\user\Application Data\Azureus 2010-02-22 21:17 . 2009-03-07 17:07 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss 2010-02-16 18:06 . 2009-01-14 17:17 -------- d-----w- c:\documents and settings\user\Application Data\Skype 2010-02-16 17:41 . 2009-01-14 17:18 -------- d-----w- c:\documents and settings\user\Application Data\skypePM 2010-02-16 17:25 . 2009-01-21 17:52 -------- d-----w- c:\documents and settings\user\Application Data\Autodesk 2010-02-16 17:23 . 2009-01-09 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-02-16 17:23 . 2009-01-09 10:58 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-02-16 17:22 . 2009-01-09 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-02-16 17:22 . 2009-01-09 10:58 -------- d-----w- c:\program files\Autodesk 2010-02-16 17:22 . 2009-01-09 03:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-16 15:29 . 2009-01-08 20:53 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin 2009-12-30 11:24 . 2009-02-04 17:09 10686001 ----a-w- c:\documents and settings\user\Application Data\Azureus\plugins\azump\mplayer.exe 2009-12-30 11:19 . 2009-12-30 11:08 8755648 ----a-w- C:\Vuze_Installer.exe 2009-07-10 17:08 . 2009-07-10 17:05 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872] "ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2009-04-17 1183744] "Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-30 133104] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-09-22 16384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640] "nwiz"="nwiz.exe" [2008-12-25 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-05-28 380928] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-1-9 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-9-22 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-22 813584] Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-1-13 614400] Suitcase Startup.lnk - c:\program files\Extensis\Suitcase 9.2\Suitcase.exe [2009-1-14 3354624] TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-2-4 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-31 12:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009.01.08. 21:48 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009.01.08. 21:48 5248] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009.01.08. 21:29 108552] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009.01.08. 21:29 335240] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009.07.08. 9:12 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009.02.04. 23:38 297752] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008.03.10. 0:04 65536] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-30 16:26] 2010-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-30 16:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bsplayer-search.com/startpage uInternet Settings,ProxyOverride = *.local;localhost IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {DC8F06C1-DE76-467C-96F2-8778D7B414CA} = 195.228.240.249,195.228.240.180 FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7evaupyz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - AddRemove-V-Ray for 3dsmax R8 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\install.log ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-08 19:22 Windows 5.1.2600 Szervizcsomag 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89A1A430]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28 \Driver\ACPI -> ACPI.sys @ 0xf7588cb8 \Driver\atapi -> 0x89a1a430 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b9 NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0 PacketIndicateHandler -> NDIS.sys @ 0xf786ea0d SendHandler -> NDIS.sys @ 0xf7882b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(500) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Completion time: 2010-03-08 19:28:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-08 18:28 Pre-Run: 41 369 300 992 bájt szabad Post-Run: 41 337 651 200 bájt szabad - - End Of File - - 4B2781089BF62FAB255B52C3C3C9740B |
Szerző: | stell [ hétf. márc. 08, 2010 19:13 ] |
Hozzászólás témája: | |
nem,az virusvedelmet hagyd ugy ha a combofix fogg kiabalni ok-ezd le. |
Szerző: | savi3 [ hétf. márc. 08, 2010 19:11 ] |
Hozzászólás témája: | |
gyors kérdés: CSökentett módban ki tudom iktatni az AVG-t? mert ebben a módban nem látok erre lehetőséget, és gondolom nem szabad mennie a ComboFix-el együtt... |
Szerző: | stell [ hétf. márc. 08, 2010 19:01 ] |
Hozzászólás témája: | |
Idézet: Laci cimbi irta stell Kérdezem: mi a helyzet a HijackThis 2.0.2 programmal? Mostanában nem ajánlod senkinek ma mar a mai virusok kimutatasara a HiJack keves,,,,nemutattsa ki a rendszerleirot es ez rossz,,mert tobbnyire a felhasznalok lefixaljak,aban a hiszembe hogy igy megoltek,ami nemigaz,,es en aztan nemlatom a logban,, igy valahogy. |
Szerző: | stell [ hétf. márc. 08, 2010 18:53 ] |
Hozzászólás témája: | |
1:fojtatod,eloszor kitisztitsuk a pendriveket ,,hasznalod ezt a programot,es a 2-es szamot nyomod be,,tehat fokozatosan minden pendrivet kitisztitol. http://sites.google.com/site/virusstell ... -fertozese tehat te rogton a 2-szamot nyomod be, 2:Letoltod a combofixet az asztalra de igy: Job klik a combofix linkjere-lementeni mint..... beirod macska.com es leteszed az asztalra aztan futtatod csokkentet modban ahogy le van irva a naplojat tedd ide http://sites.google.com/site/virusstell ... x-Let-lt-s: |
Szerző: | savi3 [ hétf. márc. 08, 2010 18:45 ] |
Hozzászólás témája: | |
OTM log: All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\Windows\svchost.exe moved successfully. C:\DOCUME~1\user\LOCALS~1\Temp\winlogin.exe moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30 passes\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30 passes\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30 passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes\baby glare - zeppelin B v30 folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\Passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\COMPOSITE\Result folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2\COMPOSITE folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN 2 folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 passes\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 passes\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 MATLUM\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 MATLUM\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 MATLUM folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70\results 2 folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes\baby glare - zeppelin v70 folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\Passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\COMPOSITE\Result folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN\COMPOSITE folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\ZEPPELIN folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\TRAM\Passes\baby glare - tram v01 passes\tex folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\TRAM\Passes\baby glare - tram v01 passes\results folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\TRAM\Passes\baby glare - tram v01 passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\TRAM\Passes folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1\TRAM folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500\Dg1 folder moved successfully. G:\RECYCLER\S-1-5-21-448933824-3588838514-2819994080-500 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di53 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Splash Kit folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Render folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Presets folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Mechanical folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\MDD\NULL Chicken folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\MDD folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Landscape folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Illustrator folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Humans folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Household folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Fur folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Food folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Exercises folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Creatures folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\ArchViz folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Animation folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples\Animals folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Samples folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\Table_Edges folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\Shapes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\RouterBits folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\Panel folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\Misc folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles\Door_Edges folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Profiles folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles\Watercraft folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles\Spacecraft folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles\Miscellaneous folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles\Automotive folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles\Aircraft folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Vehicles folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Stairways folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit\Water Surfaces folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit\Water Font folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit\Splashes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit\Pour folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit\Points For Replicator folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes\Splash Kit folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets\Meshes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52\Assets folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di52 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD\Google képkeresési találat http www.pcpress.co.yu arhiva images broj 116 110_glave-big.jpg_files folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD\Google képkeresési találat http img392.imageshack.us img392 656 4bgp3.jpg_files folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD\Google képkeresési találat http img254.imageshack.us img254 874 polyregionsif6.jpg_files folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD\Google képkeresési találat http img214.imageshack.us img214 9885 acmodel0fw.jpg_files folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD\Google képkeresési találat http cfs.tistory.com attach 5747 1060483260.jpg_files folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HEAD folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\HAND folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29\BODY folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di29 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di28\Luxology_Le_Mans_C9_Experience_Tutorial_Silvergraphics\Luxology_Le_Mans_C9_Experience_Tutorial_Silvergraphics\Reference_Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di28\Luxology_Le_Mans_C9_Experience_Tutorial_Silvergraphics\Luxology_Le_Mans_C9_Experience_Tutorial_Silvergraphics folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di28\Luxology_Le_Mans_C9_Experience_Tutorial_Silvergraphics folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di28 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di27\Loading_Scripts folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di27\cONTENT\Loading_Scripts folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di27\cONTENT\Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di27\cONTENT folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di27 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di26\Splash Kit Training folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di26\Splash Kit Print Res Renders folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di26 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Sealight folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Scene_Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Render folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Image_Ink folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Brushes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images\Backdrop folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene\Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Two_Scene folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Sealight folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Scene_Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Render folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Image_Ink folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Brushes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images\Backdrop folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene\Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Three_Scene folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Sealight folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Scene_Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Render folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Image_Ink folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Brushes folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images\Backdrop folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene\Images folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting\Video_Four_Scene folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25\Seahorse Sclupting folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di25 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24\RotaryEngine\Video Two\Content folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24\RotaryEngine\Video Two folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24\RotaryEngine\Video One\Content folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24\RotaryEngine\Video One folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24\RotaryEngine folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500\Di24 folder moved successfully. G:\RECYCLER\S-1-5-21-2206113451-3153393932-1655720693-500 folder moved successfully. G:\RECYCLER\S-1-5-21-1292428093-1770027372-1801674531-1003 folder moved successfully. G:\RECYCLER folder moved successfully. File/Folder G:\FSD9H-RJ328U98JD-3R7HFDSH-R37HDSDUI not found. File/Folder H:\RECYCLER not found. F:\RECYCLER\S-1-5-21-1292428093-1770027372-1801674531-1003 folder moved successfully. F:\RECYCLER folder moved successfully. File/Folder I:\RECYCLER not found. C:\WINDOWS\system32\DROPPEDFILEOK0003.tmp moved successfully. C:\WINDOWS\system32\DROPPEDFILEOK0002.tmp moved successfully. C:\WINDOWS\system32\DROPPEDFILEOK0001.tmp moved successfully. C:\WINDOWS\system32\winlogin.exe moved successfully. C:\WINDOWS\dlkmfm0jntg.exe moved successfully. C:\WINDOWS\system32\DROPPEDFILEOKppi9.tmp moved successfully. C:\WINDOWS\system32\DROPPEDFILEOKppi8.tmp moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe_ID0EYTHM deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\"MSN"|-- /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Host Process for Windows Services deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028c8505-d827-11de-9050-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{028c8505-d827-11de-9050-002354165e46}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{787a6bba-14ab-11df-90bc-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787a6bba-14ab-11df-90bc-002354165e46}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7adbcb-f1ef-11dd-8ec8-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f7adbcb-f1ef-11dd-8ec8-002354165e46}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5dd3ada-e34b-11dd-afff-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5dd3ada-e34b-11dd-afff-002354165e46}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c70f0e-1e0a-11de-8f18-001f1f066a27}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0c70f0e-1e0a-11de-8f18-001f1f066a27}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e06fcfa3-6df6-11de-8fab-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e06fcfa3-6df6-11de-8fab-002354165e46}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7da0576-e860-11dd-b00b-002354165e46}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7da0576-e860-11dd-b00b-002354165e46}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33404 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user ->Temp folder emptied: 1737667 bytes ->Temporary Internet Files folder emptied: 160146 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 67292190 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 33751556 bytes ->Flash cache emptied: 3769456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352076 bytes %systemroot%\System32 .tmp files removed: 2867 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 43435 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 104,00 mb Restore points cleared and new OTM Restore Point set! C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version 3.1.10.0 log created on 03082010_182100 |
Szerző: | savi3 [ hétf. márc. 08, 2010 18:44 ] |
Hozzászólás témája: | |
systemlook log: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 18:37 on 08/03/2010 by user (Administrator - Elevation successful) ========== filefind ========== Searching for "atapi.sys" C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [09:40 13/04/2008] [09:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [09:40 13/04/2008] [09:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys --a--- 96512 bytes [03:14 09/01/2009] [09:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys --a--- 96512 bytes [03:14 09/01/2009] [09:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --a--- 96512 bytes [03:14 09/01/2009] [10:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674 -=End Of File=- |
Szerző: | stell [ hétf. márc. 08, 2010 18:39 ] |
Hozzászólás témája: | |
C: \ _OTMoveIt \ MovedFiles xxx it van ojan veletlen neve van. ok majd egyenkent kipucoljuk,egyet kapcsolj a gephez es hagyd ott,es fojtasd a kovetkezo lepesel. |
Szerző: | savi3 [ hétf. márc. 08, 2010 18:36 ] |
Hozzászólás témája: | |
Csökkentett módban vagyok, futattam az OTM.exe-t, de mire kimásoltam volna az eredményt, újraindult. hol találom meg a log-file-t, amit el kell küldenem neked?? Igen, egyenként tudom a pendrive-okat csatlakoztatni. |
Szerző: | stell [ hétf. márc. 08, 2010 18:00 ] |
Hozzászólás témája: | |
minden pendrivet kapcsold a gephez mert mind megvan fertozve,,ha nemtuddod mindet akkor majd fokozatosan kipucoljuk oket. |
Szerző: | savi3 [ hétf. márc. 08, 2010 17:56 ] |
Hozzászólás témája: | |
Rendben, ASkBAr törölve.. |
Szerző: | savi3 [ hétf. márc. 08, 2010 17:53 ] |
Hozzászólás témája: | |
Oké, két probléma: 1. nem találom a telepítés/törlésnél az "AskBarDis"-t, 2. Milyen Pedrive-ot? általában többet is használok Ne haragudj, h ennyire értetlen vagyok... |
Szerző: | stell [ hétf. márc. 08, 2010 17:36 ] |
Hozzászólás témája: | |
szed le a geprol a vezerlo pulton keresztull C:\Program Files\AskBarDis szed le a geprol a DAEMONT es restart csokkentet modba. http://sites.google.com/site/virusstell ... on-Alcohol Kapcsold a gephez a Pendriveket amit hasznalsz. 1:lemegy csokentet modba a HALOZATAL.. http://sites.google.com/site/virusstell ... entett-mod 2: http://oldtimer.geekstogo.com/OTM.exe Tolds le az asztalra 2x kattintással elindul OTMoveIt3.exe .-a sarga vonas ala baloldalon , helyezze,masolja be Scriptet[textet a kod nelkul] amelyet a forumon kap, . Kattints a piros gombora Moveit! tegyük a fórumba a zold ablak tartalmát.Ha kap üzeneteket újraindít>beleegyezeunk >YES> Kód: :processes explorer.exe :files C:\Windows\svchost.exe C:\DOCUME~1\user\LOCALS~1\Temp\winlogin.exe G:\RECYCLER G:\FSD9H-RJ328U98JD-3R7HFDSH-R37HDSDUI H:\RECYCLER F:\RECYCLER I:\RECYCLER C:\WINDOWS\system32\DROPPEDFILEOK0003.tmp C:\WINDOWS\system32\DROPPEDFILEOK0002.tmp C:\WINDOWS\system32\DROPPEDFILEOK0001.tmp C:\WINDOWS\system32\winlogin.exe C:\WINDOWS\dlkmfm0jntg.exe C:\WINDOWS\system32\DROPPEDFILEOKppi9.tmp C:\WINDOWS\system32\DROPPEDFILEOKppi8.tmp :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "NeroFilterCheck"=- ""=- "Adobe_ID0EYTHM"=- "QuickTime Task"=- "SunJavaUpdateSched"=- "MSN"=-- "winlogon"=- "Host Process for Windows Services"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028c8505-d827-11de-9050-002354165e46}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{787a6bba-14ab-11df-90bc-002354165e46}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7adbcb-f1ef-11dd-8ec8-002354165e46}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5dd3ada-e34b-11dd-afff-002354165e46}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c70f0e-1e0a-11de-8f18-001f1f066a27}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e06fcfa3-6df6-11de-8fab-002354165e46}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7da0576-e860-11dd-b00b-002354165e46}] :commands [emptytemp] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot] maradj csokkentet modban es a logjat tedd ide. 3:tolds le az asztalra-futtatod-az ablakjaba masold be a textet es klik-look a logjat ted ide systemlook Kód: :filefind atapi.sys |
Szerző: | Laci_L [ hétf. márc. 08, 2010 17:13 ] |
Hozzászólás témája: | |
stell Kérdezem: mi a helyzet a HijackThis 2.0.2 programmal? Mostanában nem ajánlod senkinek. |
Szerző: | savi3 [ hétf. márc. 08, 2010 17:06 ] |
Hozzászólás témája: | |
Ez pedig az info jegyzettömb, nem tudom, melyik kell, ezért ezt is küldöm: info.txt logfile of random's system information tool 1.06 2010-03-08 16:59:20 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Object Converter for Windows 4.0-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\3D Object Converter 4.0\UnInst.log" "/APPNAME=3D Object Converter for Windows 4.0" Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A} Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Reader 9 - Hungarian-->MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-A90000000001} Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350} Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArchShaders for V-Ray vol.1-->"C:\Program Files\Autodesk\3dsMax8\archshaders\uninstall\unins000.exe" ArchShaders for V-Ray vol.2-->"C:\Program Files\Autodesk\3dsMax8\archshaders\uninstall2\unins000.exe" ArtRage Wacom Edition-->MsiExec.exe /I{C16A6368-A3C4-47DB-A83E-49FE46E21831} Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly ASUS Smart Doctor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{809D7E6D-915D-4EAD-821F-E13D93F37161} /l1033 ASUS Smart Doctor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{75B869DA-C51D-4021-B8C8-5C23F46E078F} /l1033 ASUS VideoSecurity Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7} Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries-->MsiExec.exe /I{F681200C-0446-0409-ABE4-EA9105E40EE4} Autodesk 3ds Max 2009 32-bit Architectural Materials Library-->MsiExec.exe /I{C251E4E6-89BA-0409-9B42-1B3D01D34783} Autodesk 3ds Max 2009 32-bit Movies-->MsiExec.exe /I{305D5417-E687-0409-AA09-53DE06E059F8} Autodesk 3ds Max 2009 32-bit ProMaterials™ Library-->MsiExec.exe /I{2AB45FAF-2D92-0409-8D33-E2FE6172280E} Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In-->MsiExec.exe /I{EFCBBB01-F876-0409-B91F-7B6132E8BB64} Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In-->MsiExec.exe /I{744A5C19-AA4C-0409-BC07-9F4C73C8B247} Autodesk 3ds Max 2009 32-bit-->MsiExec.exe /I{FDD8070F-E3B9-0409-822C-CCFE5E82C14D} Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC} Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove Autodesk Stitcher Unlimited 2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AACCA3ED-9F2F-4336-8A80-B09D90DBB91B}\Setup.exe" -l0x9 UNINSTALL AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} Bluerock Technologies Flight Studio 3ds Max 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-0409-A739-3E29DDE4DC3C} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} BS.Player ControlBar-->C:\Program Files\BS.Player ControlBar\uninst.exe BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe" Canon EOS 20D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3} Canon Utilities Digital Photo Professional 3.4-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini" Canon Utilities EOS Capture 1.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1DD47D49-F046-4919-831F-EE576A04D5B2} Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities EOS Viewer Utility 1.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D1CA45BE-431A-4FA7-8E98-AFE546F96D58} Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Crazybump (remove only)-->"C:\Program Files\Crazybump\uninst.exe" Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7-->"C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe" DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} EPU-4 Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\setup.exe" -l0x9 erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564} EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Extensis Suitcase 9.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90546A9B-9B86-4D8A-B381-EF8D8AAE73E1}\Setup.exe" -l0x9 FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe Genuine Fractals 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly HHD Software Free Hex Editor Neo 4.72-->"C:\Program Files\HHD Software\Hex Editor Neo\Setup\uninstHEX.exe" -u HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Imagesynth 2 Standalone-->"C:\Program Files\InstallShield Installation Information\{274D87F9-1FD1-4E5E-81D1-5A060743298E}\setup.exe" -runfromtemp -l0x0409 -removeonly Imagesynth 2 Standalone-->MsiExec.exe /I{274D87F9-1FD1-4E5E-81D1-5A060743298E} Imagesynth 2-->"C:\Program Files\InstallShield Installation Information\{213D87A3-BE42-42CE-9B2C-7BF7A85710DD}\setup.exe" -runfromtemp -l0x0409 -removeonly Imagesynth 2-->MsiExec.exe /I{213D87A3-BE42-42CE-9B2C-7BF7A85710DD} iPhone Tunnel Suite v 2.0-->"C:\Program Files\iPhone Tunnel Suite\unins000.exe" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iSiloX-->C:\Program Files\iSilo\iSiloX\IXWSetup.exe /u iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} K-Lite Codec Pack 4.4.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040E-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} modo 401 Content-->"C:\Program Files\InstallShield Installation Information\{9C31978A-E8DF-4CFE-879B-BB449B59C431}\setup.exe" -runfromtemp -l0x0409 -removeonly modo 401 Content-->MsiExec.exe /I{9C31978A-E8DF-4CFE-879B-BB449B59C431} modo 401 sp2 build 32834-->"C:\Program Files\InstallShield Installation Information\{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC}\setup.exe" -runfromtemp -l0x0409 -removeonly modo 401 sp2 build 32834-->MsiExec.exe /I{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC} modo Splash Kit-->"C:\Program Files\InstallShield Installation Information\{381E5158-D44E-4270-93E7-D121471ACEC1}\setup.exe" -runfromtemp -l0x0409 -removeonly modo Splash Kit-->MsiExec.exe /I{381E5158-D44E-4270-93E7-D121471ACEC1} modo Support Videos-->"C:\Program Files\InstallShield Installation Information\{A1ED6E51-AC11-4F74-A802-F5BC7B5A8F4A}\setup.exe" -runfromtemp -l0x0009 -removeonly modoPresetLibrary_v1 from Null Studios | Institute-->C:\Program Files\Luxology\modo 302\content\Uninstall_NullPresetLibrary.exe Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP4 to MP3 Converter-->C:\Program Files\MP4Converter\MP4 to MP3 Converter 3\Uninstall.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1038} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0xe -removeonly Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Silo 2.1.1-->MsiExec.exe /X{3BCD836E-FDBB-4898-87B1-3E0AF006FD00} Silo 2.1-->MsiExec.exe /X{CADA5B76-F134-416A-997C-9A0E21FFC8C4} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Sony Ericsson W800 Software-->C:\Program Files\Sony Ericsson\Sony Ericsson W800\W800Uninstall.exe Stanza-->"C:\Program Files\Stanza\uninstall.exe" StitcherUnlimited2009 AdLM-->MsiExec.exe /X{891BB3F0-F157-4C82-8882-F920D7E9D42F} Support Videos 2-->"C:\Program Files\InstallShield Installation Information\{37FF4E2A-5D07-4EF6-BE90-5C57000EA8BD}\setup.exe" -runfromtemp -l0x0009 -removeonly Tablet-->C:\Program Files\Tablet\Remove.exe /u Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60} UltraEdit v14.00a-->MsiExec.exe /I{977CEF18-AB33-4C8C-8D6A-B05972CA3F6C} Videora iPod Converter 4.05-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe V-Ray for 3dsmax R8 for x86-->"C:\Program Files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Chaos Group\V-Ray\3dsmax R8 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax R8 for x86" Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" Vuze-->C:\Program Files\Vuze\uninstall.exe Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Live bejelentkezési segéd-->MsiExec.exe /I{733EB793-0840-4D69-97AA-6934FC79DB16} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{5D63D27F-09D7-4420-9479-DD247CC31496} Windows Live feltöltőeszköz-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live Fotótár-->MsiExec.exe /X{F523AC89-AD65-4B20-907B-925A05C08897} Windows Live Messenger-->MsiExec.exe /X{6D431157-ED9D-4AB1-A2C9-1FAA0A04419F} Windows Live Sync-->MsiExec.exe /X{816DAA3A-B289-4736-BE15-AFDE0A228618} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR archiváló-->C:\Program Files\WinRAR\uninstall.exe WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe" XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf YouTube Downloader App 1.01-->C:\Program Files\Red Kawa\Downloader App\uninstaller.exe ZillaTube 3.1-->C:\Program Files\ZillaTube\uninst.exe Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4} ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: AVG Anti-Virus ======System event log====== Computer Name: GAJDOS-DESKTOP Event Code: 51 Message: Hiba történt az eszközön (\Device\Harddisk1\D) a lapozási művelet közben. Record Number: 33037 Source Name: Disk Time Written: 20100207214111.000000+060 Event Type: figyelmeztetés User: Computer Name: GAJDOS-DESKTOP Event Code: 51 Message: Hiba történt az eszközön (\Device\Harddisk1\D) a lapozási művelet közben. Record Number: 33036 Source Name: Disk Time Written: 20100207214111.000000+060 Event Type: figyelmeztetés User: Computer Name: GAJDOS-DESKTOP Event Code: 51 Message: Hiba történt az eszközön (\Device\Harddisk1\D) a lapozási művelet közben. Record Number: 33035 Source Name: Disk Time Written: 20100207214111.000000+060 Event Type: figyelmeztetés User: Computer Name: GAJDOS-DESKTOP Event Code: 51 Message: Hiba történt az eszközön (\Device\Harddisk1\D) a lapozási művelet közben. Record Number: 33034 Source Name: Disk Time Written: 20100207214111.000000+060 Event Type: figyelmeztetés User: Computer Name: GAJDOS-DESKTOP Event Code: 51 Message: Hiba történt az eszközön (\Device\Harddisk1\D) a lapozási művelet közben. Record Number: 33033 Source Name: Disk Time Written: 20100207214111.000000+060 Event Type: figyelmeztetés User: =====Application event log===== Computer Name: GAJDOS-DESKTOP Event Code: 0 Message: Record Number: 6201 Source Name: Nero BackItUp Scheduler 3 Time Written: 20090728195335.000000+120 Event Type: információ User: Computer Name: GAJDOS-DESKTOP Event Code: 3 Message: Record Number: 6200 Source Name: RaySat_3dsmax2009_32 Server Time Written: 20090728195334.000000+120 Event Type: információ User: Computer Name: GAJDOS-DESKTOP Event Code: 3 Message: Record Number: 6199 Source Name: RaySat_3dsmax8 Server Time Written: 20090728195334.000000+120 Event Type: információ User: Computer Name: GAJDOS-DESKTOP Event Code: 3 Message: Record Number: 6198 Source Name: RaySat_3dsmax8 Server Time Written: 20090728195333.000000+120 Event Type: információ User: Computer Name: GAJDOS-DESKTOP Event Code: 1 Message: Record Number: 6197 Source Name: Bonjour Service Time Written: 20090728195333.000000+120 Event Type: információ User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\backburner;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
Szerző: | savi3 [ hétf. márc. 08, 2010 17:03 ] |
Hozzászólás témája: | |
Íme a log: Logfile of random's system information tool 1.06 (written by random/random) Run by user at 2010-03-08 16:59:03 Microsoft Windows XP Professional Szervizcsomag 3 System drive C: has 44 GB (15%) free of 305 GB Total RAM: 2047 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:19, on 2010.03.08. Platform: Windows XP Szervizcsomag 3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\DOCUME~1\user\LOCALS~1\Temp\svcUpdate.exe C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Asztal\RSIT.exe C:\Program Files\trend micro\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSN] C:\Windows\svchost.exe O4 - HKLM\..\Run: [winlogon] C:\DOCUME~1\user\LOCALS~1\Temp\winlogin.exe O4 - HKLM\..\Run: [Host Process for Windows Services] C:\Windows\svchost.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O4 - Global Startup: Suitcase Startup.lnk = ? O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1447300515 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC8F06C1-DE76-467C-96F2-8778D7B414CA}: NameServer = 195.228.240.249,195.228.240.180 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Dokumentumok\Settings\cbss.dll (file missing) O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 14458 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1770027372-1801674531-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live bejelentkezési segítség - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120] {2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-16 16806400] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2008-07-23 5625344] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2008-05-28 380928] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152] ""= [] "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-05-20 188416] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "MSN"=C:\Windows\svchost.exe [2010-03-07 132096] "winlogon"=C:\DOCUME~1\user\LOCALS~1\Temp\winlogin.exe [2010-02-25 394829] "Host Process for Windows Services"=C:\Windows\svchost.exe [2010-03-07 132096] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872] "ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2009-04-17 1183744] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "Google Update"=C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-30 133104] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2009-09-22 16384] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe Suitcase Startup.lnk - C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg] C:\Documents and Settings\All Users\Dokumentumok\Settings\cbss.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028c8505-d827-11de-9050-002354165e46}] shell\AutoRun\command - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe shell\OpEn\command - G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{787a6bba-14ab-11df-90bc-002354165e46}] shell\AutoRun\command - G:\FSD9H-RJ328U98JD-3R7HFDSH-R37HDSDUI\H-8-2-93-15616262-2164572814-7592741-26462\autorunme.exe shell\Explore\command - G:\ shell\open\command - G:\FSD9H-RJ328U98JD-3R7HFDSH-R37HDSDUI\H-8-2-93-15616262-2164572814-7592741-26462\autorunme.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7adbca-f1ef-11dd-8ec8-002354165e46}] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f7adbcb-f1ef-11dd-8ec8-002354165e46}] shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5dd3ada-e34b-11dd-afff-002354165e46}] shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c70f0e-1e0a-11de-8f18-001f1f066a27}] shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e06fcfa3-6df6-11de-8fab-002354165e46}] shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7da0576-e860-11dd-b00b-002354165e46}] shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe shell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe ======List of files/folders created in the last 1 months====== 2010-03-08 16:59:03 ----D---- C:\rsit 2010-03-08 16:59:03 ----D---- C:\Program Files\trend micro 2010-03-08 16:50:15 ----SD---- C:\ComboFix 2010-03-07 23:44:07 ----A---- C:\WINDOWS\system32\DROPPEDFILEOK0003.tmp 2010-03-07 22:30:25 ----A---- C:\Boot.bak 2010-03-07 22:30:18 ----RASHD---- C:\cmdcons 2010-03-07 22:28:41 ----D---- C:\WINDOWS\ERDNT 2010-03-07 21:59:09 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes 2010-03-07 21:59:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-06 18:29:00 ----A---- C:\WINDOWS\system32\DROPPEDFILEOK0002.tmp 2010-03-01 20:30:07 ----A---- C:\WINDOWS\system32\DROPPEDFILEOK0001.tmp 2010-03-01 20:29:34 ----A---- C:\WINDOWS\system32\winlogin.exe 2010-02-24 22:38:12 ----D---- C:\Program Files\CCleaner 2010-02-24 20:57:25 ----A---- C:\WINDOWS\dlkmfm0jntg.exe 2010-02-15 08:35:16 ----A---- C:\WINDOWS\system32\DROPPEDFILEOKppi9.tmp 2010-02-14 15:46:24 ----A---- C:\WINDOWS\system32\DROPPEDFILEOKppi8.tmp ======List of files/folders modified in the last 1 months====== 2010-03-08 16:59:03 ----RD---- C:\Program Files 2010-03-08 16:56:13 ----D---- C:\Program Files\Mozilla Firefox 2010-03-08 16:53:46 ----D---- C:\WINDOWS\Temp 2010-03-08 16:53:46 ----D---- C:\WINDOWS 2010-03-08 16:51:29 ----D---- C:\WINDOWS\system32\drivers 2010-03-08 16:46:06 ----D---- C:\WINDOWS\system32 2010-03-07 23:46:01 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-03-07 22:32:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-07 22:32:14 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-07 22:30:26 ----RASH---- C:\boot.ini 2010-03-07 22:28:48 ----SHD---- C:\System Volume Information 2010-03-07 22:28:48 ----D---- C:\WINDOWS\system32\Restore 2010-03-07 22:20:26 ----HD---- C:\$AVG8.VAULT$ 2010-03-07 22:19:45 ----RSH---- C:\WINDOWS\svchost.exe 2010-03-07 21:58:47 ----D---- C:\WINDOWS\Prefetch 2010-03-07 13:28:15 ----D---- C:\Documents and Settings\user\Application Data\vlc 2010-03-07 12:53:20 ----A---- C:\WINDOWS\NeroDigital.ini 2010-02-24 22:41:16 ----D---- C:\Documents and Settings\user\Application Data\Azureus 2010-02-24 22:41:15 ----D---- C:\WINDOWS\Minidump 2010-02-24 22:41:15 ----D---- C:\WINDOWS\Debug 2010-02-24 22:35:52 ----D---- C:\_install 2010-02-22 22:17:26 ----D---- C:\Documents and Settings\user\Application Data\dvdcss 2010-02-16 19:06:56 ----D---- C:\Documents and Settings\user\Application Data\Skype 2010-02-16 18:41:58 ----D---- C:\Documents and Settings\user\Application Data\skypePM 2010-02-16 18:25:58 ----D---- C:\Documents and Settings\user\Application Data\Autodesk 2010-02-16 18:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2010-02-16 18:23:40 ----SHD---- C:\WINDOWS\Installer 2010-02-16 18:23:31 ----D---- C:\Program Files\Common Files\Autodesk Shared 2010-02-16 18:22:46 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-16 18:22:46 ----D---- C:\Program Files\Autodesk 2010-02-16 18:22:46 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk 2010-02-11 07:20:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2008-05-28 11136] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-29 108552] R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys [] R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-05-20 30588] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-13 21275] R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2008-05-28 12416] R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA busz-illesztőprogram - High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-16 4747776] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] R3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344] R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928] R3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2008-05-28 10752] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R4 sr;Rendszer-helyreállító szűrő illesztőprogramja; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Feliratdekódoló; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [] S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2004-04-26 54657] S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-04-26 24605] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-04-26 38081] S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-04-26 71405] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink - Sink átalakító; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/videokapcsolat; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424] S3 usbscan;USB-képolvasó illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768] S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264] S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224] S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792] S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664] S3 WSTCODEC;World Standard Teletext kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2008-05-28 262144] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-01-21 79360] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536] R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056] R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-01-10 729088] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-16 651720] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784] S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- |
Szerző: | stell [ hétf. márc. 08, 2010 14:25 ] |
Hozzászólás témája: | |
ok,ez csak a kiindulo pont,tanacsolom mast necsinalj csak azt amit irok,,mivel hogy az atapi,megvan fertozve es valami mas programot lefuttats tonkre teheted a rendszert,, udv |
Szerző: | savi3 [ hétf. márc. 08, 2010 14:21 ] |
Hozzászólás témája: | |
Köszönöm szépen! Este, ha hazaérek a munkából megteszek mindent, és küldöm a log-ot! |
Szerző: | stell [ hétf. márc. 08, 2010 14:11 ] |
Hozzászólás témája: | |
Udv A legrosszabb amit tehetel,,nemlehet rogton ossze vissza futtatni a combofixet es a malwarebytest.mert a rootkitek ismerik es blokoljak oket. 1:Leszedni a combofixet a geprol,remelem hogy az asztalon van,,akkor -klik-start-klik-futtatas-masold be ezt a parancsot a ablakba combofix /uninstall klik ok. 2:A vezerlo pulton keresztul szed le a Malwarebytes programot. 3:Kitissztitod a gepet a CCleaner programal http://sites.google.com/site/virusstell/seged-programok 4:Kikapcsolod a rendszervisszalitasat http://sites.google.com/site/virusstell ... ista-win-7 5:Ide teszed az RSIT naplojat. RSIT az egyik alap szkaner szükséges a Malware jelenlétének kimutatására,amelyek rosszindulatú programokat telepítenek a számítógépre.A hasznalata egyszeru,letoltsuk innen az asztalra>RSIT Klik>Continue>egy kiss ido mulva ad logot,eztet kerem tegye be a temajaba, http://images.malwareremoval.com/random/RSIT.exe |
Szerző: | savi3 [ hétf. márc. 08, 2010 13:27 ] |
Hozzászólás témája: | atapi.sys trójai |
Sziasztok! Segítségre lenne szükségem, de nagyon kezdő felhasználó vagyok -olyannyira, h a problémát is alig bírom érthetően előadni. De megpróbálom. Szóval a rendszer XP sp3 32 bit. Vírusírtó: AVG 8.5 A tünetek: Az AVG kidob egy ablakot, ezzel: c:\windows\system32\drivers\atapi.sys infected Trojan Horse Packed.Protector.C Utána olvastam, mi is ez, találtam angol hozzászólásokat, hát egy comboFixet lenyomtam a talált utasításoknak megfelelően, ám a ComboFix letöltötte amit kell, csinált restore pontot, majd elkezdte a scant, és 3/4 óra múlva még mindig semmi nem történt a kis kék ablakban. Leállítottam. Letöltöttem a Malwarebytes Anti-Malware-t, elindítom, a teljes scant, ám miután megtalálta az 5. fertőzést, kifagyott, és újraindult. Akkor megpróbáltam a gyors scacnt- és bár nem indult újra, itt is kifagyott az 5. fertőzés megtalálása után. Kikapcsoláskor mindenféle "alkalmazás inicializálása meghiusult" dob, aztán rendesen leáll. Kérdésem, h mit csinálhattam én rosszul, vagy ha nem én csináltam rosszul, akkor most mi van? Az AVG azóta más vírust is talált, sőt mostanában szinte minden bekapcsoláskor talál valamit. JA! ezzel egy időben a google Chrome sem indul a gépemen. azaz elindul, de nem tölt be semmit. Volt CCleaner, reinstall, semmi. VAlaki tudna valami okosat mondani? |
Oldal: 3 / 3 | Időzóna: UTC + 1 óra |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |