Terminál Fórum https://forum.technokrata.hu/forum/ |
|
Imre https://forum.technokrata.hu/forum/viewtopic.php?f=15&t=39512 |
Oldal: 2 / 2 |
Szerző: | stell [ pén. júl. 09, 2010 9:58 ] |
Hozzászólás témája: | Re: Imre |
hm,futtasd megegyszer,,most ,,pipaz be mindent es ugy futtasd le,a logjat tedd ide. |
Szerző: | Kinley [ pén. júl. 09, 2010 9:51 ] |
Hozzászólás témája: | Re: Imre |
RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Szervizcsomag 2) Number of processors #1 ============================================== >Drivers ============================================== 0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181760 bytes (Microsoft Corporation, NT - kernel és rendszer) 0x804D7000 PnpManager 2181760 bytes 0x804D7000 RAW 2181760 bytes 0x804D7000 WMIxWDM 2181760 bytes 0xBF800000 Win32k 1847296 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Többfelhasználós Win32 illesztőprogram) 0xF7EDF000 C:\WINDOWS\system32\drivers\cmuda.sys 1335296 bytes (C-Media Inc, C-Media Audio WDM Driver) 0xF80D0000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xBFA3A000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology) 0xF8450000 00000053 856064 bytes 0xF8450000 sptd.sys 856064 bytes 0xF82C6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xEF3EF000 C:\WINDOWS\system32\drivers\amon.sys 499712 bytes (Eset , Amon monitor) 0xEFB02000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF7D41000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver) 0xEFC0E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xEF34D000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver) 0xEED94000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xBFA05000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver) 0xF7D9A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xF840A000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI illesztőprogram NT-hez) 0xEF469000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF8299000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xEE248000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xEFB99000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xEFBE6000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xF83B4000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Lemezkezelő I/O illesztője) 0xF7EBB000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF8025000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xF8099000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xEFBC4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0xEFAE1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator) 0x806EC000 ACPI_HAL 131968 bytes 0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF837C000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF83DA000 ftdisk.sys 126976 bytes (Microsoft Corporation, Hibatűrő illesztőprogram) 0xF827E000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xF839C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xEFA29000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF8438000 C:\WINDOWS\System32\Drivers\SPTD7661.SYS 98304 bytes 0xF8353000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF7EA4000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xEF654000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF8072000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Párhuzamos port illesztőprogramja) 0xF80BC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xEFC66000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xF8086000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 77824 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver ) 0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF836A000 sr.sys 73728 bytes (Microsoft Corporation, Rendszer-visszaállítás fájlrendszeri szűrő-illesztőprogramja) 0xF83F9000 pci.sys 69632 bytes (Microsoft Corporation, NT - Plug and Play PCI-enumeráló) 0xF7DF3000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF8632000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF86D2000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Soroseszközillesztő) 0xF8712000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF8702000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, RedbookAudio szűrő illesztője) 0xEF979000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF87A2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0xF86F2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF8582000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF86C2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8082-port illesztőprogramja) 0xF8722000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF8562000 VolSnap.sys 53248 bytes (Microsoft Corporation, Kötet árnyékmásolatának illesztőprogramja) 0xF8742000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF86E2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF8552000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF8732000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF86B2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processzor eszközillesztője) 0xF8782000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF8772000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF8572000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF8602000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS titkosításillesztő) 0xF8542000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA busz illesztője) 0xF8752000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF85F2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xEE3EB000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF8612000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF88B2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF8852000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xF889A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xF885A000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Billentyűzetosztály illesztőprogramja) 0xF87C2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF884A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF8862000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class illesztőprogram) 0xF88A2000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF886A000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver) 0xF888A000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xF88AA000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF87CA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF887A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF8882000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver) 0xF8872000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF8842000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xF88CA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xF824A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xEF9C1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xF8A2A000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xF8952000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF7DD3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF8A36000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF8A2E000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell) 0xF8212000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF8A02000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer) 0xF8A64000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF8A48000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xF8A72000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xF8AC0000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 8192 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver) 0xF8A62000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF8A46000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE illesztőprogram) 0xF8A42000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF8A68000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF8AB4000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM párhuzamos illesztő) 0xF8A6A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF8A5C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF8A5E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF8A44000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF8B0E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xF8B80000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF8C56000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF8B0A000 pciide.sys 4096 bytes (Microsoft Corporation, Általános PCI IDE buszillesztő) 0x81FCA0E8 unknown_irp_handler 3864 bytes 0x81FE20E8 unknown_irp_handler 3864 bytes 0x81FF51E8 unknown_irp_handler 3608 bytes 0x823A7250 unknown_irp_handler 3504 bytes 0x82162290 unknown_irp_handler 3440 bytes 0x821656A0 unknown_irp_handler 2400 bytes 0x8214CA68 unknown_irp_handler 1432 bytes 0x8217EEB0 unknown_irp_handler 336 bytes ============================================== >Stealth ============================================== WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys] WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd7661.sys] |
Szerző: | stell [ pén. júl. 09, 2010 9:46 ] |
Hozzászólás témája: | Re: Imre |
Letöltés Rootkit Unhooker Mentsd meg az asztalra. RKUnhooker Most duplán kattintva RKUnhookerLE.exe-hoz futtassuk . Kattintson a Report fülre, majd kattintson a Scan. Ellenőriz (bepipazni) Drivers, Stealth,.a többit"" Törölje"" . majd kattintson az OK gombra. Várj, amíg a kutató befejezte, majd kattintson a Fájl Mentés jelentés. Mentse a jelentést valahol,ahol megtalálja. Kattintson a Bezárás gombra. a teljes jelentés tartalma illessze be idde. Megjegyzés: kaphat ezt a figyelmeztetést ""Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?" Figyelem kivul hagyni-ignoralni"" |
Szerző: | Kinley [ pén. júl. 09, 2010 9:42 ] |
Hozzászólás témája: | Re: Imre |
Firefox-szal sem megy (megjegyzem, mintha most jobban futna valamennyivel, de ezzel sem tudok feltölteni). /Az IE-t megnéztem, de minden pontosan úgy van beállítva, ahogy a listán is szerepel./ |
Szerző: | stell [ pén. júl. 09, 2010 9:16 ] |
Hozzászólás témája: | Re: Imre |
Hasznald a Firefoxot: IE:Bealitasa: Indítsa el az Internet Explorert, kattintson az Eszközökre válassza ki az Internet-beállítások-Összeköttetések-Kapcsolatok -fülre-LÁN-beállítások-kapcsolja ki aszt hogy "Használni a proxy szerver a helyi hálózaton"-majd nyomja meg a Rendben gombot.Most, hogy le van tiltva a proxy szerver az Internet Explorer ismét fog kapcsolódni az internetre. A az Internet Explorer kattintson az Eszközök menüben, majd kattintson a Beállítások. * Kattintson egyszer a Biztonság fülre * Kattintson egyszer az Internet ikonra, így az kiemelt. * Kattintson egyszer az Egyéni szint gombra. * Változás az Aláírt ActiveX vezérlők letöltése Kérdés * Módosítsa a Download aláíratlan ActiveX-vezérlők letiltása * Módosítsa a inicializálása és futtatása ActiveX-vezérlők nem biztonságos letiltása * Módosítsa a telepítés az asztali elemek Kérdés * Változtassuk meg a programok és fájlok indítása egy IFRAME Kérdés * Ha az összes ezeket a beállításokat tettek, kattintson az OK gombra. * Ha rákérdez, hogy e vagy sem szeretné menteni a beállításokat, nyomja meg az Igen gombot. Ezután nyomja meg az Alkalmaz gombra, majd az OK gombra, hogy kilépjen a Tulajdonságok internetes oldalon. |
Szerző: | Kinley [ pén. júl. 09, 2010 9:10 ] |
Hozzászólás témája: | Re: Imre |
Nem tudom, hogy ez a cucc megfogja-e a feltöltési sebességemet is, vagy nem, de amit print screen-t töltöttem fel neked még a blogra, az is elég hoszú ideig tartott. Akárhogy próbálkozom, vagy kapok egy "Az Internet Explorer nem tudja megjeleníteni a weblapot" üzenetet, vagy lent, bal oldalon megjelenik az a sárga háromszöges, felkiáltójeles HIba az oldalon megnevezés. Pedig ezek csak pár száz KB-nyi cuccok. Próbálkozom tovább azért, hátha. |
Szerző: | stell [ pén. júl. 09, 2010 9:04 ] |
Hozzászólás témája: | Re: Imre |
teszteld a többit is. |
Szerző: | Kinley [ pén. júl. 09, 2010 8:54 ] |
Hozzászólás témája: | Re: Imre |
http://virusscan.jotti.org/en/scanresul ... af5406b653 |
Szerző: | stell [ pén. júl. 09, 2010 8:48 ] |
Hozzászólás témája: | Re: Imre |
probald itt http://www.virustotal.com/hu/ vagy itt: http://virusscan.jotti.org/ |
Szerző: | Kinley [ pén. júl. 09, 2010 8:00 ] |
Hozzászólás témája: | Re: Imre |
Este is próbálgattam, nem ment, most megnéztem reggel is, mindig ezt a hibaüzenetet kapom: "Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /vt/hu/recepcion. Reason: Error reading from remote server" |
Szerző: | stell [ csüt. júl. 08, 2010 20:50 ] |
Hozzászólás témája: | Re: Imre |
ha kiirja valamejikre hogy mar volt tesztelve,,teszteld le ujra,,ma mar vegzek,,majd holnap regell ojan 8-9 ora korul be nezek ide udv. |
Szerző: | Kinley [ csüt. júl. 08, 2010 20:01 ] |
Hozzászólás témája: | Re: Imre |
Rendben, köszi. Amint visszaérek, ezzel folytatom, s küldöm az eredményeket. |
Szerző: | stell [ csüt. júl. 08, 2010 19:59 ] |
Hozzászólás témája: | Re: Imre |
leteszteled a http://www.virustotal.com C:\Program Files\Far\Plugins\BCopy\bcsvc.exe c:\windows\system32\drivers\tcpip.sys c:\windows\system32\OLEPRO32.DLL c:\windows\makefolder.exe Megtalalod-alomany kuldese-megvarod az eredmenyt es a linket tedd ide-aztan kkuldod a masikot--,,, csak nyugodtan,menj a gyereker,,,van ido,, |
Szerző: | Kinley [ csüt. júl. 08, 2010 19:56 ] |
Hozzászólás témája: | Re: Imre |
Még megvárom a következő lépést, aztán engedelmeddel, megköszönve az eddigieket, el kell ugranom a fiamért. Ha még itt leszel, s lesz időd, akkor folytathatjuk este, ha nem, akkor holnap, ha az megfelel. (Most is, miközben írok, maguk a betűk marha lassan követik a gépelés sebességét.) |
Szerző: | Kinley [ csüt. júl. 08, 2010 19:53 ] |
Hozzászólás témája: | Re: Imre |
Most mintha jobb lenne egy fokkal, de az oldalbetöltések még mindig igen lassúak, és most egy új jelenség, hogy nincs a gépelés arányával a betűk megjelenési sebessége, tehát épelek egy mondatot, aztán marha lassan jönnek elő a betűk (remélem, érthetően fogalmaztam meg). A képen csatolt karaktergond is fenn áll továbbra is. Most kipróbáltam, az index.hu 15-16 mp alatt töltődött csak be, s a gmail.com-ra is kellett vagy 10 mp, elég lassú, holott a netem gyors és a fájlletöltések is nagyon jól mennek. De összegezve, egy fokkal most talán jobb. |
Szerző: | stell [ csüt. júl. 08, 2010 19:47 ] |
Hozzászólás témája: | Re: Imre |
Idézet: a menuben-kivalasztani mindent" - ezt úgy értelmezem, hogy a jobb klikkre nyíló panleből rámentem "az összes kijelölése" opcióra. igen pontosan igy ahogy irod,,nekem nincsen magyar windowsom tehat elnezest, probald ki a gepet,,,,es ird le hogy viselkedik a gep. |
Szerző: | Kinley [ csüt. júl. 08, 2010 19:45 ] |
Hozzászólás témája: | Re: Imre |
Bootkit Remover version 1.0.0.1 (c) 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: 6def5ffcbcdbdb4082f1015625e597bd \\.\E: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Press any key to quit... "a menuben-kivalasztani mindent" - ezt úgy értelmezem, hogy a jobb klikkre nyíló panleből rámentem "az összes kijelölése" opcióra. |
Szerző: | stell [ csüt. júl. 08, 2010 19:41 ] |
Hozzászólás témája: | Re: Imre |
ok,egyenket fogom irni most megint csinald ezztet Idézet: bootkit remover.. 2x-klik-futtasd-kinyilik az ablak-jobb klik a fekete ablakba-a menuben-kivalasztani mindent-nyomd be a bilentyut CTRL+C es ide a temadba -beteszed-megnyomod az CTRL+V |
Szerző: | Kinley [ csüt. júl. 08, 2010 19:38 ] |
Hozzászólás témája: | Re: Imre |
Elkezdtem újra, viszont telejsen szétfagyott közben a gép, nem indult el semmi. Most végülis van egy iylen OTL log. Ez az , amit keresünk? Ha igen, akkor pontosan most mi következik? All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. ========== FILES ========== File\Folder C:\WINDOWS\system32\*.tmp.dll not found. File\Folder C:\WINDOWS\system32\SET*.tmp not found. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP201.tmp folder moved successfully. C:\WINDOWS\Installer\MSI215.tmp moved successfully. C:\WINDOWS\Installer\MSI226.tmp moved successfully. C:\WINDOWS\Installer\MSICE.tmp moved successfully. C:\WINDOWS\Installer\MSID7.tmp moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Rendszergazda ->Temp folder emptied: 453723 bytes ->Temporary Internet Files folder emptied: 26180339 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 23259639 bytes ->Flash cache emptied: 2526 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 48,00 mb [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Rendszergazda ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Restore points cleared and new OTL Restore Point set! C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.8.1 log created on 07082010_201432 Files\Folders moved on Reboot... C:\Documents and Settings\Rendszergazda\Local Settings\Temp\IH5FE.tmp moved successfully. File\Folder C:\Documents and Settings\Rendszergazda\Local Settings\Temp\~DF2BE2.tmp not found! File\Folder C:\Documents and Settings\Rendszergazda\Local Settings\Temp\~DFAB09.tmp not found! File\Folder C:\Documents and Settings\Rendszergazda\Local Settings\Temp\~DFBF8E.tmp not found! File\Folder C:\Documents and Settings\Rendszergazda\Local Settings\Temp\~DFE1A2.tmp not found! C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\8R9PX19Q\generic[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\3F0V87O2\forum[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\3F0V87O2\forum_footer[1].html moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\3F0V87O2\viewtopic[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\2BNG81NC\aegon_LG_jatek_160x290_v3[1].swf moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\2BNG81NC\laurent-koscielny[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\2BNG81NC\login_status[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\2BNG81NC\showTopicList[1].htm moved successfully. C:\Documents and Settings\Rendszergazda\Local Settings\Temporary Internet Files\Content.IE5\2BNG81NC\xd_receiver[1].htm moved successfully. Registry entries deleted on Reboot... |
Szerző: | stell [ csüt. júl. 08, 2010 19:36 ] |
Hozzászólás témája: | Re: Imre |
na hol alt meg a tudásod?? |
Szerző: | stell [ csüt. júl. 08, 2010 19:14 ] |
Hozzászólás témája: | Re: Imre |
OTL eztet Kód: :OTL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) :files C:\WINDOWS\system32\*.tmp.dll /s C:\WINDOWS\system32\SET*.tmp /s C:\WINDOWS\*.tmp /s :commands [purity] [emptytemp] [emptyflash] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot] Ha lefutot a Fix.bat akor ujbol futtasd az REMOVER.exe0es a fekete ablakbol tedd ide a logot. |
Szerző: | Kinley [ csüt. júl. 08, 2010 19:04 ] |
Hozzászólás témája: | Re: Imre |
Most kicsit le kell lassítani, mert a hibám miatt nem egyértelmű a dolog, elnézést. Valamit megint elszúrhattam, vagy félreértettem (?), emrt a FIX.bat után csak egy pillanatra fut vmi DOS-alapú cucc, de ennyi, nem kérdez semmit a gép, és nem is restartol. Vagy nem is kell neki, és most az OTL-be rakom ezt:? @ECHO OFF remover.exe fix \\.\PhysicalDrive0 EXIT és ezek után fog újraindulni? |
Szerző: | stell [ csüt. júl. 08, 2010 18:56 ] |
Hozzászólás témája: | Re: Imre |
Eloszor akkor csinald az Fix.bat ugy ahogy leirtam. aztan az OTL-nemkel semit se bantani csak azt amit irtam bemasolod es klik RUNFIX. |
Szerző: | Kinley [ csüt. júl. 08, 2010 18:54 ] |
Hozzászólás témája: | Re: Imre |
Na, ezt akkor elcsesztem, az OTL-eset nem vettem észre, és kihagytam. Most akkor, ha OTL-be másolom a fentit, ugyanúgy pipáljam ki LOP meg Purity checket, stb., mint ahogy korábban csináltam? Vagy msot akkor már hagyjam, s ezzel a FIX.bat-tal folytassam tovább? |
Szerző: | stell [ csüt. júl. 08, 2010 18:47 ] |
Hozzászólás témája: | Re: Imre |
Az OTL-logja hol van?? Idézet: Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük mint fix.bat az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>FIX.bat>Fájl típusa>Minden fájl>Mentés.(Ásztálra) 2x klik-futtatod,ha kerdez bele egyezel-a gep restartol. Kód: @ECHO OFF remover.exe fix \\.\PhysicalDrive0 EXIT A restart utan ujbol-futtatod a REMOVER>EXE programot es a fekete ablakbol ide teszed a logot. |
Szerző: | Kinley [ csüt. júl. 08, 2010 18:35 ] |
Hozzászólás témája: | Re: Imre |
Bootkit Remover version 1.0.0.1 (c) 2009 eSage Lab www.esagelab.com \\.\C: -> \\.\PhysicalDrive0 MD5: d1d2ba68bb9b4db3d59d6b15035d0966 \\.\E: -> \\.\PhysicalDrive0 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Press any key to quit... |
Szerző: | stell [ csüt. júl. 08, 2010 18:30 ] |
Hozzászólás témája: | Re: Imre |
Futtasd az OTL-programot-az ablakjaba masold be a zold textet es klikRUNFIX a restart utan a logot tedd ide. Kód: :OTL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) :files C:\WINDOWS\system32\*.tmp.dll /s C:\WINDOWS\system32\SET*.tmp /s C:\WINDOWS\*.tmp /s :commands [purity] [emptytemp] [emptyflash] [ClearAllRestorePoints] [resethosts] [start explorer] [Reboot] tolds le az asztalra-csomagold ki az asztalra. bootkit_remover 2x-klik-futtasd-kinyilik az ablak-jobb klik a fekete ablakba-a menuben-kivalasztani mindent-nyomd be a bilentyut CTRL+C es ide a temadba -beteszed-megnyomod az CTRL+V |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:51 ] |
Hozzászólás témája: | Re: Imre |
OTL Extras logfile created on: 2010.07.08. 18:35:31 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Rendszergazda\Asztal Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 503,00 Mb Total Physical Memory | 207,00 Mb Available Physical Memory | 41,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 4,74 Gb Free Space | 16,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 45,23 Gb Total Space | 0,55 Gb Free Space | 1,22% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WXPEE_723 Current User Name: Rendszergazda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.) Directory [cmd] -- cmd.exe /k cd (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01EE13C7-04FC-4A46-B4C9-AFD43C0DDB5F}" = Windows Live Messenger "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# 1.1 Redistributable Package "{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4596FE05-2736-45D7-9C10-018B14351038}" = Nero 7 Premium "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{8373F44F-39F5-4017-B092-910F488967A2}" = Akadémiai MoBiMouse Plus - Angol "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver "{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{A16BE761-139E-40D8-826F-F6D077CDFDAD}" = Winamp AudioPlayer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager "{C1FD146D-230B-421B-B747-E00B6AC83465}" = Macromedia Shockwave Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft Web Services Enhancements 2.0 SP3 "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AnyDVD" = AnyDVD "AutoItv3" = AutoIt v3.2.0.1 "BSPlayerf" = BS.Player FREE "Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0 "C-Media Audio" = C-Media 3D Audio "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "HP OrderReminder" = HP OrderReminder "HP-LaserJet 1018" = LaserJet 1018 "HVG2007" = HVG Archívum 2007 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft Visual J# 2.0 Redistributable" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "NOD32" = NOD32 antivirus system "Notepad++" = Notepad++ "Redhouse" = Redhouse "Stanza" = Stanza "Totalcmd" = Total Commander (Remove or Repair) "uTorrent" = µTorrent "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WinRAR archiver" = WinRAR archiváló ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010.07.08. 4:04:00 | Computer Name = WXPEE_723 | Source = ESENT | ID = 439 Description = wuauclt (3256) A következő fájl árnyékfejléce nem írható: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Hibakód: -1808 Error - 2010.07.08. 4:04:04 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 352: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) Error - 2010.07.08. 4:16:33 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 348: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) Error - 2010.07.08. 8:52:54 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 352: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) Error - 2010.07.08. 10:19:35 | Computer Name = WXPEE_723 | Source = PerfNet | ID = 2004 Description = Nem lehet megnyitni a kiszolgáló szolgáltatást. A kiszolgáló teljesítményadatai nem lesznek visszaadva. A visszaadott hibakód a duplaszó 0 adatban van. Error - 2010.07.08. 10:21:31 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 492: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) Error - 2010.07.08. 10:23:52 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 484: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) Error - 2010.07.08. 10:50:13 | Computer Name = WXPEE_723 | Source = ESENT | ID = 485 Description = wuauclt (3204) A(z) „C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log” fájl törlése a(z) 32 (0x00000020) rendszerhiba miatt nem sikerült: „A folyamat nem fér hozzá a fájlhoz, mert azt egy másik folyamat használja. ”. A fájltörlési művelet a következő hiba miatt fog leállni: -1032 (0xfffffbf8). Error - 2010.07.08. 10:50:13 | Computer Name = WXPEE_723 | Source = ESENT | ID = 485 Description = wuauclt (3204) A(z) „C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log” fájl törlése a(z) 32 (0x00000020) rendszerhiba miatt nem sikerült: „A folyamat nem fér hozzá a fájlhoz, mert azt egy másik folyamat használja. ”. A fájltörlési művelet a következő hiba miatt fog leállni: -1032 (0xfffffbf8). Error - 2010.07.08. 10:51:33 | Computer Name = WXPEE_723 | Source = Bonjour Service | ID = 100 Description = 320: ERROR: read_msg errno 10054 (A létező kapcsolatot a távoli állomás kényszerítetten bezárta.) [ System Events ] Error - 2010.07.08. 10:39:29 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7031 Description = A(z) NOD32 Kernel Service szolgáltatás váratlanul leállt. Ez a(z) 2. alkalommal fordult elő. 0 milliszekundumon belül a következő ellenintézkedés történik: A szolgáltatás újraindítása. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) WMI teljesítményadapter szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) Bonjour Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) FAR Background Copy Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) Machine Debug Manager szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) Alkalmazási réteg átjárószolgáltatása szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:14 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7031 Description = A(z) NOD32 Kernel Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 0 milliszekundumon belül a következő ellenintézkedés történik: A szolgáltatás újraindítása. Error - 2010.07.08. 11:37:15 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) Java Quick Starter szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:37:15 | Computer Name = WXPEE_723 | Source = Service Control Manager | ID = 7034 Description = A(z) Nyomtatásisor-kezelő szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. Error - 2010.07.08. 11:42:36 | Computer Name = WXPEE_723 | Source = PlugPlayManager | ID = 11 Description = A(z) Root\LEGACY_LDISKL\0000 eszköz eltűnt a rendszerből az eltávolításra való előzetes felkészítés nélkül. < End of report > |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:50 ] |
Hozzászólás témája: | Re: Imre |
OTL logfile created on: 2010.07.08. 18:35:31 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Rendszergazda\Asztal Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 503,00 Mb Total Physical Memory | 207,00 Mb Available Physical Memory | 41,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 4,74 Gb Free Space | 16,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 45,23 Gb Total Space | 0,55 Gb Free Space | 1,22% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WXPEE_723 Current User Name: Rendszergazda Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.07.08 18:33:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe PRC - [2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.11.23 20:53:52 | 000,507,904 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe PRC - [2006.11.14 14:00:00 | 000,081,920 | ---- | M] (Ivan Heckman) -- C:\WINDOWS\allSnap.exe PRC - [2006.11.14 14:00:00 | 000,069,632 | ---- | M] (bigLasagne) -- C:\WINDOWS\makefolder.exe PRC - [2006.01.30 18:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe PRC - [2005.03.31 15:32:22 | 000,430,080 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe PRC - [2004.04.01 20:05:06 | 000,038,400 | ---- | M] () -- C:\Program Files\Far\Plugins\BCopy\bcsvc.exe PRC - [2002.12.20 12:17:56 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\WINDOWS\PowerMenu.exe ========== Modules (SafeList) ========== MOD - [2010.07.08 18:33:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe MOD - [2006.11.14 14:00:00 | 000,065,536 | ---- | M] (Ivan Heckman) -- C:\WINDOWS\snap_libW.dll MOD - [2006.09.21 17:47:31 | 000,073,728 | ---- | M] (Thong Nguyen) -- C:\WINDOWS\powerMenuHook.dll MOD - [2006.08.25 17:53:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.11.23 20:53:52 | 000,507,904 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn) SRV - [2004.04.01 20:05:06 | 000,038,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Far\Plugins\BCopy\bcsvc.exe -- (FARBCopy) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2006.11.23 20:59:14 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2006.11.23 20:53:53 | 000,502,368 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON) DRV - [2006.11.23 20:49:39 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2006.11.23 20:43:12 | 000,643,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2006.09.24 19:15:32 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2006.04.22 03:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2005.03.04 05:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.origo.hu/ IE - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 10:14:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 10:14:59 | 000,000,000 | ---D | M] [2010.05.11 10:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Extensions [2010.07.03 00:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\7nbvva9c.default\extensions [2010.06.25 11:59:25 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\7nbvva9c.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.07.01 06:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.11 13:26:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.11 23:05:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.11 23:05:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.07.31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010.04.01 19:13:57 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010.04.01 19:13:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\polymeta.xml [2010.04.01 19:13:57 | 000,001,628 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\sztaki-en-hu.xml [2010.04.01 19:13:57 | 000,000,974 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vatera.xml [2010.04.01 19:13:57 | 000,001,189 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-hu.xml O1 HOSTS File: ([2010.07.08 17:43:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O4 - HKLM..\Run: [AllSnap] C:\WINDOWS\allsnap.exe (Ivan Heckman) O4 - HKLM..\Run: [MakeFolder] C:\WINDOWS\makefolder.exe (bigLasagne) O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset ) O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard) O4 - HKLM..\Run: [PowerMenu] C:\WINDOWS\powermenu.exe (Thong Nguyen) O4 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [AfterPost] C:\WINDOWS\afterpost.cmd () O4 - HKU\S-1-5-18..\RunOnce: [AfterPost] C:\WINDOWS\afterpost.cmd () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O4 - Startup: C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult\VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2000478354-1563985344-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset ) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset ) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.2.46.1 84.2.44.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.23 20:37:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3acm - ac3acm.acm File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point (56027075282206720) ========== Files/Folders - Created Within 30 Days ========== [2010.07.08 18:33:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe [2010.07.08 17:42:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.07.08 16:54:51 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.07.08 16:52:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.07.08 16:52:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.07.08 16:52:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.07.08 16:52:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.07.08 16:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.07.08 16:50:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.07.08 16:48:20 | 004,626,664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Rendszergazda\Asztal\WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe [2010.07.08 16:30:59 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\TFC.exe [2010.07.08 16:17:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Rendszergazda\Asztal\ATF-Cleaner.exe [2010.07.08 15:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Application Data\Malwarebytes [2010.07.08 15:08:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.08 15:08:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.08 15:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.07.08 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.08 15:06:46 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rendszergazda\Asztal\mbam-setup.exe [2010.07.08 11:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.07.08 11:41:28 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.07 22:40:34 | 000,000,000 | ---D | C] -- C:\Kegyetlen játékok 2.(Cruel Intentions 2., 2001) [2010.07.07 00:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Dokumentumok\indul a buli 2 [2010.07.03 11:55:27 | 000,000,000 | ---D | C] -- C:\glandyr 22 [2010.07.03 09:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Index - Kultúr - Larry King szögre akasztja a nadrágtartót_elemei [2010.06.29 14:04:27 | 000,000,000 | ---D | C] -- C:\mbudai [2010.06.25 11:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Dokumentumok\090706_mire_figyeljunk_kulso_hdd_vasarlasakor_elemei [2010.06.25 07:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.06.21 00:49:11 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\System32\B4FM.dll [2010.06.21 00:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Burn4Free [2010.06.14 18:06:07 | 000,000,000 | ---D | C] -- C:\aok3 [2010.06.13 17:30:12 | 000,000,000 | ---D | C] -- C:\fph mappa [2010.06.12 00:06:25 | 000,000,000 | ---D | C] -- C:\bilingual probe [2010.06.11 21:52:48 | 000,000,000 | ---D | C] -- C:\ita [2010.06.11 02:20:30 | 000,000,000 | ---D | C] -- C:\Srácok [2010.06.09 02:19:46 | 000,000,000 | ---D | C] -- C:\asianforumer [2010.06.09 02:11:25 | 000,000,000 | ---D | C] -- C:\FRP ========== Files - Modified Within 30 Days ========== [2010.07.08 18:33:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTL.exe [2010.07.08 17:44:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.08 17:44:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.08 17:43:55 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\.zreglib [2010.07.08 17:43:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.07.08 17:43:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.08 17:43:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.08 17:42:59 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Rendszergazda\NTUSER.DAT [2010.07.08 17:42:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rendszergazda\ntuser.ini [2010.07.08 17:04:04 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Safari.lnk [2010.07.08 16:54:59 | 000,000,290 | RHS- | M] () -- C:\boot.ini [2010.07.08 16:48:30 | 004,626,664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rendszergazda\Asztal\WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe [2010.07.08 16:37:13 | 003,728,433 | R--- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\ComboFix.exe [2010.07.08 16:31:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\TFC.exe [2010.07.08 16:17:26 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Rendszergazda\Asztal\ATF-Cleaner.exe [2010.07.08 15:08:32 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2010.07.08 15:07:46 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rendszergazda\Asztal\mbam-setup.exe [2010.07.08 13:30:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.08 11:40:33 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\RSIT.exe [2010.07.07 23:26:57 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.03 09:46:32 | 000,059,135 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Index - Kultúr - Larry King szögre akasztja a nadrágtartót.htm [2010.07.02 08:52:16 | 000,196,686 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\helyes cimzes.pdf [2010.07.01 06:58:41 | 000,914,552 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Felhasznaloi_kezikonyv_DirektNet_lakossagi_ugyfelek.pdf [2010.06.29 20:17:21 | 000,154,219 | ---- | M] () -- C:\biling_sample.rar [2010.06.26 21:04:49 | 000,855,272 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\362039 UEFA newsfiles.pdf [2010.06.26 06:42:13 | 000,959,562 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Alice nel paese delle meraviglie munkapeldany.rtf [2010.06.25 11:36:06 | 000,059,718 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\090706_mire_figyeljunk_kulso_hdd_vasarlasakor.htm [2010.06.25 04:24:37 | 000,618,953 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Isner–Mahut match at the 2010 Wimbledon Championships - Wikipedia, the free encyclopedia.mht [2010.06.25 04:13:58 | 000,644,410 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Luther évadzáró fejétől bűzlik a hal - commentcom#comments#comments.mht [2010.06.18 05:09:52 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\NYOMTATNI 6-ig.doc [2010.06.18 05:09:31 | 000,271,872 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\NYOMTATNI 8-ig.doc [2010.06.17 00:30:39 | 017,120,619 | ---- | M] () -- C:\MP4 World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].mp4 [2010.06.17 00:27:45 | 023,674,570 | ---- | M] () -- C:\FLV World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].flv [2010.06.14 18:15:51 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini ========== Files Created - No Company Name ========== [2010.07.08 16:54:59 | 000,000,220 | ---- | C] () -- C:\Boot.bak [2010.07.08 16:54:56 | 000,261,376 | ---- | C] () -- C:\cmldr [2010.07.08 16:52:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.07.08 16:52:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.07.08 16:52:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.07.08 16:52:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.07.08 16:52:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.07.08 16:36:18 | 003,728,433 | R--- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\ComboFix.exe [2010.07.08 15:08:32 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes' Anti-Malware.lnk [2010.07.08 11:40:32 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\RSIT.exe [2010.07.03 09:46:26 | 000,059,135 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Index - Kultúr - Larry King szögre akasztja a nadrágtartót.htm [2010.07.02 08:52:16 | 000,196,686 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\helyes cimzes.pdf [2010.07.01 06:58:41 | 000,914,552 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Felhasznaloi_kezikonyv_DirektNet_lakossagi_ugyfelek.pdf [2010.06.29 20:17:18 | 000,154,219 | ---- | C] () -- C:\biling_sample.rar [2010.06.26 21:04:49 | 000,855,272 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\362039 UEFA newsfiles.pdf [2010.06.26 06:13:56 | 000,959,562 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Alice nel paese delle meraviglie munkapeldany.rtf [2010.06.25 11:35:58 | 000,059,718 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\090706_mire_figyeljunk_kulso_hdd_vasarlasakor.htm [2010.06.25 04:24:34 | 000,618,953 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Isner–Mahut match at the 2010 Wimbledon Championships - Wikipedia, the free encyclopedia.mht [2010.06.25 04:13:48 | 000,644,410 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Luther évadzáró fejétől bűzlik a hal - commentcom#comments#comments.mht [2010.06.18 05:09:30 | 000,271,872 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\NYOMTATNI 8-ig.doc [2010.06.18 04:32:23 | 000,266,240 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\NYOMTATNI 6-ig.doc [2010.06.17 00:30:39 | 017,120,619 | ---- | C] () -- C:\MP4 World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].mp4 [2010.06.17 00:27:42 | 023,674,570 | ---- | C] () -- C:\FLV World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].flv [2010.06.01 00:00:06 | 000,000,109 | ---- | C] () -- C:\WINDOWS\WinMekMak.ini [2010.05.11 21:59:20 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.05.11 21:59:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.05.11 21:58:50 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.05.11 21:58:50 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.05.11 21:58:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.05.11 21:58:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.02.25 19:12:04 | 000,068,039 | ---- | C] () -- C:\WINDOWS\HVG2007.ini [2007.04.18 22:16:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.02.25 18:27:01 | 000,000,119 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2007.01.04 16:45:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.02 14:26:16 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll [2006.11.24 16:46:15 | 000,000,365 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2006.11.23 21:29:54 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2006.11.23 21:29:45 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006.11.23 21:29:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006.11.23 21:29:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2006.11.23 21:29:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006.11.23 21:03:58 | 000,003,791 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006.11.23 21:03:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.11.23 20:57:33 | 000,000,388 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.23 20:50:06 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.11.23 20:43:12 | 000,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.11.23 20:43:12 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7661.sys [2006.11.23 20:42:10 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL [2006.11.14 14:00:00 | 000,005,581 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2006.09.25 22:18:08 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.07.17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL ========== LOP Check ========== [2006.11.23 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010.05.11 13:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2006.12.24 10:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2006.11.23 21:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Notepad++ [2006.11.23 21:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\utorrent [2006.12.02 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\ACD Systems [2010.06.01 14:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer [2010.05.11 11:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer Pro [2010.05.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\MorphoLogic [2007.04.14 16:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Notepad++ [2010.05.11 10:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Opera [2010.05.31 22:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Thinstall [2010.07.02 23:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\utorrent [2010.06.01 00:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\verbix2008 [2006.12.24 10:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Zylom ========== Purity Check ========== ========== Custom Scans ========== < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s > "AnyDVD" = "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" -- [2006.09.26 21:25:26 | 000,492,544 | ---- | M] (SlySoft, Inc.) "Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.05.07 10:13:10 | 026,211,624 | R--- | M] (Skype Technologies S.A.) "ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 16:47:52 | 000,015,360 | ---- | M] (Microsoft Corporation) < c:\windows\*.* /U > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > [2006.11.23 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010.05.16 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010.05.11 10:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2010.05.11 10:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2007.03.18 11:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2006.11.24 16:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink [2010.05.11 11:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2006.11.23 20:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2010.07.08 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.05.11 11:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2006.12.23 11:11:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.05.12 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2010.05.11 13:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.05.11 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2007.03.29 07:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2010.05.11 13:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2006.12.24 10:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010.03.04 04:00:34 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe [2010.05.11 11:07:45 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe < %APPDATA%\*. > [2006.12.02 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\ACD Systems [2010.05.11 23:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Adobe [2007.03.12 14:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Ahead [2010.05.11 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Apple Computer [2010.06.01 14:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer [2010.05.11 11:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer Pro [2006.11.23 20:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Corel [2007.03.18 11:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\CyberLink [2006.12.03 12:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Google [2006.12.23 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Help [2006.12.24 10:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Identities [2006.11.23 20:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Macromedia [2010.07.08 15:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Malwarebytes [2010.05.11 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Media Player Classic [2007.04.21 18:48:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft [2010.05.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\MorphoLogic [2010.05.11 10:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Mozilla [2007.04.14 16:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Notepad++ [2010.05.11 10:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Opera [2010.07.08 17:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Skype [2006.12.04 09:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Sun [2010.05.31 22:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Thinstall [2010.06.21 01:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\U3 [2010.07.02 23:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\utorrent [2010.06.01 00:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\verbix2008 [2010.05.11 22:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\WinRAR [2006.12.24 10:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\Zylom < %APPDATA%\*.exe /s > [2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\AC3 Filter\ac3config.exe [2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\AC3 Filter\spdif_test.exe [2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\AC3 Filter\unins000.exe [2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\FFDShow\unins000.exe [2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\Haali media splitter\dsmux.exe [2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\Haali media splitter\gdsmux.exe [2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\Haali media splitter\mkv2vfr.exe [2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\BSplayer\Haali media splitter\uninstall.exe [2006.11.23 20:59:49 | 000,080,896 | R--- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft\Installer\{A16BE761-139E-40D8-826F-F6D077CDFDAD}\IconA16BE761.exe [2006.11.23 20:59:49 | 000,008,704 | R--- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft\Installer\{A16BE761-139E-40D8-826F-F6D077CDFDAD}\IconA16BE7611.exe [2006.11.23 20:42:06 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Rendszergazda\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe < MD5 for: AGP440.SYS > [2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: CHANGER.SYS > [2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys < MD5 for: CRYPTSVC.DLL > [2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll [2004.08.17 16:46:40 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=98EA924C4C1B0EA53393289D64218822 -- C:\WINDOWS\system32\cryptsvc.dll < MD5 for: EVENTLOG.DLL > [2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004.08.17 16:46:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=9BF16BF2A92E9946C034947E45C6FB4E -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.17 16:47:58 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=5BF20DA8E16049C4BE8E15EEE1F427C1 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:12:07 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=6CF1696892BE31A2EC25072A99E2E3FF -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\explorer.exe [2007.06.13 15:23:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=F8ECCBA428D0B2B53E4F2F824A13FA10 -- C:\WINDOWS\system32\DllCache\explorer.exe < MD5 for: HAL.DLL > [2004.08.17 17:02:36 | 018,786,561 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll [2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll < MD5 for: ISAPNP.SYS > [2001.10.26 19:17:40 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\drivers\isapnp.sys [2001.10.26 19:17:40 | 000,036,096 | ---- | M] (Microsoft Corporation) MD5=AE9857353A6D45F101C4496789585C25 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys < MD5 for: LSASS.EXE > [2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\ERDNT\cache\lsass.exe [2004.08.17 16:48:06 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=13C29FBA0388BEF38F06600994FAA2BA -- C:\WINDOWS\system32\lsass.exe < MD5 for: NDIS.SYS > [2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys [2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2004.08.17 16:47:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=38A4E873DEBBA38F1E7E8D9D6AF593D8 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: OLEPRO32.DLL > [2000.06.13 16:50:26 | 000,164,112 | ---- | M] (Microsoft Corporation) MD5=CE0155405EA902797E88B92A78443AEB -- C:\WINDOWS\system32\OLEPRO32.DLL < MD5 for: SCECLI.DLL > [2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\ERDNT\cache\scecli.dll [2004.08.17 16:47:26 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=DE117DA3508ECAAECEA21901DBA31DAB -- C:\WINDOWS\system32\scecli.dll < MD5 for: SMSS.EXE > [2004.08.17 16:48:34 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=06EC350D3932096568FE274AE4F6B57F -- C:\cmdcons\SYSTEM32\SMSS.EXE [2004.08.17 16:48:30 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=6B0B3C8487EA447BDD155FB52222A156 -- C:\WINDOWS\system32\smss.exe < MD5 for: SVCHOST.EXE > [2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\ERDNT\cache\svchost.exe [2004.08.17 16:48:32 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8D9F0F5EBE312A1747D6172205F1B -- C:\WINDOWS\system32\svchost.exe < MD5 for: TCPIP.SYS > [2006.11.14 14:00:00 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=DE891AD282E856ACFD40990094A63B6F -- C:\WINDOWS\system32\drivers\tcpip.sys [2006.11.14 14:00:00 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=DE891AD282E856ACFD40990094A63B6F -- C:\WINDOWS\system32\drivers\tcpip.sys < MD5 for: USERINIT.EXE > [2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\ERDNT\cache\userinit.exe [2004.08.17 16:48:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B722651FB16A7777E885711DB94571DA -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2004.08.17 16:48:36 | 000,504,320 | ---- | M] (Microsoft Corporation) MD5=63E65D180BB0607B7240E700D2F73EAD -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2_32.DLL > [2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll [2004.08.17 16:47:38 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=AF3CC3CB92FB06A47CE979FB9D2CA127 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2006.11.23 20:43:12 | 000,643,072 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys [2006.11.23 20:43:12 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd7661.sys < %systemroot%\System32\config\*.sav > [2006.11.23 21:28:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.11.23 21:28:29 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.11.23 21:28:29 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs < reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c > ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs < %systemroot%\system32\drivers\*.sys /3 > < %systemroot%\system32\*.* /3 > [2010.07.08 17:44:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl < End of report > |
Szerző: | stell [ csüt. júl. 08, 2010 17:29 ] |
Hozzászólás témája: | Re: Imre |
OTL http://oldtimer.geekstogo.com/OTL.exe Tolds le az asztalra: -futtasd -bepipazod -Scan all users. -Lop check. -Purity check. -v sekciiExtra Registry>potyozd be>Use SafeList az ablakjaba Custom Scans/Fixes>tedd a zold textet-klik- Run SCAN -OTL.txt (az asztalon lesz). -Extras.txt [az talcan lesz] mind ketot tedd ide. Kód: netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start tcpip.sys OLEPRO32.DLL eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:23 ] |
Hozzászólás témája: | Re: Imre |
---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-08 17:44 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe >>UNKNOWN [0x823A6EB0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> 0x823a6eb0 \Driver\ACPI -> ACPI.sys @ 0xf8410cb8 \Driver\atapi -> AnyDVD.sys @ 0xf888344a IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004 ParseProcedure -> ntoskrnl.exe @ 0x8056f00e \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004 ParseProcedure -> ntoskrnl.exe @ 0x8056f00e NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82afbc3 PacketIndicateHandler -> NDIS.sys @ 0xf82bbb21 SendHandler -> NDIS.sys @ 0xf82afd33 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\sfc_os.dll - - - - - - - > 'lsass.exe'(636) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(1408) c:\windows\PowerMenuHook.dll c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Eset\nod32krn.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2010-07-08 17:48:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-08 15:47 ComboFix2.txt 2010-07-08 15:03 Pre-Run: 5 140 115 456 bájt szabad Post-Run: 5 073 694 720 bájt szabad - - End Of File - - 1F52CB2FA275852105A6A5D143ACF2D0 |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:14 ] |
Hozzászólás témája: | Re: Imre |
------- Sigcheck ------- [-] 2006-11-14 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2000-06-13 14:50 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\OLEPRO32.DLL . ((((((((((((((((((((((((((((( SnapShot@2010-07-08_15.00.45 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-08 15:43 . 2010-07-08 15:43 16384 c:\windows\temp\Perflib_Perfdata_4ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2006-12-16 08:56 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-09-26 492544] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerMenu"="c:\windows\powermenu.exe" [2002-12-20 57344] "AllSnap"="c:\windows\allsnap.exe" [2006-11-14 81920] "MakeFolder"="c:\windows\makefolder.exe" [2006-11-14 69632] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-11-23 921600] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "AfterPost"="c:\windows\afterpost.cmd" [2006-09-22 1322] c:\documents and settings\Rendszergazda\Start Menu\Programs\Indˇt˘pult\ VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2006-12-16 430080] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006.11.23. 20:43 643072] R2 FARBCopy;FAR Background Copy Service;c:\program files\Far\Plugins\BCopy\bcsvc.exe [2006.11.23. 20:49 38400] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.origo.hu/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Letöltés a FlashGet-tel - c:\progra~1\FlashGet\jc_link.htm IE: Minden letöltése a FlashGet-tel - c:\progra~1\FlashGet\jc_all.htm IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\7nbvva9c.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll foylt. köv. |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:12 ] |
Hozzászólás témája: | Re: Imre |
ComboFix 10-07-07.02 - Rendszergazda 010.07.08. 17:37:22.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.503.220 [GMT 2:00] Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Rendszergazda\Asztal\CFScript.txt AV: NOD32 Antivirus System 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LDISKL -------\Service_ldiskl ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))) . 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Malwarebytes 2010-07-08 13:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-08 13:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 09:41 . 2010-07-08 09:49 -------- d-----w- c:\program files\trend micro 2010-07-08 09:41 . 2010-07-08 09:41 -------- d-----w- C:\rsit 2010-07-07 20:40 . 2010-07-07 21:05 -------- d-----w- C:\Kegyetlen játékok 2.(Cruel Intentions 2., 2001) 2010-07-03 09:55 . 2010-07-03 09:59 -------- d-----w- C:\glandyr 22 2010-06-29 12:04 . 2010-06-29 12:04 -------- d-----w- C:\mbudai 2010-06-25 05:53 . 2010-06-25 05:53 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-20 22:49 . 2009-08-21 10:15 557568 ----a-w- c:\windows\system32\B4FM.dll 2010-06-20 22:49 . 2010-06-20 23:12 -------- d-----w- c:\program files\Burn4Free 2010-06-14 16:06 . 2010-06-17 02:48 -------- d-----w- C:\aok3 2010-06-13 15:30 . 2010-06-13 15:31 -------- d-----w- C:\fph mappa 2010-06-11 22:06 . 2010-06-26 05:07 -------- d-----w- C:\bilingual probe 2010-06-11 19:52 . 2010-06-14 16:52 -------- d-----w- C:\ita 2010-06-11 00:20 . 2010-06-21 00:21 -------- d-----w- C:\Srácok 2010-06-09 00:19 . 2010-06-09 00:52 -------- d-----w- C:\asianforumer 2010-06-09 00:11 . 2010-06-09 00:11 -------- d-----w- C:\FRP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-08 15:44 . 2006-11-23 19:01 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Skype 2010-07-02 21:07 . 2006-11-23 18:59 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\utorrent 2010-06-20 23:34 . 2010-05-11 07:28 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\U3 2010-06-20 20:17 . 2006-11-23 18:53 -------- d-----w- c:\program files\Eset 2010-06-01 12:32 . 2010-05-11 09:21 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\BSplayer 2010-05-31 22:45 . 2010-05-31 22:19 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\verbix2008 2010-05-31 22:19 . 2010-05-31 22:19 -------- d-----w- c:\program files\Common Files\verbix 2010-05-31 20:35 . 2010-05-31 20:35 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Thinstall 2010-05-24 03:28 . 2010-05-24 03:28 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d1fd8ef-n\decora-sse.dll 2010-05-24 03:28 . 2010-05-24 03:28 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d1fd8ef-n\decora-d3d.dll 2010-05-24 03:27 . 2010-05-24 03:27 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\msvcp71.dll 2010-05-24 03:26 . 2010-05-24 03:26 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\jmc.dll 2010-05-24 03:26 . 2010-05-24 03:26 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\msvcr71.dll 2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\SAYISAL 2010-05-12 19:00 . 2010-05-11 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-11 21:46 . 2010-05-11 08:45 -------- d-----w- c:\program files\Opera 2010-05-11 21:06 . 2006-11-23 18:43 -------- d-----w- c:\program files\Common Files\Java 2010-05-11 21:05 . 2010-05-11 19:47 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-11 21:05 . 2006-11-23 18:43 -------- d-----w- c:\program files\Java 2010-05-11 20:24 . 2010-05-11 20:24 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Media Player Classic 2010-05-11 19:59 . 2006-11-23 18:50 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-11 19:49 . 2010-05-11 19:49 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\msvcp71.dll 2010-05-11 19:49 . 2010-05-11 19:49 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\jmc.dll 2010-05-11 19:49 . 2010-05-11 19:49 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-270d80d1-n\decora-d3d.dll 2010-05-11 19:49 . 2010-05-11 19:49 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-270d80d1-n\decora-sse.dll 2010-05-11 19:49 . 2010-05-11 19:49 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\msvcr71.dll 2010-05-11 11:37 . 2010-05-11 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-05-11 11:33 . 2010-05-11 11:33 -------- d-----w- c:\program files\uTorrent 2010-05-11 11:26 . 2010-05-11 11:25 -------- d-----r- c:\program files\Skype 2010-05-11 11:26 . 2010-05-11 11:26 -------- d-----w- c:\program files\Common Files\Skype 2010-05-11 11:25 . 2010-05-11 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-11 09:33 . 2006-11-23 18:50 -------- d-----w- c:\program files\Google 2010-05-11 09:33 . 2006-12-24 08:00 -------- d-----w- c:\program files\Zylom Games 2010-05-11 09:32 . 2006-11-23 18:49 -------- d-----w- c:\program files\Elaborate Bytes 2010-05-11 09:29 . 2010-05-11 09:29 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\MorphoLogic 2010-05-11 09:24 . 2010-05-11 08:46 -------- d-----w- c:\program files\Bonjour 2010-05-11 09:24 . 2010-05-11 09:23 -------- d-----w- c:\program files\Stanza 2010-05-11 09:22 . 2010-05-11 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-11 09:21 . 2010-05-11 09:21 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\BSplayer Pro 2010-05-11 09:21 . 2010-05-11 09:21 -------- d-----w- c:\program files\Webteh 2010-05-11 09:12 . 2010-05-11 09:11 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-11 09:08 . 2010-05-11 09:08 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-11 09:07 . 2010-05-11 09:07 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-05-11 09:05 . 2010-05-11 09:05 -------- d-----w- c:\program files\LizardTech 2010-05-11 09:05 . 2006-11-23 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-11 08:58 . 2010-05-11 08:58 31716 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Apple Computer 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\program files\Safari 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\program files\Common Files\Apple 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\program files\Apple Software Update 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-11 08:37 . 2006-11-23 18:50 -------- d-----w- c:\program files\FlashGet 2010-04-16 18:00 . 2010-05-11 19:58 85504 ----a-w- c:\windows\system32\ff_vfw.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . folyt. köv. |
Szerző: | Kinley [ csüt. júl. 08, 2010 17:11 ] |
Hozzászólás témája: | Re: Imre |
Próba. |
Szerző: | stell [ csüt. júl. 08, 2010 16:33 ] |
Hozzászólás témája: | Re: Imre |
ok,edig ugy csinalod ahogy kell,csak nyugi. Kinyitunk - Notepadot (Jegyzetfüzetet)igy: Start>futtatás>beírod: notepad és bemásolod- a Kód: címszó alatt található zöld textet(Kód: szó nélkül), aztán a notepadba beillesztett textet elmentjük scriptnek az asztalra , úgy:- Fájl>Mentés Másként>Fájlnév>CFScript.txt>Fájl típusa>Minden fájl>Mentés.(Ásztálra),.Kész, az astalon lévő CFScript txt húzzunk rá a ComboFix ikonnyara. Es mostan megcsinalod eztett: A combofix maga elindul es lehet hogy restartol es befejezi a scent.Amit majd ad ted ide. Kód: KILLALL:: Driver:: ldiskl Rootkit:: c:\docume~1\RENDSZ~1\LOCALS~1\Temp\ldiskl.sys RegLock:: [HKEY_USERS\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] srpeek:: c:\windows\system32\drivers\tcpip.sys c:\windows\system32\OLEPRO32.DLL |
Szerző: | Kinley [ csüt. júl. 08, 2010 16:20 ] |
Hozzászólás témája: | Re: Imre |
Na, sikerült. Vagy 15 percig szórakoztam, hogy el tudjam küldeni a log-ot, iszonyú lassú midnen. Plusz most az asztalon két különböző Explorer-ikonom lett, a teljes kék színű meg a sárga csóvás (mindkettőnél 8-as verziószámot állapít meg), nem tudom, miért. |
Szerző: | Kinley [ csüt. júl. 08, 2010 16:17 ] |
Hozzászólás témája: | Re: Imre |
Hát, hiába kapcsoltam ki a NOD-ot, valami nodkernel-es dologra is hivatkozott meg CD-emualting figyelmeztetés is előkerült, de végülis indult, remélem, nem totlam el semmit, itt a log: ComboFix 10-07-07.02 - Rendszergazda 010.07.08. 16:56:18.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.503.261 [GMT 2:00] Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe Command switches used :: c:\documents and settings\Rendszergazda\Asztal\WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe AV: NOD32 Antivirus System 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\hide.exe . ((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))) . 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Malwarebytes 2010-07-08 13:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-08 13:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 13:08 . 2010-07-08 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 09:41 . 2010-07-08 09:49 -------- d-----w- c:\program files\trend micro 2010-07-08 09:41 . 2010-07-08 09:41 -------- d-----w- C:\rsit 2010-07-07 20:40 . 2010-07-07 21:05 -------- d-----w- C:\Kegyetlen játékok 2.(Cruel Intentions 2., 2001) 2010-07-03 09:55 . 2010-07-03 09:59 -------- d-----w- C:\glandyr 22 2010-06-29 12:04 . 2010-06-29 12:04 -------- d-----w- C:\mbudai 2010-06-25 05:53 . 2010-06-25 05:53 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-20 22:49 . 2009-08-21 10:15 557568 ----a-w- c:\windows\system32\B4FM.dll 2010-06-20 22:49 . 2010-06-20 23:12 -------- d-----w- c:\program files\Burn4Free 2010-06-14 16:06 . 2010-06-17 02:48 -------- d-----w- C:\aok3 2010-06-13 15:30 . 2010-06-13 15:31 -------- d-----w- C:\fph mappa 2010-06-11 22:06 . 2010-06-26 05:07 -------- d-----w- C:\bilingual probe 2010-06-11 19:52 . 2010-06-14 16:52 -------- d-----w- C:\ita 2010-06-11 00:20 . 2010-06-21 00:21 -------- d-----w- C:\Srácok 2010-06-09 00:19 . 2010-06-09 00:52 -------- d-----w- C:\asianforumer 2010-06-09 00:11 . 2010-06-09 00:11 -------- d-----w- C:\FRP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-08 14:34 . 2006-11-23 19:01 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Skype 2010-07-02 21:07 . 2006-11-23 18:59 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\utorrent 2010-06-20 23:34 . 2010-05-11 07:28 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\U3 2010-06-20 20:17 . 2006-11-23 18:53 -------- d-----w- c:\program files\Eset 2010-06-01 12:32 . 2010-05-11 09:21 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\BSplayer 2010-05-31 22:45 . 2010-05-31 22:19 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\verbix2008 2010-05-31 22:19 . 2010-05-31 22:19 -------- d-----w- c:\program files\Common Files\verbix 2010-05-31 20:35 . 2010-05-31 20:35 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Thinstall 2010-05-24 03:28 . 2010-05-24 03:28 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d1fd8ef-n\decora-sse.dll 2010-05-24 03:28 . 2010-05-24 03:28 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d1fd8ef-n\decora-d3d.dll 2010-05-24 03:27 . 2010-05-24 03:27 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\msvcp71.dll 2010-05-24 03:26 . 2010-05-24 03:26 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\jmc.dll 2010-05-24 03:26 . 2010-05-24 03:26 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-384db5a9-n\msvcr71.dll 2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\SAYISAL 2010-05-12 19:00 . 2010-05-11 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-11 21:46 . 2010-05-11 08:45 -------- d-----w- c:\program files\Opera 2010-05-11 21:06 . 2006-11-23 18:43 -------- d-----w- c:\program files\Common Files\Java 2010-05-11 21:05 . 2010-05-11 19:47 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-11 21:05 . 2006-11-23 18:43 -------- d-----w- c:\program files\Java 2010-05-11 20:24 . 2010-05-11 20:24 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Media Player Classic 2010-05-11 19:59 . 2006-11-23 18:50 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-11 19:49 . 2010-05-11 19:49 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\msvcp71.dll 2010-05-11 19:49 . 2010-05-11 19:49 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\jmc.dll 2010-05-11 19:49 . 2010-05-11 19:49 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-270d80d1-n\decora-d3d.dll 2010-05-11 19:49 . 2010-05-11 19:49 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-270d80d1-n\decora-sse.dll 2010-05-11 19:49 . 2010-05-11 19:49 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-53f96555-n\msvcr71.dll 2010-05-11 11:37 . 2010-05-11 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-05-11 11:33 . 2010-05-11 11:33 -------- d-----w- c:\program files\uTorrent 2010-05-11 11:26 . 2010-05-11 11:25 -------- d-----r- c:\program files\Skype 2010-05-11 11:26 . 2010-05-11 11:26 -------- d-----w- c:\program files\Common Files\Skype 2010-05-11 11:25 . 2010-05-11 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-11 09:33 . 2006-11-23 18:50 -------- d-----w- c:\program files\Google 2010-05-11 09:33 . 2006-12-24 08:00 -------- d-----w- c:\program files\Zylom Games 2010-05-11 09:32 . 2006-11-23 18:49 -------- d-----w- c:\program files\Elaborate Bytes 2010-05-11 09:29 . 2010-05-11 09:29 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\MorphoLogic 2010-05-11 09:24 . 2010-05-11 08:46 -------- d-----w- c:\program files\Bonjour 2010-05-11 09:24 . 2010-05-11 09:23 -------- d-----w- c:\program files\Stanza 2010-05-11 09:22 . 2010-05-11 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-11 09:21 . 2010-05-11 09:21 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\BSplayer Pro 2010-05-11 09:21 . 2010-05-11 09:21 -------- d-----w- c:\program files\Webteh 2010-05-11 09:12 . 2010-05-11 09:11 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-11 09:08 . 2010-05-11 09:08 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-11 09:07 . 2010-05-11 09:07 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-05-11 09:05 . 2010-05-11 09:05 -------- d-----w- c:\program files\LizardTech 2010-05-11 09:05 . 2006-11-23 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-11 08:58 . 2010-05-11 08:58 31716 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Apple Computer 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\program files\Safari 2010-05-11 08:47 . 2010-05-11 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\program files\Common Files\Apple 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\program files\Apple Software Update 2010-05-11 08:46 . 2010-05-11 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-11 08:37 . 2006-11-23 18:50 -------- d-----w- c:\program files\FlashGet 2010-04-16 18:00 . 2010-05-11 19:58 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ------- Sigcheck ------- [-] 2006-11-14 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2000-06-13 14:50 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\OLEPRO32.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2006-12-16 08:56 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-09-26 492544] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-07 26211624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerMenu"="c:\windows\powermenu.exe" [2002-12-20 57344] "AllSnap"="c:\windows\allsnap.exe" [2006-11-14 81920] "MakeFolder"="c:\windows\makefolder.exe" [2006-11-14 69632] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-11-23 921600] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "AfterPost"="c:\windows\afterpost.cmd" [2006-09-22 1322] c:\documents and settings\Rendszergazda\Start Menu\Programs\Indˇt˘pult\ VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2006-12-16 430080] c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R2 FARBCopy;FAR Background Copy Service;c:\program files\Far\Plugins\BCopy\bcsvc.exe [2006.11.23. 20:49 38400] S3 ldiskl;ldiskl;\??\c:\docume~1\RENDSZ~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\RENDSZ~1\LOCALS~1\Temp\ldiskl.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006.11.23. 20:43 643072] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.origo.hu/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Letöltés a FlashGet-tel - c:\progra~1\FlashGet\jc_link.htm IE: Minden letöltése a FlashGet-tel - c:\progra~1\FlashGet\jc_all.htm IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\7nbvva9c.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll FF - plugin: c:\program files\Opera\program\plugins\npdjvu.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-Run-Personal Security Center Monitor - c:\windows\system32\isc_ui.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-08 17:00 Windows 5.1.2600 Szervizcsomag 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,d0,b7,dd,ad,7c,8a,49,9c,c3,2b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,d0,b7,dd,ad,7c,8a,49,9c,c3,2b,\ [HKEY_USERS\S-1-5-21-2000478354-1563985344-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508) c:\windows\system32\sfc_os.dll - - - - - - - > 'lsass.exe'(564) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Completion time: 2010-07-08 17:03:13 ComboFix-quarantined-files.txt 2010-07-08 15:03 Pre-Run: 5 185 241 088 bájt szabad Post-Run: 5 150 797 824 bájt szabad WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /noexecute=optin /fastdetect - - End Of File - - 38A380CA7B8BA8A52FE1F414FB7D608F |
Szerző: | stell [ csüt. júl. 08, 2010 15:47 ] |
Hozzászólás témája: | Re: Imre |
igen ez igen veszejes Wareout,,ukran szerver,,na meg a combofix-logjat tedd idde. |
Szerző: | Kinley [ csüt. júl. 08, 2010 15:18 ] |
Hozzászólás témája: | Re: Imre |
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Adatbázis verzió: 4052 Windows 5.1.2600 Szervizcsomag 2 Internet Explorer 8.0.6001.18702 2010.07.08. 16:11:10 mbam-log-2010-07-08 (16-11-10).txt Vizsgálat típusa: Teljes vizsgálat (C:\|E:\|) Átvizsgált objektumok: 159488 Eltelt idő: 54 perc, 47 másodperc Fertőzött memóriafolyamatok: 0 Fertőzött memória modulok: 0 Fertőzött Rendszerleíró kulcsok: 1 Fertőzött Rendszerleíró értékek: 1 Fertőzött Rendszerleíró adatelemek: 7 Fertőzött mappák: 0 Fertőzött fájlok: 3 Fertőzött memóriafolyamatok: (Nem találhatók rosszindulatú elemek) Fertőzött memória modulok: (Nem találhatók rosszindulatú elemek) Fertőzött Rendszerleíró kulcsok: HKEY_CLASSES_ROOT\VCLSDCompression.class (Rogue.Installer) -> Quarantined and deleted successfully. Fertőzött Rendszerleíró értékek: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Fertőzött Rendszerleíró adatelemek: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdyup.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.24 85.255.112.84 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00ba9ee8-4c46-41c2-b8d0-b0b2be080fed}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.24,85.255.112.84 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3131ecb7-1b1d-4310-8805-7a09ec32371a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.24,85.255.112.84 -> Quarantined and deleted successfully. Fertőzött mappák: (Nem találhatók rosszindulatú elemek) Fertőzött fájlok: C:\WINDOWS\system32\kdyup.exe (Rootkit.DNSChanger.H) -> Delete on reboot. C:\Downloads\FlashFXP.3.4.0.1140.Full\crack\Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Rendszergazda\Favorites\Free porn videos, fast free porn - pornBB.url (Rogue.Link) -> Quarantined and deleted successfully. -------------- Hmmm...akkor lehet, hogy ezért kapcsolt szét mostanában a netem olyan gyakran? (DNSChanger). Folytatom tovább. |
Szerző: | stell [ csüt. júl. 08, 2010 14:06 ] |
Hozzászólás témája: | Re: Imre |
ok, pontosan csinald azt amit irok,,csak nyugodtan olvasd el mit kell csinalnod,,es minden okes lesz a logokat a malwarebytes es a combifixet tedd ide. Malwarebytes-letolteni-amit talal torolni a logot ide tenni http://virus-stell.blogspot.com/2010/04 ... lware.html Kitisztitod: ATF-TFC-cleaneral: http://virus-stell.blogspot.com/2010/04 ... ztito.html http://www.virus-stell.com/2010/05/temp ... itasa.html http://virus-stell.blogspot.com/2010/04/combofix.html |
Szerző: | Kinley [ csüt. júl. 08, 2010 11:23 ] |
Hozzászólás témája: | Imre |
Szia! Itt a log: Logfile of random's system information tool 1.07 (written by random/random) Run by Rendszergazda at 2010-07-08 11:48:59 Microsoft Windows XP Professional Szervizcsomag 2 System drive C: has 638 MB (2%) free of 30 GB Total RAM: 503 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:49:04, on 2010.07.08. Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\powermenu.exe C:\WINDOWS\allsnap.exe C:\WINDOWS\makefolder.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\far\plugins\bcopy\bcsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Rendszergazda\Asztal\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Rendszergazda.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.origo.hu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP Extended Editon R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [PowerMenu] "C:\WINDOWS\powermenu.exe" -hideself on O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe" O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-19\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'HELYI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-20\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'HÁLÓZATI SZOLGÁLTATÁS') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [AfterPost] "C:\WINDOWS\afterpost.cmd" (User 'Default user') O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Letöltés a FlashGet-tel - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Minden letöltése a FlashGet-tel - C:\PROGRA~1\FlashGet\jc_all.htm O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{00BA9EE8-4C46-41C2-B8D0-B0B2BE080FED}: NameServer = 85.255.116.24,85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{00BA9EE8-4C46-41C2-B8D0-B0B2BE080FED}: NameServer = 85.255.116.24,85.255.112.84 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84 O17 - HKLM\System\CS2\Services\Tcpip\..\{00BA9EE8-4C46-41C2-B8D0-B0B2BE080FED}: NameServer = 85.255.116.24,85.255.112.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui előbetöltője - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Komponenskategóriák gyorsítótárazási szolgáltatása - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Logikai lemezkezelő felügyeleti szolgáltatás (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Eseménynapló (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FAR Background Copy Service (FARBCopy) - Unknown owner - C:\Program Files\far\plugins\bcopy\bcsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-égető COM-szolgáltatás (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetMeeting távoli asztalmegosztás (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Távoli asztal súgó-munkamenetének kezelője (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Intelligens kártya (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Teljesítménynaplók és riasztások (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Kötet árnyékmásolata (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI teljesítményadapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 9454 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-11 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PowerMenu"=C:\WINDOWS\powermenu.exe [2002-12-20 57344] "AllSnap"=C:\WINDOWS\allsnap.exe [2006-11-14 81920] "MakeFolder"=C:\WINDOWS\makefolder.exe [2006-11-14 69632] "nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-11-23 921600] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304] "Personal Security Center Monitor"=C:\WINDOWS\system32\isc_ui.exe [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2006-09-26 492544] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-07 26211624] C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Rendszergazda\Start Menu\Programs\Indítópult VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "system"=C:\WINDOWS\system32\kdyup.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSharedDocuments"=1 "NoStrCmpLogical"=1 "ForceCopyAclwithFile"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceClassicControlPanel"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c00d79f2-5cce-11df-93ac-00138fbba940}] shell\AutoRun\command - G:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2010-07-08 11:41:33 ----D---- C:\Program Files\trend micro 2010-07-08 11:41:28 ----D---- C:\rsit 2010-07-07 22:40:34 ----D---- C:\Kegyetlen játékok 2.(Cruel Intentions 2., 2001) 2010-07-03 11:55:27 ----D---- C:\glandyr 22 2010-06-29 14:04:27 ----D---- C:\mbudai 2010-06-25 07:53:32 ----D---- C:\Program Files\Microsoft Silverlight 2010-06-21 00:49:11 ----A---- C:\WINDOWS\system32\B4FM.dll 2010-06-21 00:49:07 ----D---- C:\Program Files\Burn4Free 2010-06-17 00:30:39 ----A---- C:\MP4 World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].mp4 2010-06-17 00:27:42 ----A---- C:\FLV World Cup South Africa 2010 Unnoficial Song _) [www.keepvid.com].flv 2010-06-14 18:06:07 ----D---- C:\aok3 2010-06-13 17:30:12 ----D---- C:\fph mappa 2010-06-12 00:06:25 ----D---- C:\bilingual probe 2010-06-11 21:52:48 ----D---- C:\ita 2010-06-11 02:20:30 ----D---- C:\Srácok 2010-06-09 02:19:46 ----D---- C:\asianforumer 2010-06-09 02:11:25 ----D---- C:\FRP ======List of files/folders modified in the last 1 months====== 2010-07-08 11:41:33 ----RD---- C:\Program Files 2010-07-08 09:23:27 ----A---- C:\WINDOWS\NeroDigital.ini 2010-07-07 21:06:11 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-07 10:03:25 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\Skype 2010-07-07 09:51:04 ----D---- C:\WINDOWS\Temp 2010-07-07 01:23:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-03 11:33:06 ----D---- C:\WINDOWS\Prefetch 2010-07-02 23:07:06 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\utorrent 2010-06-30 04:03:39 ----D---- C:\xman 2010-06-27 10:15:07 ----D---- C:\Program Files\Mozilla Firefox 2010-06-25 07:53:36 ----SHD---- C:\WINDOWS\Installer 2010-06-25 07:52:45 ----D---- C:\Downloads 2010-06-21 01:34:48 ----D---- C:\Documents and Settings\Rendszergazda\Application Data\U3 2010-06-21 00:49:11 ----D---- C:\WINDOWS\system32 2010-06-20 22:17:11 ----D---- C:\Program Files\Eset 2010-06-11 17:22:02 ----D---- C:\szpü3 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel processzor illesztőprogramja; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 40320] R1 WS2IFSL;Windows Socket 2.0 - nem IFS-t szolgáltató támogatási környezet; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-26 12032] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-09-24 20096] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-11-23 10368] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 usbehci;Microsoft USB 2.0 bővített állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2-engedélyezett hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB univerzális állomásvezérlő miniport illesztőprogramja; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 kbdhid;Billentyűzet HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-11-23 223128] S3 HidUsb;Microsoft HID osztályú illesztőprogram; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 ldiskl;ldiskl; \??\C:\DOCUME~1\RENDSZ~1\LOCALS~1\Temp\ldiskl.sys [] S3 mouhid;Egér HID-illesztőprogram; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 rtl8139;Realtek RTL8139(A/B/C) alapú PCI gyors Ethernet-adapter NT illesztőprogramja; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 usbccgp;Microsoft USB általános szülő-illesztőprogram; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB PRINTER osztály; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;USB háttértár illesztőprogramja; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376] R2 FARBCopy;FAR Background Copy Service; C:\Program Files\far\plugins\bcopy\bcsvc.exe [2004-04-01 38400] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-11 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-11-14 322120] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-11-23 507904] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-11-14 89136] S3 UMWdf;Windows felhasználói módú illesztőprogram-keretrendszer; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 usnjsvc;Messenger megosztási mappák – USN-naplóolvasó szolgáltatás; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- |
Oldal: 2 / 2 | Időzóna: UTC + 1 óra |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |