Itt van
ComboFix 09-12-04.04 - Mihály Vida 009.12.05. 12:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1038.18.502.145 [GMT 1:00]
Running from: C:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1166723913-901626932-1501408609-1003
c:\recycler\S-1-5-21-3526681640-176320541-1898491167-1003
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 11:10 . 2009-12-05 11:07 3580660 ----a-r- C:\ComboFix.exe
2009-11-21 17:24 . 2009-11-21 17:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 17:18 . 2009-11-21 17:18 -------- d-----w- c:\program files\Common Files\Skype
2009-11-21 17:18 . 2009-11-21 17:19 -------- d-----r- c:\program files\Skype
2009-11-21 17:18 . 2009-11-21 17:18 -------- d-----w- c:\documents and settings\
All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 11:19 . 2009-09-14 04:21 0 ----a-w- c:\program files\dll.dll
2009-12-05 11:19 . 2008-07-14 21:25 0 ----a-w- c:\program files\readytasks2.ini
2009-11-27 18:49 . 2009-10-02 14:58 -------- d-----w- c:\program files\DriverGuide Toolkit
2009-11-10 14:00 . 2005-09-13 10:50 448000 ----a-w- c:\windows\system32\perfh00E.dat
2009-11-10 14:00 . 2005-09-13 10:50 100470 ----a-w- c:\windows\system32\perfc00E.dat
2009-10-06 13:52 . 2009-10-04 20:49 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2008-01-29 22:21 . 2008-01-29 22:21 66744 ----a-w- c:\program files\nk2.exe
2007-12-25 19:44 . 2007-12-22 09:13 250 ----a-w- c:\program files\vida nora egylapos.jpg
2007-12-23 20:52 . 2007-12-23 20:44 6583976 ----a-w- c:\program files\Opera_9.25_International_Setup.exe
2007-12-22 10:59 . 2007-12-22 10:59 337554 ----a-w- c:\program files\vida_nora_egylapos.jpg
2007-12-13 07:32 . 2007-12-13 07:32 14855 ----a-w- c:\program files\bavariaboutique__5_.jpg
2007-12-04 22:08 . 2007-11-03 22:56 559616 ----a-w- c:\program files\nk.exe
2007-11-03 23:14 . 2007-11-03 23:14 46 ----a-w- c:\program files\font.ini
2007-11-03 22:56 . 2007-11-03 22:56 634 ----a-w- c:\program files\readme.txt
2007-11-03 22:56 . 2007-11-03 22:56 1960963 ----a-w- c:\program files\szavak.db
2007-11-03 22:56 . 2007-11-03 22:56 91136 ----a-w- c:\program files\uninstall.exe
2007-11-03 22:56 . 2007-11-03 22:56 543232 ----a-w- c:\program files\mesz.exe
2007-10-02 21:36 . 2007-10-02 21:21 13411824 ----a-w- c:\program files\Google_Earth_BZXV.exe
2007-07-24 18:23 . 2007-07-24 18:23 303123 ----a-w- c:\program files\NOD32.FiX.v2.1-nsane.exe
2007-07-22 19:54 . 2007-07-22 19:47 6572680 ----a-w- c:\program files\Opera_9.22_International_Setup.exe
2007-07-04 13:55 . 2007-04-27 19:31 12090976 ----a-w- c:\program files\nenthust.exe
2007-06-25 20:53 . 2007-06-25 20:52 866429 ----a-w- c:\program files\boot98.exe
2007-05-23 14:41 . 2007-05-23 14:33 6571920 ----a-w- c:\program files\Opera_9.21_International_Setup.exe
2007-05-12 19:58 . 2007-05-12 19:37 13801120 ----a-w- c:\program files\jre-6u1-windows-i586-p-s.exe
2007-05-04 19:47 . 2007-05-04 19:46 6561496 ----a-w- c:\program files\Opera_9.20_International_Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
\CurrentVersion\Run]
"mesz_nk"="c:\program files\nk.exe nk_00008659" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 68856]
"Google Update"="c:\documents and settings\Mihály Vida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-16 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-20 126976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-02 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-05-28 2059776]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Reader gyorsindˇt˘.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 20:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VateraPST2\\vateraPST.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009.08.05. 15:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009.08.05. 15:06 74480]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008.05.28. 12:11 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009.08.05. 15:06 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-04-06 c:\windows\Tasks\VateraPST2 Updates.job
- c:\windows\Installer\VateraPST2 Updates for All Users.lnk [2009-04-06 07:53]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.kapu.hu/
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL =
hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint – Gyors nyomtatás - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint – Hozzáadás a nyomtatási listához - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint – Nyomtatás - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint – Nyomtatási kép - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
FF - ProfilePath - c:\documents and settings\Mihály Vida\Application Data\Mozilla\Firefox\Profiles\prz0bbji.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DriverMax - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-VateraPST2 - c:\documents and settings\All Users\Application Data\{51D491BA-CA13-4383-832E-E18DBE6F7933}\VateraPSTinstall.exe REMOVE=TRUE MODIFY=FALSE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-12-05 12:32
Windows 5.1.2600 Szervizcsomag 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\
CurrentVersion\System*]
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-05 12:36
ComboFix-quarantined-files.txt 2009-12-05 11:36
Pre-Run: 24 325 373 952 bájt szabad
Post-Run: 24 335 974 400 bájt szabad
- - End Of File - - 5AC49CDD4FA14211A01624D576676C72
"